December 16, 2010
The year 2010 has witnessed many legal developments applicable to U.S. employer-sponsored health and welfare benefit plans. Employers may find it difficult to keep up between the passage of the Patient Protection and Affordable Care Act, proposed revisions to the HIPPA Privacy, Security, and Enforcement rules, and new regulations issued under the Genetic Information Nondiscrimination Act ("GINA") and the Mental Health Parity and Addiction Equity Act ("MHPAEA"). This newsletter identifies and summarizes a few of these key legal developments.
I. Affordable Care Act
Earlier this year, President Obama signed into law the Patient Protection and Affordable Care Act of 2010 (the "PPACA" or the "Act"). The PPACA has the potential to dramatically alter the United States health care system. Although various provisions of the PPACA will become effective at different times over the next four years, health plans are required to comply with several of the Act’s provisions for plan years beginning on or after September 23, 2010. For calendar year plans, this means that many of the new requirements will take effect on January 1, 2011.
A. Plan Changes Required for All Plans, Including Grandfathered Plans
Under the Act, both new and grandfathered health plans (i.e., plans that were in existence on March 23, 2010, which are otherwise exempt from several provisions of the Act), must comply with the following requirements by January 1, 2011. Note that the Act does not apply to dental and vision benefits if such benefits are (i) insured, or (ii) self-insured but subject to separate employee election and separate employee contributions.
- Dependent Coverage: Plans that offer dependent coverage must make such coverage available to all adult children under age 26. In regulations released in May, the Departments of Treasury, Labor, and Health & Human Services defined a child for purposes of this requirement as any child under the age of 26, regardless of whether the child is married, lives with a parent, is enrolled in college, or is eligible for other employer coverage. Note, however, that until 2014, grandfathered plans will not be required to provide coverage to adult children under age 26 who are eligible to enroll in their own employer-provided health insurance. Employers who sponsor grandfathered plans may therefore want to require adult children who choose their parent’s coverage to sign an affidavit or attestation that they do not have access to other employer coverage. Details on how to retain your plan’s grandfathered status are provided below.
- Lifetime and Annual Limits: The PPACA allows continued annual and lifetime per-individual dollar limits only on specific covered benefits that are not classified as "essential health benefits." Regulations defining "essential health benefits" have not yet been issued; however the Act defines them to include at least the following: "ambulatory patient services; emergency services; hospitalization; maternity and newborn care; mental health and substance use disorder services, including behavioral health treatment; prescription drugs; rehabilitative and habilitative services and devices; laboratory services; preventative and wellness services; chronic disease management; and pediatric services, including oral and vision care." Because no regulations have been issued yet defining "essential health benefits," it is unclear if the term will include such things as temporomandibular joint disorder (TMJ), specific types of durable medical equipment, or chiropractic care, for example. Until regulations are issued, the Department of Health & Human Services will allow plan sponsors to make a good-faith interpretation of the law. With respect to essential health benefits, plans must eliminate any specific lifetime or annual dollar limits, as well as eliminate all general overall plan lifetime and annual limits.
However, note that the PPACA authorizes any annual benefit limits to be phased out over the next three plan years, such that plans may impose restricted annual limits until 2014. For calendar year plans, the permissible restricted annual limits are $750,000 for 2011, $1,250,000 for 2012, and $2,000,000 for 2013. The Secretary of Health and Human Services is currently offering a waiver program for certain plans that cannot meet the above-specified restricted annual limits without significantly decreasing benefits or significantly increasing premiums. However, even plans that receive a waiver must entirely eliminate general annual limits by 2014.
- Rescissions: The PPACA provides that plans may not rescind coverage except in the case of fraud or intentional misrepresentation of material fact.
- Preexisting Condition Exclusions: Beginning in 2011, plans may not impose preexisting condition exclusions with respect to children under age 19. No preexisting condition exclusions may apply to any participants, regardless of age, beginning with the 2014 plan year.
- Health FSAs: Employers will need to amend their health flexible spending accounts ("FSAs") to reflect new restrictions on reimbursement for non-prescribed over-the-counter medications. These new restrictions become effective on January 1, 2011; however, plans will have until June 30, 2011 to make the necessary plan document changes.
- Automatic Enrollment: Employers with 200 or more full time employees that offer enrollment in one or more welfare benefit plans will be required to automatically enroll employees into one of their benefit options. The effective date for this requirement is to be stated in regulations that are to be promulgated by the Department of Labor.
