Primary PhysicianCare monitors all laws and legislative ruling that effect self-funded ERISA plans, and provides full compliance services for meeting these requirements. From plan document language, to HIPAA privacy compliance, to required notifications, we provide our clients with full compliance support. Below are recent compliance changes affecting health plans, and review of required notifications.

View quarterly Compliance Updates

Compliance Changes Required in 2009 or 2010

1. Mental Health Parity Act
For plan years beginning after October 3, 2009 (the later of January 1, 2010 or expiration of the governing collective bargaining agreement in force on October 3, 2008 for collectively bargained plans), a group health plan that provides mental health and substance abuse benefits cannot impose special caps or limits on benefits related to mental health treatment or substance use disorders.

Treatment limits and cost sharing, including deductibles, co-pays, co-insurance and out-of-pocket expenses, cannot be more restrictive than the most common or frequent rules that apply to substantially all medical and surgical benefits provided under the plan. If a plan offers out of network benefits for medical and surgical coverage, out of network benefits must also be offered for mental health and substance disorders.

A plan may not be required to comply with the new requirements if the plan complies for the first six months of a plan year and the increase in cost exceeds 2% of plan costs for the first year or 1% in subsequent years.

2. Michelle’s Law
In plan years beginning after October 9, 2009 (January 1, 2010 for calendar year plans), a group health plan cannot terminate coverage for a dependent college student on account of loss of full-time student status due to a medically necessary leave of absence for up to one year. The plan must furnish information about Michelle’s Law in any notice regarding certification of student status required for continued coverage under the plan.

3. CHIP Reauthorization Act
Employees and dependents who become eligible or cease to be eligible for premium assistance for Medicaid or a state’s Children’s Health Insurance Program (“CHIP”) have special enrollment rights under group health plans subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), effective April 1, 2009. Employees must request coverage within 60 days of becoming eligible for the premium assistance. The plan document, summary plan description (“SPD”) and
enrollment materials should be amended to reflect these rules. Following publication of a model notice by the U.S. Department of Labor, employers will also be required to provide annual notice to employees regarding the assistance available and how to apply for it.

4. GINA
The Genetic Information Nondiscrimination Act of 2008 (“GINA”) prohibits employee group health plans and insurance companies in the group market from discriminating on the basis of genetic information. Genetic information includes information about manifestation of a disease or disorder in a family in addition to information about genetic tests. For plan years beginning after May 21, 2009, genetic information cannot be requested, required or purchased for underwriting purposes or before
enrollment, participants and covered dependents cannot be required to undergo a genetic test, and genetic information cannot be used to adjust premiums or contributions for the group. However, a plan is permitted to use the minimum necessary amount of genetic testing results to make a determination about claim payment.

5. HEART Act
Pursuant to the Heroes Earnings Assistance and Relief Tax Act of 2008 (“HEART”), a cafeteria plan or health flexible spending arrangement may now permit a reservist called to active military duty for at least 180 days or an indefinite term to receive distribution of the balance to the credit of the reservist’s account. Distribution must occur by the end of the grace period for reimbursement of expenses incurred during the plan year of the call to active duty. If a plan permits or intends to permit
these distributions it must be amended. Retroactive amendments are permitted through December 31, 2009 with respect to reservists called to active duty on or after June 18, 2008, so long as the request for withdrawal occurs within the grace period for the plan year in which the call to active duty occurred. Prospectively effective amendments are permitted at any time.

