401(k) Retirement Plan Administrator
Heritage Pension Advisors, Inc.
|
401(k) Retirement Plan Administrator
BDS Consulting Group
|
Pinnacle, An NPPG Company
|
Principal Legal Content Specialist - Benefits
Bloomberg Industry Group
|
Defined Benefit Plan Administrator
Pension Investors Corp of Orlando Inc
|
Pension Investors Corp
|
Ubiquity Retirement + Savings
|
“BenefitsLink continues to be the most valuable resource we have at the firm.”
-- An attorney subscriber
![]() |
![]() ![]() ![]() |
Equitable Relief Available to Participant's Estate May Equal the Cost of Forgone Heart Transplant
Kantor & Kantor ![]() Apr. 1, 2021 "The magistrate reasoned that if plaintiff were successful in proving that the defendants breached their fiduciary duties in the dilatory manner in which they processed Mr. Holman's claims as he was dying, surcharge in the amount that the PSA Defendants were unjustly enriched -- presumably equal to the cost of the heart transplant -- could be an available remedy." [Rose v. PSA Airlines, Inc. Group Insurance Plan, No. 19-695 (W.D.N.C. mag. rep. Mar. 25, 2021)] Tags: Fiduciary Duties • HIPAA |
Staggering Increase in Ransomware Attacks During 2021 Cost Healthcare Industry $21 Billion
FierceHealthcare ![]() Mar. 26, 2021 "Ransomware attacks cost the healthcare industry $20.8 billion in downtime in 2020, which is double the number from 2019 ... 92 individual ransomware attacks occurred at healthcare organizations, and 600 clinics, hospitals and organizations were affected.,,, [N]ore than 18 million patient records were impacted ... a 470% increase from 2019[.]" Tags: Cybersecurity • HIPAA • Health Plan Costs |
Text of HHS Extension of Comment Period on Proposed Regs: Modifications to the HIPAA Privacy Rule
U.S. Office of Civil Rights [OCR], U.S. Department of Health and Human Services [HHS] ![]() [Official Guidance] Mar. 9, 2021 "The comment period for the proposed rule, which would end March 22, 2021, is extended to May 6, 2021." Tags: HIPAA |
Business Associate Liability Under HIPAA
Frost Brown Todd LLC ![]() Mar. 2, 2021 "[T]his article outlines what a business associate is, what a business associate's obligations are, how a business associate can be liable for HIPAA violations, and tips to avoid such liability." Tags: HIPAA |
New Guidance from DOL Regarding the Suspension of Certain Employee Benefit Plan Deadlines Due to COVID-19
Akerman ![]() [Guidance Overview] Mar. 1, 2021 "[I]ndividuals and plans with deadlines that are suspended pursuant to the previously-issued rule will have the applicable periods under the Notices disregarded until the earlier of: [1] one year from the date they were 'first eligible for relief' ... or [2] 60 days after the announced end of the National Emergency." Tags: COBRA • Coronavirus (COVID-19) • HIPAA • Health Plan Administration • Retirement Plan Administration |
DOL Issues Guidance on Outbreak Period Extensions
Groom Law Group ![]() [Guidance Overview] Mar. 1, 2021 "It is unclear how plans, TPAs, and insurers will be able to build their systems to create custom COBRA, special enrollment, and claims deadlines individual-by-individual ... Many may have to extend the deadlines for all while they determine how to proceed. This complexity will be even greater if COBRA subsidies are enacted ... DOL seems to be saying that plans may need to notify each individual when his or her one-year extension is about to be up[.]" Tags: COBRA • Coronavirus (COVID-19) • HIPAA • Health Plan Administration |
COVID-19 Deadline Extensions -- No More Time Outs But No Single Deadline Either
Jackson Lewis P.C. ![]() [Guidance Overview] Mar. 1, 2021 "[Disaster Relief Notice 2020-01] acknowledges that the agencies understand and appreciate the complications this latest guidance creates for plan administrators to immediately restart the clock of daily COBRA, HIPAA, and other deadlines and for individuals who now must immediately catch up monthly COBRA premium obligations to maintain health insurance under the employer's plan ... To be considered as acting in 'good faith and with reasonable diligence,' [here is a list of steps employers should take]." Tags: COBRA • Cafeteria Plans • Coronavirus (COVID-19) • Dependent Care • HIPAA |
COBRA/HIPAA Outbreak Guidance – an Answer (Finally)
Kushner & Company ![]() [Guidance Overview] Feb. 26, 2021 "Effectively, the guidance says that all of the 'pause' buttons are on an individual-by-individual rolling basis. Thus for example, an employee who terminated prior to March 1, 2020 but whose COBRA 60-day election timeline had already begun to run but not yet expired, the timeline suspensions will end on February 28, 2021." Tags: COBRA • Coronavirus (COVID-19) • HIPAA |
Calendar Year 2020 HIPAA Small Breach Notifications Due March 1, 2021
Davis Wright Tremaine LLP ![]() Feb. 24, 2021 "A small breach involves fewer than 500 individuals.... Covered entities [must] report small breaches to OCR no later than 60 days after the end of the calendar year in which the small breaches were discovered. For calendar-year 2020, small breaches notifications are due on or before March 1, 2021." Tags: HIPAA |
![]() Kushner & Company ![]() [Guidance Overview] Feb. 19, 2021 "[W]ith just 10 days left before February 28, 2021, there is a bit of confusion as to how to handle what may mean the end of the pandemic's National Emergency declaration and the 'un-pause' of the prior paused timelines.... Congress and/or the agencies ... have four possible choices." Tags: COBRA • Coronavirus (COVID-19) • HIPAA |
'Outbreak Period' Ending February 28, 2021?
