December 16, 2010
The year 2010 has witnessed many legal developments applicable to U.S. employer-sponsored health and welfare benefit plans. Employers may find it difficult to keep up between the passage of the Patient Protection and Affordable Care Act, proposed revisions to the HIPPA Privacy, Security, and Enforcement rules, and new regulations issued under the Genetic Information Nondiscrimination Act ("GINA") and the Mental Health Parity and Addiction Equity Act ("MHPAEA"). This newsletter identifies and summarizes a few of these key legal developments.
I. Affordable Care Act
Earlier this year, President Obama signed into law the Patient Protection and Affordable Care Act of 2010 (the "PPACA" or the "Act"). The PPACA has the potential to dramatically alter the United States health care system. Although various provisions of the PPACA will become effective at different times over the next four years, health plans are required to comply with several of the Act’s provisions for plan years beginning on or after September 23, 2010. For calendar year plans, this means that many of the new requirements will take effect on January 1, 2011.
A. Plan Changes Required for All Plans, Including Grandfathered Plans
Under the Act, both new and grandfathered health plans (i.e., plans that were in existence on March 23, 2010, which are otherwise exempt from several provisions of the Act), must comply with the following requirements by January 1, 2011. Note that the Act does not apply to dental and vision benefits if such benefits are (i) insured, or (ii) self-insured but subject to separate employee election and separate employee contributions.
However, note that the PPACA authorizes any annual benefit limits to be phased out over the next three plan years, such that plans may impose restricted annual limits until 2014. For calendar year plans, the permissible restricted annual limits are $750,000 for 2011, $1,250,000 for 2012, and $2,000,000 for 2013. The Secretary of Health and Human Services is currently offering a waiver program for certain plans that cannot meet the above-specified restricted annual limits without significantly decreasing benefits or significantly increasing premiums. However, even plans that receive a waiver must entirely eliminate general annual limits by 2014.
Additional waiting period limitations and required coverage notice requirements will also take effect for both new and grandfathered health plans at various times from 2012 – 2014.
B. Plan Changes Required for Non-Grandfathered Plans
New health plans and plans that lose their grandfathered status will have to comply with several requirements in addition to those stated above by January 1, 2011:
Additional cost-sharing and deductible restrictions will apply to non-grandfathered plans beginning in 2014.
C. How to Retain Your Plan’s Grandfathered Status
Plans in existence on March 23, 2010 are grandfathered under the Act and will not need to comply with the requirements set forth in Part I.B above so long as the plan retains its grandfathered status. Only the following plan changes will result in a loss of grandfathered status:
The Department of Labor has recently clarified that changing insurers will not necessarily result in a loss of grandfathered status. Plan sponsors should take care to ensure that grandfathered status is retained if so desired and that all plan changes required by the PPACA have been made.
II. Proposed Regulations under the HITECH Act Would Modify HIPPA Rules
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act ("HIPPA") established national standards for the protection and security of Protected Health Information ("PHI") (i.e., personal health information created or received by covered entities). The Health Information Technology for Economic and Clinical Health Act (the "HITECH Act"), enacted in 2009, extended many of HIPPA’s provisions to business associates of covered entities, set up new procedures to provide for notification of breaches of unsecured PHI, provided new restrictions on the sale of or disclosure of PHI for marketing and fundraising purposes, and provided individuals with new rights to access information about their PHI. The Department of Health and Human Services released proposed regulations in July of this year (the "Proposed Regulations") designed to implement many provisions of the HITECH Act and to improve upon the existing HIPPA rules.
The Proposed Regulations will generally not become effective until 180 days after a final version is published in the Federal Register. Employers should keep an eye out for these final regulations, as they will need to amend their business associate agreements and notice of privacy practices to reflect the new requirements.
A. Business Associate Agreements
Previously, business associates were only bound by their business associate agreements with a covered entity and thus were only subject to contractual damages in the case of a breach of such an agreement. The HITECH Act extended many HIPPA requirements directly to business associates, who may now be liable for criminal and civil sanctions. In addition, the Proposed Regulations would subject covered entities to liability for the actions of their business associates who are "agents" under federal common law principles.
The Proposed Regulations would add new classes of individuals to the current definition of a "business associate," including, most notably, subcontractors to a business associate that create, receive, or maintain PHI on behalf of a business associate.
The Proposed Regulations would require several amendments to existing business associate agreements. Among these amendments, business associate agreements would need to include requirements that business associates: (1) comply with appropriate administrative, technical, and physical safeguards with respect to electronic PHI; (2) report any breach of unsecured PHI to the covered entity; and (3) enter into their own written business associate agreements with any subcontractors that that create, receive, or maintain PHI. The Department of Health and Human Services has stated that it expects to provide sample language for revising business associate agreements when final regulations are released.