6. HITECH Act
The Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”) contains
new rules for protection of personal health information held by providers, plans and other covered
entities. Changes which may affect plans include:

• Notice of Breach. Effective September 18, 2009, HITECH requires group health plans to provide detailed notice to affected participants and covered dependents of unauthorized acquisition, access, use or disclosure of their unsecured protected health information (“PHI”) by the plan or a business associate. If 500 or more people are affected, the plan is required to give immediate notice to the media and the Department of Health and Human Services (“HHS”), which will post notice of the breach on its website. In addition, plans must provide HHS with annual reports of all of their breaches each year, no matter the number.
The new notice requirements will not apply if the plan or business associate uses an approved method of making the PHI unusable, unreadable or indecipherable to unauthorized persons. Methods approved for this purpose include existing procedures for de-identification and encryption under HIPAA, physical destruction of hard copy and electronic media by means of shredding or physical destruction that prevents reading or reconstruction of the PHI, and clearance, purging or destruction of electronic media in compliance with standards to be made final in regulations. As before, the new disclosure requirements do not preempt state law standards that are more protective of individuals whose personal information is disclosed inappropriately.

• New Obligations of Business Associates. Beginning on February 17, 2010, a plan’s business associates are directly responsible for their own compliance with HIPAA’s privacy and security requirements, they are required to provide the plan with notice of their own breach, and they are subject to the new enforcement provisions described below, in contrast to the prior rule which required only a contractual obligation to the plan. A group health plan’s business associate agreements must be amended to reflect these changes after HHS issues new regulations.

• Marketing restrictions. Effective February 17, 2010, marketing communications are permitted only with a patient’s prior written authorization. Communications the plan makes about its own health care products or services, communications for treatment purposes, and communications for purposes of case management or care coordination or to recommend alternative treatments, therapies, providers or settings of care are excepted. The definition of marketing communication will include a communication about a product or service that encourages recipients to buy or use the product or service, unless it meets one of the exceptions and there is no direct or indirect fee to the plan for the communication. Before sending these types of communications to participants directly or from vendors, plans should review these new rules.

• Electronic records requirements. Effective February 17, 2010, a group health plan may be required to provide individuals with copies of their PHI in electronic format if the plan uses or maintains “electronic health records,” and an individual may designate a third party as the recipient without a formal HIPAA authorization. Charges for furnishing these records cannot exceed the labor cost of the response. However, it is unlikely that a group health plan will maintain “electronic health records,” which are electronic records of health-related information created, gathered, managed, and consulted by authorized health care clinicians and staff.

• Enforcement. HITECH steps up enforcement of the HIPAA privacy and security rules. HHS is required to conduct periodic audits of HIPAA privacy and security compliance. Penalties for HIPAA violations are increased, effective as of February 17, 2009. In addition, the state attorneys general are authorized to seek injunctions and damages in civil actions against group
health plans, their business associates and other covered entities that violate the HIPAA privacy and security standards.

7. COBRA Subsidy / American Recovery and Reinvestment Act of 2009
The American Recovery and Reinvestment Act of 2009 (“ARRA”) provided a subsidy for COBRA premiums to “assistance eligible individuals” who are involuntarily terminated and lose group health coverage. Employers were required to update their COBRA election notices and forms to contain information on the subsidy. Employers should continue to use these special COBRA notices and election forms for individuals who both: (1) experience qualifying events on or before December 31, 2009; and (2) lose coverage on or before December 31, 2009. If the COBRA subsidy is not extended by new legislation, employers may resume using their pre-ARRA COBRA notices and election forms when an individual experiences a qualifying event or loses group health coverage on January 1, 2010, or later. The Department of Labor has model COBRA notices available.

8. Medicare’s Mandatory Insurer Reporting Law
The Medicare, Medicaid, and SCHIP Extension Act of 2007 added new mandatory reporting requirements (the “Mandatory Insurer Reporting Law”) for group health plans. Certain claims processing third-party administrators of group health plans, and certain administrators of self-insured and self-administered plans, must collect specified information from plan participants and report this information to the Center for Medicare & Medicaid Services (“CMS”). In the case of group health plans
which have one entity administering enrollment and another administering and paying claims, it is the claims-paying administrator who has the ultimate duty to report under the law. Depending upon the specific contractual arrangement, however, the claims-paying administrator could require the enrolling entity to collect this information.