TRI-AD ![]() [Guidance Overview] Feb. 18, 2021 "Without an extension of this 12-month expiration date, [the author] believes the clock starts again on March 1, 2021 for COBRA, certain HIPAA special enrollment, and COBRA qualifying events and claims appeals." Tags: COBRA • Coronavirus (COVID-19) • HIPAA |
Clock May Begin Ticking Soon for Important Deadlines Suspended Due to COVID-19
Groom Law Group ![]() [Guidance Overview] Feb. 18, 2021 "Adding to the confusion is a one-year statutory limit that applies to extensions mandated by the Departments. Since the Outbreak Period Extensions were first effective as of March 1, 2020, that one-year limit will be up shortly.... [P]lans and plan administrators should decide whether to end the extensions on midnight on February 28, 2021 based on this one-year limit." Tags: COBRA • Coronavirus (COVID-19) • HIPAA |
'You Just Missed the Exit', or 'Where's the Guidance on Ending the Outbreak Period?'
Lockton ![]() [Guidance Overview] Feb. 17, 2021 "[H]ere we are, almost a year out, and the president hasn't rescinded the national emergency. But under ERISA, the feds only had the authority to suspend these deadlines for a year.... So, what happens on March 1 with respect to all those folks who, since then, haven't yet elected COBRA, paid their COBRA premium, submitted claims, applied for HIPAA special enrollment, or filed an appeal on a denied claim?" Tags: COBRA • Coronavirus (COVID-19) • HIPAA |
![]() Ogletree Deakins ![]() [Guidance Overview] Feb. 15, 2021 "Employers that offer incentives to employees to get vaccinated may be creating group health plans under [ERISA]. In addition, incentivized vaccination programs may need to comply with [HIPAA] ... [G]uidance issued under the Genetic Information Nondiscrimination Act of 2008 (GINA) provides a road map for employers to avoid running afoul of GINA." Tags: HIPAA • Health Plan Design |
OCR Enters Into $5.1 Million Settlement with Health Plan Following Large and Lengthy Data Breach
Nixon Peabody LLP ![]() Feb. 2, 2021 "Although the financial settlement is a large dollar amount, a number of factors likely impacted that penalty, including the high number of impacted individuals and the fact that the breach involved information with a higher degree of sensitivity, such as Social Security numbers and bank account information. In addition, the fact that the hackers reportedly had access to the Excellus system for such a long period likely played into the financial settlement amount." Tags: HIPAA |
IRS Issues 2020 Version of Publication 502 on Medical and Dental Expenses
Thomson Reuters / EBIA ![]() Jan. 29, 2021 "Publication 502 provides valuable guidance on what qualifies as a medical expense under Code Section 213(d), and thus helps identify the expenses that may be reimbursed or paid by health FSAs, HSAs, or HRAs, or covered on a tax-favored basis under other group health plans (e.g., employer-sponsored medical plans). But Publication 502 should be used with caution in connection with these benefits because it addresses the deductibility of medical expenses for individuals -- it does not account for differences in the rules for reimbursing expenses under health FSAs, HSAs, or HRAs." Tags: HIPAA • HSAs • Health Plan Costs |
Fifth Circuit Weakens HHS' Ability to Enforce HIPAA Safeguards
McGuireWoods ![]() Jan. 28, 2021 "[T]he court found that the Security Rule did not require M.D. Anderson to have a 'bulletproof' mechanism, nor was it required to enforce the mechanism 'rigorously.' ... Under the court's pained interpretation of the Privacy Rule, M.D. Anderson's loss of ePHI via theft and loss did not qualify as a disclosure.... [T]he court held that the regulation required OCR to prove that someone outside the covered entity actually received the ePHI, and that OCR had failed to do so here." [Univ. of Texas M.D. Anderson Cancer Center v. HHS, No. 19-60226 (5th Cir. Jan. 14, 2021)] Tags: HIPAA |
Fifth Circuit Ruling May Make HIPAA Enforcement More Difficult for HHS
Dentons ![]() Jan. 22, 2021 "[T]he court emphasized that the plain language of the Encryption Rule only requires that a covered entity have a 'mechanism' for encryption in place; a covered entity's failure to encrypt three devices did not mean that it 'never implemented 'a mechanism' to encrypt anything at all.' ... The court held that HHS could not prove that M.D. Anderson 'disclosed' ePHI 'without proving that someone 'outside' the entity received it,' a standard that the agency conceded could not be met in that case, and that would be difficult to meet generally." [Univ. of Texas M.D. Anderson Cancer Center v. HHS, No. 19-60226 (5th Cir. Jan. 14, 2021)] Tags: HIPAA |
