Subscribe (Free) to
Daily or Weekly Newsletters
Post a Job

Featured Jobs

Retirement Plan Consultant

Great Lakes Pension Associates, Inc.

Great Lakes Pension Associates, Inc. logo

TPA Retirement Plan Consultant



Defined Benefit Consultant/Enrolled Actuary

Pension Plan Specialists, PC
(Vancouver WA)

Pension Plan Specialists, PC logo

RP-Client Service Associate

Greenline Wealth Management
(FL / Hybrid)

Greenline Wealth Management logo

Compliance Officer

New York City District Council of Carpenters Benefit Funds
(New York NY)

New York City District Council of Carpenters Benefit Funds logo

Senior Plan Administrator

Retirement Planners and Administrators (RPA)

Retirement Planners and Administrators (RPA) logo

Combo Plan Administrator

Pollard & Associates

Pollard & Associates logo

Retirement Plan Administrator

Retirement Solutions Specialists
(Remote / Jacksonville FL / Hybrid)

Retirement Solutions Specialists logo

Senior Specialist 401k Recordkeeping

T Bank N.A.
(Dallas TX)

T Bank N.A. logo

Defined Contribution Account Manager

Nova 401(k) Associates

Nova 401(k) Associates logo

Defined Benefit Combo Cash Balance Compliance Consultant

Loren D. Stark Company (LDSCO)

Loren D.  Stark Company (LDSCO) logo

View More Employee Benefits Jobs

Free Newsletters

“BenefitsLink continues to be the most valuable resource we have at the firm.”

-- An attorney subscriber

Mobile app icon
LinkedIn icon     Twitter icon     Facebook icon
Guest Article

DOL Audits on HIPAA Compliance Require Detailed Employer Records

Summary: Several recent regulatory actions suggest increased monitoring of group health and cafeteria plans for compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other benefit laws. Plan sponsors should be aware of the apparent increased enforcement activity and what may be required for an audit.

(Dec. 7, 2000) - Plan sponsors targeted for a health plan compliance audit by the U.S. Department of Labor (DOL) must be prepared to produce voluminous records -- including documents showing compliance with the Health Insurance Portability and Accountability Act (HIPAA) -- based on a letter sent to one plan sponsor as well as an interview with a Chicago attorney.

The letter was sent in follow up to a phone call and described the documents to be produced for review. The audited documents pertained to major medical, accident and cancer plans provided under a cafeteria plan. If the plan had administrative or other services provided by a third party, such as a third-party administrator or carrier, the service provider was to produce the documents.

The audit review was to determine compliance with ERISA, particularly regarding reporting and disclosure requirements, and to HIPAA requirements in particular. Audits may be triggered as part of another type of audit, or solely for benefits compliance purposes.

At the same time the employer was undergoing the cafeteria plan audit, it had to show that its major medical plan complied with HIPAA, the Mental Health Parity Act, the Newborns' and Mothers' Health Protection Act and Women's Health and Cancer Rights Act (WHCRA). Documents required for the audit included:

  • evidence that certificates of creditable coverage are issued;
  • notices of pre-existing condition exclusions provided to participants, if applicable;
  • records of claims denied due to imposition of a pre-existing condition exclusion;
  • letters of determination and notification of creditable coverage;
  • notices of special enrollment rights provided to participants, if applicable;
  • WHCRA notices provided to participants; and
  • service provider agreements, including compensation agreements with attending providers.

Chicago Attorney Noticing More Audits

Several clients of attorney Susan Nash have been audited for HIPAA compliance, and Nash has noticed a change over the last year in how the DOL audits are being conducted.

Nash, a partner in the employee benefits division of the Chicago offices of McDermott, Will and Emery who deals with health and welfare plan matters, noted that last year, the DOL was conducting field audits where it issued "more informal target letters." Several hundred employers across the nation were checked for HIPAA compliance regarding certificates of coverage, special enrollment, pre-existing condition clauses, minimum maternity stays, etc., according to Nash.

This year, however, Nash has seen more specific investigations, which include a "fairly exhaustive list of everything that came out of [HIPAA], especially regarding notice requirements." She indicated that the notice issues are key because DOL is increasingly interested in how employers communicate with plan participants and beneficiaries.

"Some have been audits of other areas of the welfare plan that have extended in to request for HIPAA compliance information, others have been more directed HIPAA audits," she explained.

As an example of the former issue, Nash told how a client's life insurance plan was audited for the proper use of rebates and dividends. That audit extended to the medical plan for HIPAA compliance.

Nash said that typically, employers are given a 10-day period to comply with the DOL's request, although in most cases plans can get a two-week extension.

Despite the increased audit activity, Nash emphasized that no enforcement action has been taken. When the DOL does find HIPAA noncompliance, it tends to just point out the problem and tell the employer how to resolve it.


Plan sponsors should be aware of the apparent increased enforcement activity and what may be required for an audit. They should review their plans for compliance, particularly regarding required HIPAA disclosures relating to pre-existing condition exclusions, providing creditable coverage certificates and crediting coverage for reducing exclusionary periods. In addition to having sample disclosures, written procedures for ensuring that disclosures are made should help satisfy regulators that the plan is meeting its obligations.

Similarly, plan sponsors also should review notice procedures to ensure that all notices of participants' HIPAA rights are being provided, such as WHCRA and special enrollment rights.

Excerpted from the December 2000 supplement to Employer's Guide to the Health Insurance Portability and Accountability Act, published by Thompson Publishing Group, Inc.

BenefitsLink is an independent national employee benefits information provider, not formally affiliated with the firms and companies who kindly provide much of the content and advertisements published on this Web site, including the article shown above.
© 2024, Inc.