Healthcare Reform
Final Regulations Expand Availability of Short-Term, Limited-Duration Insurance
On Aug. 1, 2018, the DOL, HHS and Department of the Treasury (the Departments) issued a final rule related to short-term, limited-duration coverage. The rule finalizes the proposed rule, issued in February 2018, with some modification. The issuance of the rules was a direct result of an executive order issued by President Trump in October 2017, which sought an extension of the coverage.
As background, short-term, limited-duration insurance is a type of coverage intended to fill temporary gaps in coverage when an individual is transitioning from one plan or coverage to another form of coverage. This type of coverage is exempt from the definition of "individual health insurance coverage" under the ACA and is, therefore, not subject to ACA provisions that apply to individual health insurance plans -- including the requirement to provide coverage for essential health benefits, the prohibition on annual and lifetime dollar limits and prohibition on pre-existing condition exclusions. As a result, short-term, limited-duration insurance plans generally cost less than ACA-compliant plans.
The proposed rule to change the maximum duration of short-term, limited-duration coverage to less than 12 months from the current maximum duration of less than three months was finalized. Additionally, the final rule permits such coverage to be renewed for no more than a total of 36 months.
Under the proposed rules, issuers were required to provide a disclosure to consumers explaining that short-term, limited-duration coverage isn't required to comply with certain federal requirements and doesn't constitute minimum essential coverage. The final rule revised the notice to add language specifying the federal requirements with which the policy is not required to comply.
For example, the required notice states that the consumer should be aware of any policy exclusions related to pre-existing conditions, mental health services, preventive care and maternity care. Further, the revised notice explains that an individual who doesn't have minimum essential coverage in 2018 may owe a payment on their tax return. This is to reflect the individual mandate that's in place for the remainder of 2018 and the fact that the penalty for such goes away in 2019. The notice must appear in the contract and application materials in at least 14-point font.
Importantly, the final rule makes clear that states may further restrict the availability of short-term, limited-duration policies. A state may prohibit such coverage, enforce a shorter maximum policy period, restrict renewals or require additional disclosure. Such laws will not be preempted by the final rule.
The final rule is applicable to policies sold on or after 60 days following publication in the Federal Register.
Retirement Update
IRS Releases 2018 Form 1099-R
On July 13, 2018, the IRS released the 2018 Form 1099-R for distributions from pensions, annuities, retirement or profit-sharing plans, IRAs, insurance contracts, etc. This form is sent to participants who withdraw or transfer funds from a number of sources related to retirement and other qualified plans. It reports the gross amount of the distribution, the taxable amount reportable as income and the federal and state withholding amounts. So, each person that withdraws at least $10 from a retirement account, such as a traditional IRA, must receive a Form 1099-R.
The 2018 final forms are generally unchanged from the draft Form 1099-R updated in June 2018. Highlights of the changes include:
-
"Date of Payment" is a new box on the form, adjacent to the "Account Number" box.
- This box shows the date of payment for reportable death benefits under Section 6050Y
- New instructions were also added to the "Instructions for Recipients" for this box
- Under "Instructions for Recipient," the "Qualified Plans" section is now known as "Qualified Plans and Section 403(b) plans."
- Under "Instructions for Recipient," Box 1 instructions add language for reportable death benefits
- Under "Instructions for Recipient," Box 5 adds language for life insurance contracts under Section 6050Y
-
Under "Instructions for Recipient," Box 7 has two new codes:
- Code C: Reportable death benefits under Section 6050Y
- Code M: Qualified plan loan offset
There are also two notable changes to the underlying law that impacts the form. One change is that re-characterizations of conversions cannot be made in 2018 or later. Specifically, a conversion of a traditional IRA to a Roth IRA, and a rollover from any other eligible retirement plan to a Roth IRA, made after Dec. 31, 2017, cannot be re-characterized as having been made to a traditional IRA. The second change relates to disaster distributions that were made to employees affected by certain natural disasters that occurred in 2016 and 2017.
Employers should become familiar with the changes made to the 2018 forms. Even though 1099-R forms are routinely prepared by the fund custodian of the retirement and qualified plans, employees may have general questions involving the employer's retirement plans or about the purpose of the form.
