Both Sides Now… Must Be Alert to Cybersecurity

/in , , , , , , ,

by Becky Achten

New guidance from the Employee Benefits Security Administration (EBSA) affirms that both sides—retirement plans and welfare plans—must take steps to secure participant data from cybercrime.

In 2021 the Department of Labor (DOL) introduced new guidance on best practices for maintaining cybersecurity, which included tips to participants who check their retirement accounts online. From this, many plan sponsors and service providers concluded that the guidance was only applicable to retirement benefits (such as 401(k), profit sharing, and pension plans). Read more

Hole in the Bottle… Employer Considerations After Another Lawsuit Against an Employer Health Plan

/in , , , , , ,

by Alex Smith

Last week, former Wells Fargo employees filed a class action lawsuit against Wells Fargo and its health plan fiduciaries alleging that Wells Fargo’s self-funded health plan violated ERISA by paying its pharmacy benefits manager (PBM) excessive administrative fees and excessive fees for prescription drugs. This lawsuit appears to be similar to a lawsuit filed against Johnson & Johnson and its health plan fiduciaries earlier this year. Both lawsuits allege that the health plan paid its PBM exponentially more for certain prescription drugs than the price charged by certain retail pharmacies for the same drugs. Coincidentally, both lawsuits indicate the health plans are funded through a voluntary employees’ beneficiary association (VEBA) trust. See our prior blog post for more information on the heightened health plan fiduciary standards that may be driving these lawsuits. Read more

P-R-I-V-A-C-Y is Priceless to Me: The 2024 Privacy Rule

/in

by Leslie Thomson

The Department of Health and Human Services issued a final rule amending the HIPAA privacy rules (“2024 Privacy Rule”). The 2024 Privacy Rule limits the use or disclosure of an individual’s PHI in connection with reproductive healthcare for certain non-healthcare purposes, where such use or disclosure could be detrimental to the privacy of the individual, or another person, or the individual’s trust in their healthcare providers. Among other changes, the 2024 Privacy Rule added a new category of prohibited uses and disclosures of PHI, which prohibits the use or disclosure of PHI for any of the following activities:

  • to conduct criminal, civil, or administrative investigations into any person for the mere act of seeking, obtaining, providing, or facilitating reproductive healthcare, where such healthcare is lawful under the circumstances in which it is provided;
  • to impose criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive healthcare, where such healthcare is lawful under the circumstances in which it is provided; and
  • to identify any person for the purpose of conducting such investigation or imposing such liability.

Read more

Vacation, All I Ever Wanted – But Don’t Forget Your July Compliance Deadlines

/in , , , , , , , , ,

by Benjamin Gibbons

Congratulations! You made it to summer, that wonderful time of year when things at work (hopefully) slow down a bit and you’re able to take some well-deserved time off. Though before you Go-Go(‘s) (do you see what I did there?), be sure your July employee benefits compliance deadlines are covered.

July 29 – Summary of Material Modifications (SMM) – Were any of your organization’s plans materially amended last year? If so, you may be required to furnish an SMM to participants (or a revised summary plan description). Those SMMs must be provided no later than 210 days after the end of the plan year in which the change was adopted. So, for a 2023 change, the SMM deadline would fall on July 29 (you get an extra day this year because 210 days falls on July 28, a weekend). Read more

ERISA, ERISA…Just an Old Sweet Song Keeps ERISA on my Mind

/in , , , , , , , ,

by Becky Achten

“Georgia” on your mind? As we look towards the upcoming Masters golf tournament weekend, our minds turn to the condition of the greens (exquisite), the players tee off order (does afternoon help or hinder Tiger on an expected rainy day?), and who will make that amazing chip shot out of the bunker to save par. It may not get quite the level of TV viewership of other sporting events, but benefit plan administration is a lot like golf: a series of pars, birdies and bogies, and—oh my, not a double bogie!

If you’re hitting par with your benefit plans, they’re operating smoothly, participants are happy with the offerings, and you’re in compliance with the most obvious regulations. All is good, but you probably won’t earn a green jacket. Read more

Go Your Own Way (Or Maybe Not): New Heightened Fiduciary Standards are Coming to Group Health Plans

/in , , , , , , , , , , , , , ,

by Bret Busacker

There has been a shift taking place in ERISA litigation and compliance that could significantly impact group health plan fiduciary requirements. We anticipate group health plan fiduciary standards will evolve along the same lines as what occurred in the 401(k) industry after the ERISA 408(b)(2) rules became effective in 2012.

401(k) plans for years have been subject to fee disclosure and relatively well-defined fiduciary standards of conduct. Much of the improvement in 401(k) fiduciary practices over the past decade can be attributed to the ERISA 401(k) fee disclosure requirements that went into effect in 2012 under ERISA 408(b)(2) and the resulting fee litigation fueled by the ERISA 408(b)(2) fee disclosure rules. As a result of the ERISA 408(b)(2) and the related litigation, employers and plan fiduciaries, often with the aid of counsel, have become significantly more proficient in monitoring fees and negotiating agreements with 401(k) plan TPAs and investment service providers.