Fifth Circuit Criticizes OCR's HIPAA Enforcement Process, Vacates $4.3 Million Civil Penalty
Thomson Reuters / EBIA ![]() Jan. 21, 2021 "Although this case is still working its way through proceedings, this strongly worded opinion calls into question some fundamental principles of OCR's enforcement approach. For example, OCR has consistently asserted that an unauthorized disclosure occurs whenever PHI is publicly accessible through an internet search--regardless of whether it can demonstrate that anyone actually accessed the PHI in that way. It will be harder for OCR to establish privacy rule violations if it has to prove that an unauthorized recipient actually accessed PHI." [Univ. of Texas M.D. Anderson Cancer Ctr. v. HHS, No. 19-60226 (5th Cir. Jan. 14, 2021)] Tags: HIPAA |
![]() Akin Gump ![]() [Guidance Overview] Jan. 20, 2021 "The [HHS] Proposed Rule would affect how individuals may exercise their rights to access and share their protected health information (PHI), limit and adjust the fees covered entities may charge for access, introduce new concepts such as 'electronic health record' (EHR) and 'personal health application' (PHA) into a health information ecosystem already awash in acronyms, broaden data sharing by modifying the 'minimum necessary' standard and adjusting the definition of 'health care operations,' and reduce administrative burdens relating to the ubiquitous HIPAA notice of privacy practices, among other changes." Tags: HIPAA |
Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People
U.S. Department of Health and Human Services [HHS] ![]() Jan. 18, 2021 "Excellus Health Plan reported that the breach began on or before December 23, 2013, and ended on May 11, 2015. The hackers installed malware and conducted reconnaissance activities that ultimately resulted in the impermissible disclosure of the protected health information of more than 9.3 million individuals, including their names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims, and clinical treatment information." Tags: HIPAA |
Proposed Changes to Privacy Regs Would Clarify Individual Access Rights and Make Other Targeted Changes
Thomson Reuters / EBIA ![]() [Guidance Overview] Jan. 14, 2021 "The proposal would require covered entities to act on access requests 'as soon as practicable' and would shorten the deadline for action from 30 to 15 days.... Health plan participants could, however, instruct their health plan to request EHRs from covered health care providers, which would then be required to disclose the requested EHRs directly to the plan.... The proposal would clarify that health plans' care coordination and case management activities -- whether based on broad populations or particular individuals -- are considered health care operations." Tags: HIPAA |
Legislation Requires HHS to Consider Entities' Cybersecurity Practices in Enforcing HIPAA
Thomson Reuters Practical Law ![]() [Guidance Overview] Jan. 13, 2021 "Congress has passed and President Trump has signed legislation that amends the Health Information Technology for Economic and Clinical Health Act (HITECH Act) to require HHS, in enforcing HIPAA, to consider whether HIPAA covered entities (CEs) or business associates (BAs) have implemented and applied certain recognized security practices -- including with regard to cybersecurity[.]" |
HITECH Act Amendment Incentivizes Adoption of Cybersecurity Safeguards as a Defense or Mitigation to HIPAA Enforcement
Health Law Advisor, Epstein Becker Green ![]() [Guidance Overview] Jan. 11, 2021 "The new law provides a strong incentive to covered entities and business associates to adopt 'recognized cybersecurity practices' and risk reduction frameworks when complying with the HIPAA privacy and security standards to reduce risk associated with security threats and HHS enforcement determinations." Tags: Cybersecurity • HIPAA |
![]() ABD Insurance & Financial Services ![]() Jan. 11, 2021 Article provides links to a dozen compliance guides covering various aspects of health plan benefit design and administration. Tags: COBRA • HIPAA • Health Plan Administration |
<< Older News | April 12, 2021