Additional waiting period limitations and required coverage notice requirements will also take effect for both new and grandfathered health plans at various times from 2012 – 2014.
B. Plan Changes Required for Non-Grandfathered Plans
New health plans and plans that lose their grandfathered status will have to comply with several requirements in addition to those stated above by January 1, 2011:
- Coverage of preventive care: Plans must fully cover (without any cost-sharing mechanisms) immunizations, infant and childhood preventative care and screenings, and other preventative items or services recommended by the United States Preventative Services Task Force. A complete list of services that are required to be covered can be found at http://www.HealthCare.gov/center/regulations/prevention.html.
- Primary Care Provider Designation: For plans that impose a requirement that participants designate a primary care physician, the Act requires the plan to permit a participant to designate any participating primary care provider who is available to accept the participant, including designating a pediatrician for a child.
- Emergency Services Coverage: Plans that provide any benefits with respect to an emergency department of a hospital must do so without imposing any penalty, including a higher coinsurance rate or other cost-sharing mechanism, for using an out-of-network provider.
- Internal and External Claims and Appeals Procedures: The Act requires non-grandfathered plans to establish both an internal and external claims appeals process that meets certain requirements specified by the Secretary of Health and Human Services.
Additional cost-sharing and deductible restrictions will apply to non-grandfathered plans beginning in 2014.
C. How to Retain Your Plan’s Grandfathered Status
Plans in existence on March 23, 2010 are grandfathered under the Act and will not need to comply with the requirements set forth in Part I.B above so long as the plan retains its grandfathered status. Only the following plan changes will result in a loss of grandfathered status:
- Elimination of all or substantially all benefits to diagnose or treat a particular condition;
- An increase in a percentage cost-sharing requirement by any amount;
- An increase in a deductible or out-of-pocket maximum by an amount that exceeds medical inflation plus 15 percentage points;
- An increase in a copayment by greater than an amount that exceeds medical inflation plus 15 percentage points or $5 plus medical inflation;
- A decrease in an employer’s contribution rate towards the cost of coverage by more than 5 percentage points; or
- Imposition of annual limits on the dollar value of all benefits below specified amounts.
The Department of Labor has recently clarified that changing insurers will not necessarily result in a loss of grandfathered status. Plan sponsors should take care to ensure that grandfathered status is retained if so desired and that all plan changes required by the PPACA have been made.
II. Proposed Regulations under the HITECH Act Would Modify HIPPA Rules
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act ("HIPPA") established national standards for the protection and security of Protected Health Information ("PHI") (i.e., personal health information created or received by covered entities). The Health Information Technology for Economic and Clinical Health Act (the "HITECH Act"), enacted in 2009, extended many of HIPPA’s provisions to business associates of covered entities, set up new procedures to provide for notification of breaches of unsecured PHI, provided new restrictions on the sale of or disclosure of PHI for marketing and fundraising purposes, and provided individuals with new rights to access information about their PHI. The Department of Health and Human Services released proposed regulations in July of this year (the "Proposed Regulations") designed to implement many provisions of the HITECH Act and to improve upon the existing HIPPA rules.
The Proposed Regulations will generally not become effective until 180 days after a final version is published in the Federal Register. Employers should keep an eye out for these final regulations, as they will need to amend their business associate agreements and notice of privacy practices to reflect the new requirements.
A. Business Associate Agreements
Previously, business associates were only bound by their business associate agreements with a covered entity and thus were only subject to contractual damages in the case of a breach of such an agreement. The HITECH Act extended many HIPPA requirements directly to business associates, who may now be liable for criminal and civil sanctions. In addition, the Proposed Regulations would subject covered entities to liability for the actions of their business associates who are "agents" under federal common law principles.
The Proposed Regulations would add new classes of individuals to the current definition of a "business associate," including, most notably, subcontractors to a business associate that create, receive, or maintain PHI on behalf of a business associate.
The Proposed Regulations would require several amendments to existing business associate agreements. Among these amendments, business associate agreements would need to include requirements that business associates: (1) comply with appropriate administrative, technical, and physical safeguards with respect to electronic PHI; (2) report any breach of unsecured PHI to the covered entity; and (3) enter into their own written business associate agreements with any subcontractors that that create, receive, or maintain PHI. The Department of Health and Human Services has stated that it expects to provide sample language for revising business associate agreements when final regulations are released.
