Linda

I don't know of any sources that have updated the PHSA for PPACA. Our subscription to Checkpoint has the PHSA updated for everything except PPACA. Even if I found the PHSA updated for PPACA, I think I would be careful about replying on it. I think PPACA provides multiple inconsistent changes for some sections. I can guess what it is supposed to be (what is the intended final change) but you would probably want to look at the options for yourself rather than rely on someone else's decision as to what is the correct change. I'm doing my own mark-up, as needed for research, with notes on conflicting PPACA changes.

1. In PPACA Section 1001(1), which amends PHSA to create a new Section 2712 re: prohibition on rescissions, the last sentence states that plans or coverage can only be cancelled in accordance with sections 2702© or 2742(b). 2702© does not exist in the pre-PPACA PHSA or in post-PPACA PHSA. Didn’t GINA add ©-(f) to (old) 2702? Still, the cross reference doesn’t seem to make sense. Do you think they meant to reference (new) 2703? That wouldn’t tell us anything but would be parallel to 2742. 2. In PPACA Section 1201, amendment to PHSA creating new Section 2705, the text goes from subsection (a) (re: discrimination based on health status) to (j) (re: wellness programs). (j)(1)(A) refers to "subsection (b)(2)(B)," which doesn't exist. I think (new) PHSA 2705 used to be (old) PHSA 2702. I think PPACA 1201 is amending PHSA 2702/2705 paragraph (a) and adding (j) etc. As best as I have been able to figure out so far, that leaves a gap between (f), the end of GINA, and (j), the start of the new PPACA wellness material.

I question whether an employer will have enough control to administer a Connector-only cafeteria plan (for part-time employees) in a way that complies with IRC 125. The employer submits to the Connector a list of employees who are eligible for the Connector-only cafeteria plan. Then, the next thing the employer gets is a list of employees who signed up for insurance through the Connector and a bill. The employer does not know what family members are covered (e.g., there could be a same sex spouse or an over-age dependent for whom pre-tax contributions are not permitted). And it looks like an employee would go to the Connector to drop coverage – the employer has no way to control a drop or change. The employer won’t even know an employee has dropped until the next month’s bill arrives without the employee’s name. I just hope the IRS is okay with these arrangements because, to me. it sure doesn’t look like it works. Or, am I missing something about the process???

I interpreted CMS’ recent guidance as requiring a plan sponsor to provide a personalized notice if/when requested by an individual who both (a) has Rx coverage under the sponsor’s plan and (b) is Medicare-eligible. (From the guidance “The personalized disclosure notice should be provided upon request by the beneficiary.”) Fritzreb, did you interpret that guidance as saying the personalized notice will be an option for responding to the individual’s request but will not be mandatory?

I have a question about the proposal from the Centers of Medicare and Medicaid Services to require health plans to provide personalized notices of creditable prescription drug coverage upon request. Unless the Medicare Part D enrollment period gets pushed back, we’re supposed to be ready to provide these personalized notices on May 15. How are you planning to make that happen?

My concern is that, in describing FSAs, you have to describe the tax advantages. The tax advantages are after all the point of FSAs. So, what if the SPD says something like “your contributions will be made on a pre-tax basis” or “you can be reimbursed for anything classified as a medical expense by the IRS”? Or how about a table demonstrating the tax savings from participating in an FSA? Of course, these points are not controversial but still could these be seen as covered opinions?

What are your thoughts on the impact of Circular 230 on the types of materials often prepared in connection with cafeteria plans? For example, do you think we might need a disclaimer on an SDP for a medical FSA?

The disclosures that need to be included in an accounting are generally the disclosures permitted under 45 CFR 164.512. As you’ll see from the items included in 512, the right to an accounting will not be particularly meaningful to most GHP participants.

WEDI SNIP has an employer workgroup that deals with HIPAA’s application to employer sponsored group health plan. The workgroup had some discussions on P&Ps for a GHP a month or so ago, but did not have the volunteers to draft samples at that time. Still, just the discussion of the scope of what is needed can be helpful. It is also my understanding that the ABA Health Law Section may be putting together a forum to discuss HIPAA implementation issues facing group health plans. This might be another forum to discuss HIPAA P&Ps for a GHP.

As far as I have been able to ascertain, many insurers (and insurers acting as TPAs of self-funded group health plans) are planning to continue to send the entire family's EOBs to the named insured or covered employee. I am aware of the arguments for and against the practice (and there is support for both positions). But I think it is going to continue.

BenefitsLawyer -- I would really like to get your opinion about the roles of the third party administrator and the employer under the HIPAA privacy regs with respect to a self-insured group health plan. In particular, what if any right or obligation does a third party administrator have to verify an employer’s compliance with 164.504(f)? The third party administrator is not the group health plan. Rather, the third party administrator is a business associate of the group health plan. 164.05(f) is based on the fiction that the group health plan is disclosing health information to the third party administrator. (In reality, the third party administrator gets health information from providers.) Because of that fiction, the employer and the third party administrator will need to enter into a business associate agreement. The business associate agreement is supposed to be between the third party administrator and the group health plan but, since there’s not one to sign the business associate agreement for the plan other than the employer, the business associate agreement will actually be between the third party administrator and the employer. If the employer asks the third party administrator for health information, will the third party administrator ask for the employer’s certification of compliance with 504(f)? If the third party administrator does take on this responsibility, what is the legal basis for that responsibility? If the third party administrator isn’t the group health plan, the only basis I see would be the business associate agreement. What do you think?

Let’s say an employer has a 125 plan and employees pay part of the cost of GHP coverage on a pre-tax basis. But, only employees who certify that they have other GHP coverage can waive coverage under the employer’s GHP. Along comes new Rev. Rule 2002-27: Does this Revenue Ruling say that those employees who don’t have other coverage and MUST stay in the employer’s health plan are actually making “mandatory” contributions NOT SUBJECT TO 125? If so (i.e., if the contributions are not subject to 125), how are the contributions made on a pre-tax basis? And (since most of the employees who don't have other coverage won't even ask about waiving the employer's coverage) how would an employer know who does and who does not have other coverage?

My guess is that any state privacy laws that are more stringent than the HIPAA rules apply to the HMOs, but not to the employer paying for the HMOs. Again, I think it’s a question of ERISA preemption when we’re talking about the handling of health information generated in connection with a group health plan. A state can reach an HMO (or insurer) but cannot reach the employer on group health plan matters. Like state mandated benefits. So, if I'm right, the HMOs need to compare HIPAA to state law and comply with the more stringent. This could affect what (if any) info the employer can get out of the HMO. But, while the employer does need to comply with HIPAA (if it gets more than summary health info out of the HMO), the employer doesn't have to be concerned about compliance with more stringent state law.

alexa48 -- What sort of covered entity are we talking about? If we’re talking about an employer that sponsors a self-insured group health plan (and is not otherwise a covered entity such as a hospital system), you may be lucky. While the HIPAA privacy regs do not preempt more stringent state laws, the HIPAA privacy regs do not change or in any way diminish ERISA preemption of state law. This is actually discussed in the preamble of the HIPAA privacy regs.

Jeanine -- 164.504(f) lists the requirements for a group health plan to disclose identifiable health information to an employer. It sounds like you think we should apply this rule to the transmission of information from the TPA to the employer. Is that your interpretation?