HHS Announces New Round of 2014 HIPAA Compliance Audits: Are You Ready?

March 25, 2014 at 9:18 am | Posted in Compliance, Federal Laws, Health and Human Services, Health Care, HIPAA, Medical, Regulations | Leave a comment
Tags: , , , , , ,

Last month, the HHS Office of Civil Rights (OCR) announced that there will be a more vigorous HIPAA audit effort in 2014 of HIPAA covered entities, including health plans, and their business associates. Speaking at a February 24th health care technology conference, Susan McAndrew, OCR deputy director for health information privacy said: “Hopefully in coming months you’ll see actual activity that will start up on the audit process.” OCR soon will launch a survey of 1,200 organizations as a first step toward selecting those to be audited. McAndrew also stated that the organizations to be surveyed were selected from “a large database,” and the survey seeks to verify if the entity is a suitable candidate for a HIPAA audit.

In a February 24th notice published in the Federal Register, OCR announced that it will survey “up to 1,200 HIPAA covered entities, including health plans, healthcare clearinghouses and certain healthcare providers, and business associates, to determine suitability for the OCR HIPAA audit program.” According to the notice, the survey “will gather information about respondents to enable OCR to assess the size, complexity and fitness of a respondent for an audit.” An OCR spokesperson says the survey will target approximately 800 covered entities and 400 business associates.

If you have not done so already, at a minimum, a plan sponsor should start to self assess: (1) whether it is a HIPAA covered entity; (2) whether it receives protected health information (PHI); and (3) assuming it receives PHI, has it taken timely and reasonable steps to secure the PHI in a manner consistent with HIPAA’s regulations?

Happy 40th Birthday, ERISA!

March 7, 2014 at 1:00 pm | Posted in Compliance, Department of Labor, ERISA, Federal Laws, Regulations | Leave a comment
Tags: , ,

Protections for employee benefits moved forward 40 years ago this week with the March 4, 1974, Senate passage of the Employee Retirement Income Security Act. While it would be nearly six months until President Gerald Ford signed ERISA into law in September of that year, the bill marks congressional recognition of the sanctity of retirement, health care, and other employee benefits. ERISA also calls for the DOL to play the role of chief regulator and enforcer of the new protections. The DOL’s divisions…the Employee Benefits Security Administration…performs that important task.

ACA Exchange Enrollment Hits 4 Million

February 26, 2014 at 2:09 pm | Posted in Affordable Care Act, Compliance, Health and Human Services, Health Care, Health Insurance Exchanges, Health Insurance Marketplace, Medical, PPACA, Regulations | Leave a comment
Tags: , , , , , , , , , , , , , , ,

HHS announced Tuesday that approximately 4 million Americans have enrolled through the end of January for coverage through the Affordable Care Act Exchanges. A full enrollment report for February will be released in mid-March.

“With individuals and families enrolling in coverage every day, we continue to see strong demand nationwide from consumers who want access to quality, affordable coverage,” Centers for Medicare & Medicaid Services administrator Marilyn Tavenner wrote in a blog post Tuesday. “Our outreach efforts are in full force with community partners and local officials participating in hundreds of events each week and enrollment assistors are helping more and more people enroll in coverage,” she continued.

Only five weeks remain in the open enrollment period.

Additional Delay in Discrimination Testing for Fully Insured Plans Reported

January 20, 2014 at 10:17 am | Posted in Compliance, Employment Law, Federal Laws, IRS, Regulations | Leave a comment
Tags: , , ,

According to the New York Times, the IRS will further delay the issuance of regulations that prohibit discrimination of eligibility or benefits “in favor of highly compensated individuals” in fully insured health plans.

Since the IRS has not yet determined how to measure health benefits — or which well-paid employees would be considered “highly compensated” — they plan to hold off on penalties, which are set at $100 per day for each employee negatively impacted. Similar discrimination regulations have been in place for self insured employers for more than 30 years.

“The IRS has not announced any new or additional information on this issue,” IRS spokesperson Michelle Eldridge said in a statement. “The New York Times story refers to IRS Notice 2011-1, which was released to the press on December 22, 2010. That Notice stated that the sanctions under Public Health Service Act Section 2716 will not apply until after generally applicable guidance is issued, because the statute requires regulatory detail in order to operate properly.”

“Work on that guidance continues, taking into consideration comments received from the public. Any suggestion that there is a new delay is misleading,” Eldridge said.

Dermatology Clinic Pays $150,000 HIPAA Fine for Lost Thumb Drive with Unencrypted Patient Information

December 30, 2013 at 10:26 am | Posted in Compliance, ePHI, Federal Laws, Health and Human Services, Health Care, HIPAA, Regulations | Leave a comment
Tags: , , , , , , , , , , , ,

The HHS Office of Civil Rights (OCR) reports that a Concord, MA, dermatology clinic has agreed to pay a $150,000 fine as a settlement of  alleged violations of HIPAA privacy, security, and breach notification provisions. OCR announced that: “This case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA).” The clinic lost, and never recovered, an unencrypted thumb drive with protected health information for approximately 2,200 patients.

