The Consolidated Omnibus Budget Reconciliation Act of 1985 (COBRA) requires employers to offer covered employees who lose their health benefits due to a qualifying event to continue group health benefits for a limited time at the employee’s own cost. The length of the COBRA coverage period depends on the qualifying event and is usually 18 or 36 months. However, the COBRA coverage period may be extended under the following five circumstances:

  1. Multiple Qualifying Events
  2. Disability
  3. Extended Notice Rule
  4. Pre-Termination or Pre-Reduction Medicare Entitlement
  5. Employer Extension; Employer Bankruptcy

In this blog, we’ll examine the first circumstance above. For a detailed discussion of all the circumstances, request UBA’s Compliance Advisor, “Extension of Maximum COBRA Coverage Period”.

When determining the coverage period under multiple qualifying events, the maximum coverage period for a loss of coverage due to a termination of employment and reduction of hours is 18 months. The maximum coverage period may be extended to 36 months if a second qualifying event or multiple qualifying events occur within the initial 18 months of COBRA coverage from the first qualifying event. The coverage period runs from the start of the original 18-month coverage period.

The first qualifying event must be termination of employment or reduction of hours, but the second qualifying cannot be termination of employment, reduction of hours, or bankruptcy. In order to qualify for the extension, the second qualifying event must be the covered employee’s death, divorce, or child ceasing to be a dependent. In addition, the extension is only available if the second qualifying event would have caused a loss of coverage for the qualified beneficiary if it occurred first.

The extended 36-month period is only for spouses and dependent children. In order to qualify for extended coverage, a qualified beneficiary must have elected COBRA during the first qualifying event and must have been receiving COBRA coverage at the time of the second event. The qualified beneficiary must notify the plan administrator of the second qualifying event within 60 days after the event.

Example: Jim was terminated on June 3, 2017. Then, he got divorced on July 6, 2017. Jim was eligible for COBRA continuation coverage for 18 months after his termination of employment (the first qualifying event). However, his divorce (the second qualifying event) extended his COBRA continuation coverage to 36 months because it occurred within the initial 18 months of COBRA coverage from his termination (the first qualifying event).

The health plan should indicate when the coverage period begins. The plan may provide that that the plan administrator be notified when plan coverage is lost as opposed to when the qualifying event occurs. In that case, the 36-month coverage period would begin on the date coverage was lost.

By Danielle Capilla
Originally Published By United Benefit Advisors

In conversations with HR professionals and benefit brokers, we find that the topic of long-term care insurance (LTCi) is often covered in less than two minutes during renewal meetings. When I ask why the topic of conversation is so short, they tell me, “Employees just aren’t asking about it, so they must not be interested.”

If employees aren’t asking about LTCi, does it mean they aren’t interested? They just may be unaware of the value of LTCi and that it can be offered by their employer with concessions not available in the open market. Here are the top seven reasons why LTCi should be a bigger part of the employee benefits conversation.

  1. Do you know LTCi can be offered as an employee benefit?
    There are multiple employer-sponsored products, including those with pricing discounts, guarantee issue, and payroll deduction.
  2. Do you believe Medicaid and Medicare will provide long-term care for employees?
    This is a popular misconception. Medicare and Medicaid will restrict your employees’ choices of where and how they receive care. These options will either not offer custodial or home care, or they’ll force employees to spend down their assets for care.
  3. Do you think LTCi is too expensive, or that your employee population is too young to need it?
    Many plans can be customized to meet personal budgets and potential care needs. It’s also important to know that rates are based on employees’ ages. The younger the employees are, the lower their rates will be.
  4. Are you aware of the variety of LTCi plans?
    Many policies offer flexible coverage options. Depending on the policy an employer selects, LTCi can cover a wide range of care—in some cases even adult day care and home safety modifications.
  5. Do you believe the market is unstable?
    Today’s products are priced based on conservative assumptions, and employers are enrolling very stable LTCi plans for their employees. Each month, we see new plan options and products being introduced along with new carriers entering the market.
  6. Do you already offer an LTCi plan but it’s closed to new hires?
    Being able to offer a similar LTCi benefit to all employees is crucial for most employers. Find a partner that can assist with the current LTCi plan and can assist with bringing in a new LTCi offering for new hires.