Social Security numbers (“SSNs”) of certain plan participants and Health Insurance Claim Numbers (“HICNs”) of Medicare enrollees are among the data elements that must be reported to CMS. Employers who perform enrollment in-house may wish to request the SSNs and HICNs of employees and their covered dependents during the enrollment process in order to facilitate compliance with the Mandatory Insurer Reporting Law. If an employer has difficulty in obtaining this information from
enrollees, it may still comply with the law by following a safe harbor process set forth by CMS, or in certain situations, by conditioning enrollment in the group health plan upon provision of such information.

 

Existing Notice Requirements

Enrollment Notices

1. COBRA Notice
Plan administrators must provide written notice to each employee and his or her spouse when group health plan coverage first commences of his or her rights under the Consolidated Omnibus Budget Reconciliation Act of 1986 (“COBRA”). Additionally, plan administrators must provide notice to each qualified beneficiary of his or her right to elect continuing coverage under the plan upon the occurrence of a qualifying event. Each of these notices must contain specific information, and the
Department of Labor has issued model notices.

2. HIPAA Privacy Notice
If the group health plan is required to maintain a notice of HIPAA privacy practices, the notice must be distributed upon an individual’s enrollment in the plan. Notice of availability to receive another copy must be given every 3 years.

3. Special Enrollment Rights
A group health plan must provide each employee who is eligible to enroll with a notice of his or her HIPAA special enrollment rights at or prior to the time of enrollment. The Department of Labor has developed model language to fulfill this requirement, but it should be updated to reflect CHIP Reauthorization Act changes (discussed above).

4. Pre-existing Condition Exclusion Notice
If the plan contains pre-existing condition exclusions, a notice describing the exclusions and how prior creditable coverage can reduce the exclusion period must be provided to participants as part of any written enrollment materials. If there are no written enrollment materials, the notice must be provided as soon as possible after a request for enrollment is made by a participant.

5. Certificate of Credible Coverage
For plan members whose coverage has terminated, we generate all corresponding HIPAA Certificates of Creditable Coverage. In addition, we generate HIPAA certificates upon request. For plans with preexisting condition limitations, we initiate contact each new plan participant, obtain the HIPAA Certificate of Creditable Coverage from his previous plan, and calculate the amount of creditable coverage each person should have. Finally, this information is passed onto the appropriate claims vendor

Annual Notices

The following notices must be provided to participants and beneficiaries each year. An employer may choose to include these notices in the plan’s annual open enrollment materials.

1. Women’s Health and Cancer Rights Act Notice
The Women’s Health and Cancer Rights Act requires that a notice be sent to all participants describing required benefits for mastectomy-related reconstructive surgery, prostheses, and treatment of physical complications of mastectomy. This notice must be given to plan participants upon enrollment and then annually thereafter. The Department of Labor has developed model language to fulfill this requirement.

2. Medicare Part D Notice
Group health plans providing prescription drug coverage must provide a notice to any individual covered by or eligible for the group health plan who is eligible for Medicare (an “eligible individual”). The notice must explain whether the plan’s prescription drug coverage is creditable. Coverage is creditable if it is actuarially equivalent to coverage available under the standard Medicare Part D program. In order to satisfy the distribution timing requirements, the notice is generally distributed
upon an individual’s enrollment in the plan, each year during open enrollment and during the plan year if the status of the coverage changes (either for the plan as a whole or for the individual). Model notices are available from the Centers for Medicare and Medicaid.

ERISA’s General Notice Requirements
It is important to keep current with ERISA’s general notice requirements, as to both timing and content. For example, changes in plan design must be reflected in summaries of material modifications or updated summary plan descriptions timely distributed to eligible employees. If a change involves a material reduction in covered services or benefits, a summary of material
modifications or an updated SPD must be furnished within 60 days after adoption. Restated SPDs must be furnished every 5 years if the plan has been amended within 5 years of publication of the most recent SPD, and every 10 years if the information has not been changed. Open enrollment may present the best time to distribute these materials.