Although initially required to be amended early this year under the HITECH Act, the Proposed Regulations have suggested a transition period for the amendment of business associate agreements. If an agreement (1) complies with pre-HITECH Act requirements, (2) is entered into prior to publication of the final rule, and (3) is not renewed or modified in the period 60-240 days after publication of the final rule, then the contract will be deemed to be compliant until the earlier of: (a) the date the contract is renewed or modified on or after the 240th day or (b) the date that is one year and 240 days after publication of the final rule.
C. Notice of Privacy Practices Updates
The Proposed Regulations would require several updates to a covered entity’s notice of privacy practices. Among other things, the notice would be required to reflect the following new rules and requirements: (1) individual notice and an opportunity to opt out of any subsidized treatment communications or written fund-raising communications; (2) the need for prior authorization of an individual if a covered entity or business associate is to receive direct or indirect remuneration for the sale of that individual’s PHI; and (3) disclosure of the fact that a covered entity must honor an individual’s request that the covered entity withhold information from a health plan where the individual has paid out-of-pocket in full for the service. In addition, covered entities that maintain electronic PHI will be required to provide the PHI, upon request, in the format requested by an individual.
III. New Genetic Information Nondiscrimination Act Regulations & Voluntary Wellness Programs
GINA was signed into law by President George Bush in May of 2008. Under Title I of GINA, group health plans and health insurance issuers are prohibited from discriminating against plan participants based upon genetic information. Title II of GINA prohibits employers from requesting, requiring, or purchasing genetic information and from making employment decisions based upon genetic information. On November 9, 2010, the Equal Employment Opportunity Commission issued regulations implementing Title II of GINA (the "EEOC Regulations").
Under GINA, genetic information is defined to include, among other things, family medical history information. The EEOC Regulations provide limited exceptions to the general ban against acquiring genetic information for information that is inadvertently received in response to lawful requests for information under the Family Medical Leave Act; however, an employer is required to take certain steps to prevent receipt of this information, such as notifying the individual and/or his healthcare provider not to provide genetic information to the employer.
Under the EEOC Regulations, employers that offer voluntary wellness programs are prohibited from requiring an individual to supply genetic information, including family medical history information. Employers may not require such information nor penalize an employee who fails to provide such information. In addition, wellness programs must be crafted with care to ensure that any individually identifiable genetic information is exchanged only between the individual and healthcare professionals involved and is not transferred to the employer. Employers may need to revise any wellness programs offered in order to comply with the EEOC Regulations, which become effective on January 10, 2011.
IV. Mental Health Parity and Addiction Equity Act Regulations
Under the MHPAEA, employers with 50 or more employees that offer mental health and substance abuse benefits are prohibited from treating such benefits more restrictively than the plan treats medical and surgical benefits. In February of 2010, the Departments of Treasury, Labor, and Health and Human Services issued final MHPAEA regulations (the "MHPAEA Regulations").
Under the MHPAEA Regulations, plans may not impose more restrictive deductibles, copayments, coinsurance rates, or out-of-pocket expenses on mental health and substance abuse benefits than the plan imposes on medical and surgical benefits. In addition, plans may not impose any more restrictive treatment limitations and must cover mental health and substance abuse out-of-network services to the same extent that the plan provides this coverage for other medical services. Certain plans may qualify for an exemption if compliance with these requirements will significantly increase the plan’s costs. For calendar year plans, the MHPAEA Regulations will become effective on January 1, 2011.
Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you have any questions regarding the new fee disclosure requirements or the in-plan Roth conversion option, or if you would like any assistance amending your plan or SPD, please contact David Schiller (214-698-3205, [email protected]) or Krista Hanvey (214-698-3425, [email protected]) in the firm’s Dallas office, or one of our other Gibson Dunn employee benefits attorneys listed below.
Charles F. Feldman – New York (212-351-3908, [email protected])
Stephen W. Fackler – Palo Alto (650-849-5385, [email protected])
Michael J. Collins – Washington, D.C. (202-887-3551, [email protected])
Sean C. Feller - Los Angeles (213-229-7579, [email protected])
Amber Busuttil Mullen – Los Angeles (213-229-7023, [email protected])
IRS Circular 230 disclosure: To ensure compliance with requirements imposed by the IRS, we inform you that any tax advice contained in this communication (including any attachments) was not intended or written to be used, and cannot be used, for the purpose of (i) avoiding tax-related penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any matters addressed herein.
© 2010 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.