FAQ
What is the General Data Protection Regulation (GDPR)? To whom does it apply and what does it require?
The General Data Protection Regulation (GDPR) is a law adopted in the European Union (EU) which took effect on May 25, 2018. GDPR seeks to protect the personal data of EU data subjects (citizens and residents) and affords privacy protection for such individuals. The regulation broadly defines personal data as any information that relates to an identifiable, living human being, which can include the person's name, address, phone number, location, health records, income and banking information, etc. Essentially, if one can use the data to identify a person in any way, it is likely personal data that would render an entity receiving that data subject to the law.
Specifically, the law imposes requirements on entities that collect, use and process personal data of EU data subjects. Since the law does not limit its scope to EU-based companies, companies all over the world that employ individuals in the EU, offer goods and services to individuals in the EU, or track or profile individuals in the EU are impacted by this regulation.
The GDPR also recognizes two different roles that determine an entity's responsibilities under the regulation - data controllers and data processors. Data controllers determine the purpose and means of processing personal data. Data processors process the data on behalf of the data controller. As an example, a US-based company with EU employees would likely be a data controller since as an employer it collects personal data on those EU employees for business/employment purposes. That same company with EU employees might contract with a health and welfare broker who takes some of that personal data and processes it to enroll the employees in the company's health plan. The broker would likely be a data processor in this instance, as they are processing that information on behalf of a data controller (i.e., the employer company).
If an entity is a data controller, then they are subject to the GDPR's requirement that data processing be fair and transparent, for a specified and legitimate purpose, and limited to the data needed to fulfill that processing purpose. The regulation also gives specific legal grounds under which a controller can process personal data, including if the person gives his/her consent, if there is a contractual or legal obligation, if doing so will protect the vital interests of the person, or if it is to carry out a task that is in the public interest or in the company's legitimate interest. Keep in mind, though, that the regulation makes it clear that an individual's right to their personal data will often trump the business' interests.
Even if a company has the legal grounds to process certain personal data, they are still obligated to protect the individuals whose data they possess. Specifically, companies must:
- Provide individuals with information on who is processing their data and why;
- Provide individuals with access to their personal data when requested;
- Erase an individual's personal data when requested (under certain circumstances); and
- Correct incorrect information or complete incomplete information when necessary or stop processing that data if the individual objects.
Data controllers are also required to ensure that any data processor they use offers sufficient privacy and data protection guarantees through a written contract between the controller and processor. This contract must specify, among other things, that the data processor will only process data as directed by the controller.
Ultimately, this regulation is aimed at allowing EU data subjects more rights and control over their personal data in an increasingly technological world. Keep in mind, though, that this regulation is much more detailed and complex than what we can summarily provide in this FAQ. The potential fines and costs associated with noncompliance of this regulation can be significant, up to twenty million euros or 4 percent of an entity's worldwide revenue (in addition to any court proceedings or damage to an entity's reputation). As such, companies that feel they might be subject to the GDPR should work with legal counsel to review and assess compliance with the regulation.
State Updates
Colorado
Data Privacy Requirements for Employers
On May 29, 2018, Gov. Hickenlooper signed HB 18-1128 into law. This law generally requires all covered entities that maintain documents with personal identifying information of CO residents to develop and maintain written policies for the protection, destruction and proper disposal of those documents. These requirements are effective Sept. 1, 2018.
A "covered entity" under this new law is defined as any person or entity "that maintains, owns, or licenses personal identifying information." "Personal identifying information" is defined as a Social Security number, PIN, password, passcode, government-issued driver's license or ID card number, passport number, biometric data, an employer/student/military identification number, or a financial transaction device. Therefore, since virtually all employers maintain information on their employees that meet the definition of personal identifying information, employers with CO employees will be subject to the requirements of the new law.
Specifically, the provisions under the new law require that covered entities (1) implement reasonable security procedures and practices, (2) establish and follow a written policy for the destruction and proper disposal of personal information, (3) ensure third-party service providers that handle personal information follow reasonable security procedures and practices and (4) follow notification procedures in the event of a security breach.
