Cyberattacks have managed to invade all walks of life, and employee benefit plans are no exception. When a plan is attacked, the fallout can be overwhelmingly expensive and burdensome to correct. Many plan sponsors are purchasing cyber liability insurance coverage to supplement their data security measures. Understanding those policies – and their exclusions – is important for sponsors who are exploring such coverage.
The Affordable Care Act (“ACA”) imposed reporting requirements on health coverage providers (including self-funded employer plans) and “applicable large employers” (those with 50 or more full-time employees). For health coverage provided during both 2015 and 2016, the IRS extended the deadline for issuing certain of the required reporting forms. In Notice 2018-06, the IRS has now granted a similar extension with respect to reporting health coverage provided during calendar-year 2017.
Although the GOP tax reform bill reduces to zero the penalty for failing to comply with the Affordable Care Act’s individual coverage mandate, it does nothing to alleviate the employer ACA mandate. Coincidentally, the IRS has just started issuing notices of potential penalty assessments under that employer mandate (commonly known as the “play-or-pay” provision).
These notices take the form of a “Letter 226J” (this notation appears in the footer of each page), and the Letter makes crystal clear the amount of the potential penalty assessment (which can be substantial). This dollar amount appears in bold on the second line of the Letter’s text.
As annual open enrollment season approaches, many employers may be evaluating ways in which to control rising health plan costs. One strategy frequently considered is a financial incentive for employees to waive or opt out of the employer-sponsored group health coverage. Although such “cash-in-lieu” or “opt-out” arrangements have long been common, they raise potential problems under the Affordable Care Act (“ACA”), as well as a number of other federal laws.
As explained in our December 19, 2016, article, the 21st Century Cures Act allows small employers (those that are not subject to the Affordable Care Act’s “play-or-pay” requirements because they have fewer than 50 full-time employees, including full-time equivalents) to offer their employees a premium reimbursement arrangement that would otherwise violate the ACA. By establishing a “qualified small employer health reimbursement arrangement” (or “QSEHRA”), such an employer may subsidize its employees’ purchase of individual health insurance coverage. In its recent Notice 2017-20, the IRS has granted these employers additional time to comply with the QSEHRA notification requirement.
Before leaving DC for the winter holidays, Congress and President Obama agreed on a provision granting small employers a bit of relief from the Affordable Care Act. Tucked at the very end of the 21st Century Cures Act is a provision allowing certain small employers to offer their employees a health reimbursement arrangement (“HRA”) that need not be “integrated” with a group health plan. Employees may then use their employer’s pre-tax contributions to such an HRA to pay premiums under individual health insurance policies.
The Affordable Care Act (“ACA”) imposed additional reporting requirements on health coverage providers (including self-funded employer plans) and “applicable large employers” (those with 50 or more full-time employees). In Notice 2016-70, the IRS has granted coverage providers and employers 30 more days to issue the appropriate ACA-reporting forms to their insureds and full-time employees for coverage provided during 2016. Rather than January 31, 2017, these Forms 1095-B and 1095-C will now be due by March 2, 2017. In addition, the IRS has extended by one year the period of “good-faith compliance” with these reporting rules. As of now, however, the IRS has not extended the deadline for coverage providers and employers to transmit these ACA-reporting forms to the IRS.
In our June 2, 2016, article summarizing final wellness program regulations issued by the EEOC under Title I of the Americans with Disabilities Act (“ADA”), we noted the EEOC’s promise to post on its website a sample notice by which employers could satisfy the ADA’s notification requirements. The EEOC has today posted such a sample notice, along with a series of FAQs shedding further light on the notification requirement. Although employers are not required to use this sample notice, they should make sure that their notice covers all the points addressed in the EEOC sample.
Final regulations issued by the Equal Employment Opportunity Commission (“EEOC”) under both the Americans with Disabilities Act (“ADA”) and the Genetic Information Nondiscrimination Act (“GINA”) will require modifications to many employee wellness programs. These modifications may include the deletion of certain questions from health risk assessments, additional employee notification requirements, and a reduction in the incentives used to discourage tobacco usage. Although certain aspects of these regulations will not apply until the first day of the 2017 plan year, others are already in effect.
Following the lead of Seff v. Broward County, another federal court has disagreed with the EEOC on the scope of an ADA exemption for employee benefit plans. In EEOC v. Flambeau, Inc., the court held that this benefit-plan “safe harbor” could be used to justify a wellness program that included both a health risk assessment and a biometric screening.