The OCR investigation concluded that the clinic did not (1) conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process; and (2) did not fully comply with requirements of the breach notification rule to have in place written policies and procedures and train workforce members. In addition to paying the $150,000 fine, the clinic also agreed to create a corrective action plan consisting of a risk analysis and risk management components to address and mitigate any additional potential security risks and vulnerabilities.

The resolution agreement and press release can be found on the OCR website at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/apderm-agreement.html

U.S. Supreme Court to Address Constitutionality of Affordable Care Act’s Contraception Mandate On Private Employers

November 26, 2013 at 1:04 pm | Posted in Affordable Care Act, Compliance, Creditable Coverage, Essential Health Benefits, Federal Laws, Health Care, Medical, PPACA, Regulations, Wellness | Leave a comment
Tags: , , , , , , , , , , , , , , ,

The Supreme Court announced today that it will accept for hearing and decision the constitutional challenge to the Affordable Care Act’s (ACA) contraception mandate as it applies to private employers who have a religious objection to the mandate. The contraception mandate is part of one of the ten required health essential benefits (women’s preventive health services) required of health plans under ACA.

There is currently a disagreement among the federal Circuit Courts of Appeals as to its constitutionality. It is reported that the hearing will be this spring.

DOL Affordable Care Act Compliance Assistance Webcasts Available to Public

November 22, 2013 at 10:50 am | Posted in Affordable Care Act, Compliance, Department of Labor, Federal Laws, Health and Human Services, Health Care, Health Insurance Exchanges, Health Insurance Marketplace, Medical, PPACA, Regulations | Leave a comment
Tags: , , , , , , , , , , , , , , , ,

On November 20, DOL Assistant Secretary for Employee Benefits Security (EBSA) Phyllis C. Borzi testified on the Affordable Care Act implementation before the Senate Entrepreneurship and Small Business Committee. Borzi joined fellow officials from the Department of Health and Human Services and Small Business Administration in updating the Committee on efforts being made to reach employers with information about the law. She said that the current focus of the DOL was to assist with compliance as opposed to penalize for non compliance.

Among other things, Borzi also advised the Committee that (1) the EBSA Compliance Assistance toll free phone line (1-866-444-EBSA) was heavily utilized (47,000 inquiries) and EBSA staff was responding to calls from brokers, consumers, and business owners; (2) The EBSA Compliance Assistance webpage, which catalogs and updates all of the new compliance requirements, had registered over 1.5 million visitors in the past year; and (3) the EBSA had made its webcast titled “Complying With the Affordable Care Act” available to the public.

A link to the archived webcast is here:

Regulatory Green Light, Red Light! President Obama “Allows” Health Insurers Discretion to Reinstate, Upon Request, Individual Coverage Not Compliant with ACA Essential Benefits Requirements

November 18, 2013 at 9:15 am | Posted in Affordable Care Act, Compliance, Essential Health Benefits, Health and Human Services, Health Care, Health Insurance Exchanges, Health Insurance Marketplace, Medical, PPACA, Regulations | Leave a comment
Tags: , , , , , , , , , , , , , ,

President Obama held a brief news conference Thursday, November 14, where he announced that his administration would “allow” health insurance companies, without any legislative amendment to the Affordable Care Act (ACA) to reinstate, at a consumer’s request, individual health insurance earlier cancelled this year. However, insurers will be required to educate individual policyholders that they should first explore whether they could get a better plan from healthcare.gov before asking for their cancelled coverage to be reinstated. As of November 14, there were no regulations or legislative amendments that allow for the remedy. However, HHS and CMS sent out a letter to health insurers telling they “may” do so. Apparently what the President is doing is putting the onus on the health insurance industry to make the change voluntarily so the legislative process can be avoided.

The Hill publication reports that Karen Ignagni, president of America’s Health Insurance Plans (AHIP), said the administration’s move could damage the insurance market.

“The only reason consumers are getting notices about their current coverage changing is because [ObamaCare] requires all policies to cover a broad range of benefits that go beyond what many people choose to purchase today,” Ignagni said in a statement.

“Changing the rules after health plans have already met the requirements of the law could destabilize the market and result in higher premiums for consumers.”

Only time will tell what actually happens.

A link to the letter from HHS/CMS is at

The Supreme Court and the Affordable Care Act: Is Round Two on the Horizon?

August 15, 2013 at 12:08 pm | Posted in Affordable Care Act, Federal Appeals Court, Health Care, Medical, PPACA | Leave a comment
Tags: , , , , , , , , , ,

In Contestoga v. Sebelious, HHS, the plaintiffs – practicing Mennonites who own a private business employing 900 people – have announced they will appeal a recent loss before a three-judge panel of the 3rd Circuit Court of Appeals.