Employers who maintain personal identifying information on CO residents must comply by Sept. 1, 2018. Thus, covered entities should take immediate steps to ensure they are complying with the law's requirements with the help of outside counsel. Failure to adhere to these requirements could result in civil penalties of up to $2,000 per affected person, up to a maximum of $500,000 per incident, or the employer can be held directly liable to affected individuals harmed by the violation.
Delaware
Experimental Treatment Coverage
On June 13, 2018, Gov. Carney signed HS 1 into law. The new law prohibits group health policies from denying coverage for a National Coverage Determination Service on the basis that such service, item or treatment is experimental or investigational. National Coverage Determination Service is defined as a service, item or treatment which has been determined to be covered nationally by HHS for Medicare purposes. In other words, if a service has been determined to be an eligible expense under Medicare, a group health plan issued or renewed in DE cannot exclude coverage for that service based on the reason that it is experimental.
The law was effective upon the governor's approval.
Hawaii
Transitional Policies Extended
Insurance Commissioner Ito announced in Memorandum 2018-2H that insurers will be allowed to renew noncompliant individual and small group non-grandfathered plans with policy years beginning on or before Oct. 1, 2019. This is related to the CMS announcement on April 9, 2018 of an extension to the transitional policy for non-PPACA-compliant health benefit plans. Such plans must have existed before Oct. 1, 2013 and aren't required to be in compliance with certain PPACA mandates, including community rating, coverage of essential health benefits, prohibition on pre-existing condition exclusions and the annual out-of-pocket maximum limit. Employers with non-PPACA-compliant plans should work with their carrier and advisor in determining whether their plan can be extended.
Maine
Out-Of-Network Provider Referrals Must Be Accepted
On July 13, 2018, Superintendent of Insurance Cioppa issued Bulletin 430 to clarify the legislative intent behind a recently enacted law that prohibits a carrier from denying payment for any covered health care service solely on the basis that the referral was made by a provider that was not a member of the carrier's provider network. The bulletin is in response to questions the bureau received about the interpretation and scope of the law change, including whether it prohibits so-called "gatekeeper" plans, which are typical for HMOs, from requiring all referrals to be made by the enrollee's designated primary care provider (PCP).
As background, effective Jan. 1, 2018, Gov. LePage signed 24-A M.R.S. SS4303(22) into law. This law prohibits a carrier from denying an enrollee's referral for a covered service solely because it is from an out-of-network provider. The law applies to all carriers including HMOs and also limits carriers using tiered networks or other incentive programs that require the use of particular designated providers and exclude "non-designated" network providers from making referrals.
The bulletin clarifies that the law doesn't mean carriers must honor all referrals made by out-of-network providers, or that carriers can't impose reasonable restrictions that don't distinguish between referring providers on the basis of network membership. For example, a carrier may still deny the referral if the proposed service doesn't meet the carrier's documented clinical review criteria, to the extent otherwise permitted by law. The law does, however, prohibit any "gatekeeper" procedure traditionally used by HMOs.
This bulletin is intended for informational purposes and is primarily focused on carriers. So, fully insured employers don't need to take any action.
Massachusetts
MA Law on AHPs and MEWAs Still Applies
On July 27, 2018, Commissioner of Insurance Anderson issued Bulletin 2018-03 to remind health insurance carriers of the continuing applicability of the MA health insurance legal requirements to association health plans (AHPs) and multiple employer welfare arrangements (MEWAs).
As background, on June 19, 2018, the EBSA issued a final rule related to the creation and maintenance of AHPs under ERISA. The rule modified an AHP requirement that the group or association have a "commonality of interest" and further prevented associations that exist solely for the purpose of purchasing or providing health benefits to its members. Under the new AHP rule, the group or association must have at least one substantial business purpose unrelated to the provision of benefits, although the principal purpose may be the provision of benefits. That said, the rule clarifies that it doesn't, in whole or in part, preempt state regulation of MEWAs.
This MA bulletin reiterates the Division of Insurance's understanding that the federal AHP regulation doesn't limit MA law for individual and small group coverage. In other words, MA law continues to apply to health coverage offered to Massachusetts-based individuals and small employers, including eligible small businesses that are within a MEWA.