The Consolidated Appropriations Act (CAA) in 2021 extended the ERISA 408(b)(2) fee disclosure requirements to group health plans. Based on what took place in the 401(k) industry after 2012 when the ERISA 408(b)(2) disclosure went into effect, we anticipate the ERISA 408(b)(2) fee disclosure requirement, now also applicable to group health plans, will make it easier for plan participants to bring breach of fiduciary duty claims against employer and plan fiduciaries. There are already several such cases currently making their way through the courts.

In addition to the ERISA 408(b)(2) fee disclosure requirement, group health plan fiduciaries now have a better line of sight into the structure and economics of their group health plans than ever before. This insight comes in the form of a series of new disclosure requirements that require plans to obtain and publish network and out of network payment rates, and to report plan drug and service cost information to HHS. Further, the CAA now requires employers to prepare periodic reports demonstrating compliance with the Mental Health Parity rules. These new rules give employers and plan fiduciaries unprecedented leverage with their service providers through increased transparency and improved awareness of the structure and economics of their group health plans.

With this greater knowledge and understanding comes more risk of criticism that an employer or plan fiduciary could have looked closer—and should have looked closer—at fees and plan design in carrying out their fiduciary responsibilities. We think these new group health plan transparency and disclosure rules will drive new litigation against group health plan fiduciaries similar to what occurred in the retirement plan industry after ERISA 408(b)(2) became effective for 401(k) plans.

Employers and plan fiduciaries should be considering now how to formalize appropriate compliance structures to ensure that reasonable fiduciary standards are being applied to group health plan administration. Our general recommendation is to adopt similar group health plan governance structures and practices that are now common in 401(k) plan administration. These governance structures may take on different forms than what we see in the 401(k) industry, but employers should be thinking now how best to match step with the shifting fiduciary standards applicable to group health plans.

Should’ve Been a Cowboy, Court Inflicts Pain on Health Plan Sponsor After Participant Kicked by Bull

/in , , , , ,

by Alex Smith

A recent decision by a federal district court in Ohio in a health plan benefits dispute highlights the importance for health plan fiduciaries to properly review benefit claim denials to ensure that the claims administrator’s basis for denial is appropriate and that the claims administrator has properly considered information provided by the participant.

In this case, the participant sued after he was denied coverage for more than $100,000 of medical bills related to a broken ankle suffered when he was kicked by his bull calf. Even though the participant worked as an HVAC division manager, the health plan’s third-party administrator denied the claims based on the plan’s exclusion for on-the-job injuries because the participant owned a cattle farm from which he sold beef. The court ruled that the participant was entitled to coverage for his medical expenses because the health plan fiduciaries had the burden of demonstrating the plan exclusion applied. Read more

Take the Power Back . . . Negotiating Provider Contracts for Benefit Plans

/in , , ,

By Kevin Selzer

Disputes between plan sponsors and plan service providers are not new. As with any contractual relationship, things don’t always go according to “plan” or at least, as the sponsor expects. When that happens, one of the first things sponsors (and their attorneys) will do is review the provider’s contract. Some sponsors will be surprised to find some very provider-friendly provisions, such as:

  • a provision specifying that the provider is permitted by the contract to act negligently (as long as the conduct does not rise to gross negligence or intentional misconduct), or
  • a provision indicating that the sponsor has contractually waived its right to participate in a class against the provider.

Unfortunately for sponsors, a provider’s willingness to fix an error often comes down to how much the provider wants to continue working with the sponsor on a go forward basis. Read more

A Change Would Do You Good, But Do The Section 125 Cafeteria Plan Rules Permit It?

/in , , ,

by Elizabeth Nedrow

Inevitably, an employee will wake up from their holiday food coma and realize that they made a mistake in open enrollment. “But I didn’t mean to elect family coverage! My spouse is covering the kids this year!” Employers are allowed to set enrollment rules for their self-funded medical plans. One response to the employee is the hard line that the door was closed at the end of the enrollment period. But what if you want to be more flexible?

If the employee catches their mistake before the ball drops on New Year’s Eve, the IRS won’t care. But if the question comes up in January, it’s likely too late. The IRS’s rules on cafeteria plan elections don’t make any exception for mistake. Elections can only be changed if the employee has a change in status event like a divorce or new dependent. Read more

Signed, Sealed, Delivered … Have You Completed Your Plan’s “No Gag Clauses” Attestation?

/in

by Becky Achten

One of the many benefits-related provisions in the Consolidated Appropriations Act of 2021 prohibits the use of “gag clauses” in group health plan agreements. Before this law, medical plan service agreements would often include provisions preventing the employer from sharing data like pricing and health plan outcomes available to another party. Hopefully employers have worked to make sure that there are no such clauses in their agreements. But there’s one more step on the compliance ladder. Beginning in 2023, plans must annually attest to their compliance with the gag clause prohibition. Read more