The plaintiffs had claimed that the contraception mandate under the Affordable Care Act, which requires the inclusion of birth control in employees’ healthcare plans, created a significant burden on their religious beliefs. The 3rd Circuit ruled that the ACA contraception requirement applies to corporations and not to the people who own them. Consequently, the owners could not sue based on their personal religious objections to birth control.

In the interim, the corporation is providing contraception coverage because it could not afford the potential penalty exposure: $95,000.

CMS Issues Guidance Clarifying Policy on Income Verification by Health Exchanges: Federal Exchanges Provide Full Income Verification; State Exchanges May Use Relaxed Verification

August 12, 2013 at 12:32 pm | Posted in Affordable Care Act, CMS, Federal Laws, Health Care, Health Insurance Exchanges, Health Insurance Marketplace, Medical, PPACA, Regulations | Leave a comment
Tags: , , , , , , , , , , , , , ,

From the Wednesday, August 7, 2013, Bloomberg News

The Centers for Medicare & Medicaid Services released guidance Aug. 5 clarifying the circumstances in which state-based health insurance marketplaces would be allowed to accept less than full income verification from consumers applying for federal subsidies to help them purchase health coverage.

In the two-page guidance, presented in a “Frequently-Asked-Questions” format, CMS said the marketplaces, or exchanges, “would always use data from tax filings and Social Security data to verify household income information provided on an application, and in many cases, will also use current wage information that is available electronically.”

CMS said exchanges would be permitted to bypass certain income verification requirements only during 2014 — the first year exchanges will begin operation — and only in limited circumstances, which it went on to specify.

Final Rule Sparks Controversy

The guidance follows CMS’s release in July of a comprehensive final rule (CMS 2334-F) covering exchange eligibility determinations. Among other things, the rule said exchanges would not need to verify household income in every case where an applicant’s self-reported income had dropped by more than 10 percent below the most recent data available from the Internal Revenue Service (130 HCDR, 7/8/13).

In those circumstances, CMS said it would allow exchanges to require follow-up verification from a “statistically significant sample” of applicants who were unable to provide the initial verification information.

The July announcement triggered concerns that CMS was opening the door to fraud by allowing applicants for federal subsidies — also known as “premium tax credits” — to “self attest” as to their income eligibility.

At an Aug. 1 hearing of the House Ways and Means Committee, Rep. Dave Camp (R-Mich.), the committee’s chairman, questioned whether IRS could effectively monitor premium tax credit payouts under the self-attestation and sampling procedures established by CMS in the final rule (149 HCDR, 8/2/13).

No Exceptions on Federal Exchange

In the Aug. 5 guidance, CMS clarified that exceptions to the full income verification requirements would apply only to exchanges operated in the 16 states and District of Columbia that have opted to build and operate their own exchanges.

In the 34 states not building their own exchanges — where the so-called federally facilitated exchange will operate — CMS said it will require full income verification in all instances. “Since publication of the final rule, we have ascertained that there are sufficient resources to ask every individual in this circumstance for such documentation with no exceptions,” the CMS guidance said.

Verification Process Explained

In explaining how income verification would be handled on the exchanges, the CMS guidance said information provided by an applicant would first be checked against information from the IRS and Social Security Administration.

If IRS and SSA are unable to verify the income data provided, then the information will be compared with wage information from employers provided to the exchanges by Equifax, a credit-reporting and income database firm.

If Equifax is not able to substantiate the applicant’s income information, the exchange must request an explanation or additional documentation, according to the guidance.

After requesting the additional documentation, if the applicant meets all other eligibility requirements for premium tax credits, the exchange will provide premium tax credits or other cost-sharing reductions for 90 days.

If the applicant fails to provide the additional documentation within the specified time frame, the exchange will determine eligibility based on the most recent IRS and SSA data available. If the data are unavailable, then the exchange will discontinue any advance payments of the premium tax credits, the guidance said.

Limited Exception to Requirements

CMS said “for 2014 only,” it will permit state-based exchanges (not the federally facilitated exchange) to bypass the full income verification requirements when all the following factors exist:

  • the exchange has income information from the IRS;
  • the applicant reports projected annual household income more than 10 percent below the most recent data available from IRS and SSA;
  • Equifax data from an employer is unavailable; and
  • the applicant does not provide a reasonable explanation for the inconsistency between what he or she reported and IRS and SSA data.

“In all other cases in which the data submitted by the individual cannot be verified using IRS and SSA data or Equifax data, and the individual does not provide a reasonable explanation for any discrepancy … the marketplace must request additional documentation,” the guidance said.

It emphasized that applicants must attest, under penalty of perjury, that they are not providing false or fraudulent information to the exchange. The guidance also noted that IRS will require repayment of tax credits if an applicant’s income for the year following receipt of the credit shows the applicant is not eligible.

Next Page »

Blog at WordPress.com.
Entries and comments feeds.