As background on MA's laws applicable to MEWAs, it's important to note that small employers participating in a fully insured MEWA in MA will be rated as a small group and must be in compliance with the state's small group insurance requirements. In other words, a fully insured MEWA in MA would not be rated as an aggregate large group. Also, self-insured MEWAs are required to be licensed as an insurer.
The bulletin also reminds health carriers and licensed producers that MA law continues to require each adult resident to have health coverage that meets the minimum creditable coverage (MCC) standards as set by the Health Connector unless plans meeting these standards are deemed unaffordable to that person according to the Health Connector standards.
The main purpose of this letter was to remind insurers doing business in MA that the state retains the right to regulate AHPs or MEWAs regardless of changes to federal law. Employers should be aware that their participation in such a plan will likely fall under MA's jurisdiction.
New York
NY Regulation of Association Health Plans
On July 27, 2018, the Dept. of Financial Services issued Insurance Circular Letter No. 10 to remind insurers authorized to write accident and health insurance in the state that NY strictly limits the associations or groups of employers that may sponsor a health insurance plan.
As background, on June 19, 2018, the EBSA issued a final rule related to the creation and maintenance of association health plans (AHPs) under ERISA. The rule modified an AHP requirement that the group or association must have a "commonality of interest" and further prevented associations to exist solely for the purpose of purchasing or providing health benefits to its members. Under the new AHP rule, the group or association must have at least one substantial business purpose unrelated to the provision of benefits, although the principal purpose may be the provision of benefits. That being said, the rule clarifies that it doesn't, in whole or in part, preempt state regulation of MEWAs.
Regardless of this new EBSA rule, the group or association of employers of a fully insured MEWA in NY must meet specific requirements to be recognized under the insurance law (i.e., be in active existence for at least two years). Associations that are primarily formed for the purpose of obtaining health insurance coverage aren't a recognized group and may not deliver or issue for delivery health insurance policies or contracts in NY.
A self-funded MEWA in this state is also required to be licensed to do insurance business, regardless of where the association is located. In addition, New York also retains jurisdiction for out-of-state associations, so that health insurance coverage issued to its residents or insurance policies delivered or issued for delivery in the state are regulated by New York insurance law.
The main purpose of this letter is to remind insurers that the state retains the right to regulate MEWAs regardless of changes to federal law. Employers should be aware that their participation in such a plan will likely fall under NY's jurisdiction.
Vermont
Crime Victim Leave Act Passed
On May 28, 2018, Gov. Scott signed H711 (Act 184), which amended Vermont's Fair Employment Practices Act to add crime victim status to the list of characteristics that are protected from discrimination. With few exceptions, this act requires employers to allow eligible employees to take unpaid crime victim leave to attend depositions or court proceedings related to:
- A criminal proceeding, if they are a victim and have the right or obligation to appear at the proceeding
- A "relief from abuse" hearing, if they are the plaintiff
- A hearing about an order against stalking or sexual assault, if they are seeking the order as a plaintiff
- A "relief from abuse, neglect, or exploitation" hearing, if they are the plaintiff
The law went into effect July 1, 2018. The act requires employers to continue employment benefits during the leave, to post notices of the provisions of the law, and, with limited exceptions, to offer an employee the same job upon his or her return from the leave. An employer may require that the employee contribute to the cost of benefits during the leave at the existing rate of employee contribution.
Going forward, employers should review their PTO policy to ensure that the leave provided above is a permissible absence on and after July 1, 2018. Further, the employer must conspicuously post printed notices of the crime victim leave provisions on forms provided by the Vermont Dept. of Labor.
This material was created by PPI Benefit Solutions to provide accurate and reliable information on the subjects covered but should not be regarded as a complete analysis of these subjects. It is not intended to provide specific legal, tax or other professional advice. The service of an appropriate professional should be sought regarding your individual situation. PPI does not offer tax or legal advice. "PPI®" is a service mark of Professional Pensions, Inc., a subsidiary of NFP Corp. (NFP). All rights reserved.