Although initially required to be amended early this year under the HITECH Act, the Proposed Regulations have suggested a transition period for the amendment of business associate agreements. If an agreement (1) complies with pre-HITECH Act requirements, (2) is entered into prior to publication of the final rule, and (3) is not renewed or modified in the period 60-240 days after publication of the final rule, then the contract will be deemed to be compliant until the earlier of: (a) the date the contract is renewed or modified on or after the 240th day or (b) the date that is one year and 240 days after publication of the final rule.
C. Notice of Privacy Practices Updates
The Proposed Regulations would require several updates to a covered entity’s notice of privacy practices. Among other things, the notice would be required to reflect the following new rules and requirements: (1) individual notice and an opportunity to opt out of any subsidized treatment communications or written fund-raising communications; (2) the need for prior authorization of an individual if a covered entity or business associate is to receive direct or indirect remuneration for the sale of that individual’s PHI; and (3) disclosure of the fact that a covered entity must honor an individual’s request that the covered entity withhold information from a health plan where the individual has paid out-of-pocket in full for the service. In addition, covered entities that maintain electronic PHI will be required to provide the PHI, upon request, in the format requested by an individual.
III. New Genetic Information Nondiscrimination Act Regulations & Voluntary Wellness Programs
GINA was signed into law by President George Bush in May of 2008. Under Title I of GINA, group health plans and health insurance issuers are prohibited from discriminating against plan participants based upon genetic information. Title II of GINA prohibits employers from requesting, requiring, or purchasing genetic information and from making employment decisions based upon genetic information. On November 9, 2010, the Equal Employment Opportunity Commission issued regulations implementing Title II of GINA (the "EEOC Regulations").
Under GINA, genetic information is defined to include, among other things, family medical history information. The EEOC Regulations provide limited exceptions to the general ban against acquiring genetic information for information that is inadvertently received in response to lawful requests for information under the Family Medical Leave Act; however, an employer is required to take certain steps to prevent receipt of this information, such as notifying the individual and/or his healthcare provider not to provide genetic information to the employer.
Under the EEOC Regulations, employers that offer voluntary wellness programs are prohibited from requiring an individual to supply genetic information, including family medical history information. Employers may not require such information nor penalize an employee who fails to provide such information. In addition, wellness programs must be crafted with care to ensure that any individually identifiable genetic information is exchanged only between the individual and healthcare professionals involved and is not transferred to the employer. Employers may need to revise any wellness programs offered in order to comply with the EEOC Regulations, which become effective on January 10, 2011.
IV. Mental Health Parity and Addiction Equity Act Regulations
Under the MHPAEA, employers with 50 or more employees that offer mental health and substance abuse benefits are prohibited from treating such benefits more restrictively than the plan treats medical and surgical benefits. In February of 2010, the Departments of Treasury, Labor, and Health and Human Services issued final MHPAEA regulations (the "MHPAEA Regulations").
Under the MHPAEA Regulations, plans may not impose more restrictive deductibles, copayments, coinsurance rates, or out-of-pocket expenses on mental health and substance abuse benefits than the plan imposes on medical and surgical benefits. In addition, plans may not impose any more restrictive treatment limitations and must cover mental health and substance abuse out-of-network services to the same extent that the plan provides this coverage for other medical services. Certain plans may qualify for an exemption if compliance with these requirements will significantly increase the plan’s costs. For calendar year plans, the MHPAEA Regulations will become effective on January 1, 2011.
Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you have any questions regarding the new fee disclosure requirements or the in-plan Roth conversion option, or if you would like any assistance amending your plan or SPD, please contact David Schiller (214-698-3205, [email protected]) or Krista Hanvey (214-698-3425, [email protected]) in the firm’s Dallas office, or one of our other Gibson Dunn employee benefits attorneys listed below.
Charles F. Feldman – New York (212-351-3908, [email protected])
Stephen W. Fackler – Palo Alto (650-849-5385, [email protected])
Michael J. Collins – Washington, D.C. (202-887-3551, [email protected])
Sean C. Feller - Los Angeles (213-229-7579, [email protected])
Amber Busuttil Mullen – Los Angeles (213-229-7023, [email protected])
IRS Circular 230 disclosure: To ensure compliance with requirements imposed by the IRS, we inform you that any tax advice contained in this communication (including any attachments) was not intended or written to be used, and cannot be used, for the purpose of (i) avoiding tax-related penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any matters addressed herein.
© 2010 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.