 

By Christine McCullugh
Originally Published By United Benefit Advisors

The Consolidated Omnibus Budget Reconciliation Act of 1985 (COBRA) requires group health plans to provide notices to covered employees and their families explaining their COBRA rights when certain events occur. The initial notice, also referred to as the general notice, communicates general COBRA rights and obligations to each covered employee (and his or her spouse) who becomes covered under the group health plan. This notice is issued by the plan administrator within the first 90 days when coverage begins under the group health plan and informs the covered employee (and his or her spouse) of the responsibility to notify the employer within 60 days if certain qualifying events occur in the future.

The initial notice must include the following information:

  • The plan administrator’s contact information
  • A general description of the continuation coverage under the plan
  • An explanation of the covered employee’s notice obligations, including notice of
    • The qualifying events of divorce, legal separation, or a dependent’s ceasing to be a dependent
    • The occurrence of a second qualifying event
    • A qualified beneficiary’s disability (or cessation of disability) for purposes of the disability extension)
  • How to notify the plan administrator about a qualifying event
  • A statement that that the notice does not fully describe continuation coverage or other rights under the plan, and that more complete information regarding such rights is available from the plan administrator and in the plan’s summary plan description (SPD)

As a best practice, the initial notice should also:

  • Direct qualified beneficiaries to the plan’s most recent SPD for current information regarding the plan administrator’s contact information.
  • For plans that include health flexible spending arrangements (FSAs), disclose the limited nature of the health FSA’s COBRA obligations (because certain health FSAs are only obligated to offer COBRA through the end of the year to qualified beneficiaries who have underspent accounts).
  • Explain that the spouse may notify the plan administrator within 60 days after the entry of divorce or legal separation (even if an employee reduced or eliminated the spouse’s coverage in anticipation of the divorce or legal separation) to elect up to 36 months of COBRA coverage from the date of the divorce or legal separation.
  • Define qualified beneficiary to include a child born to or placed for adoption with the covered employee during a period of COBRA continuation coverage.
  • Describe that a covered child enrolled in the plan pursuant to a qualified medical child support order during the employee’s employment is entitled to the same COBRA rights as if the child were the employee’s dependent child.
  • Clarify the consequences of failing to submit a timely qualifying event notice, timely second qualifying event notice, or timely disability determination notice.

Practically speaking, the initial notice requirement can be satisfied by including the general notice in the group health plan’s SPD and then issuing the SPD to the employee and his or her spouse within 90 days of their group health plan coverage start date.

If the plan doesn’t rely on the SPD for furnishing the initial COBRA notice, then the plan administrator would follow the U.S. Department of Labor (DOL) rules for delivery of ERISA-required items. A single notice addressed to the covered employee and his or her spouse is allowed if the spouse lives at the same address as the covered employee and coverage for both the covered employee and spouse started at the time that notice was provided. The plan administrator is not required to provide an initial notice for dependents.

By Danielle Capilla
Originally Posted By www.ubabenefits.com

One of the latest things trending right now in business is the importance of office culture. When everyone in the office is working well together, productivity rises and efficiency increases. Naturally, the opposite is true when employees do not work well together and the corporate culture suffers. So, what are these barriers and what can you do to avoid them?

According to an article titled, “8 ways to ruin an office culture,” in Employee Benefit News, the ways to kill corporate culture may seem intuitive, but that doesn’t mean they still don’t happen. Here’s what organizations SHOULD do to improve their corporate culture.

Provide positive employee feedback. While it’s easy to criticize, and pointing out employees’ mistakes can often help them learn to not repeat them, it’s just as important to recognize success and praise an employee for a job well done. An “attaboy/attagirl” can really boost someone’s spirits and let them know their work is appreciated.

Give credit where credit is due. If an assistant had the bright idea, if a subordinate did all the work, or if a consultant discovered the solution to a problem, then he or she should be publicly acknowledged for it. It doesn’t matter who supervised these people, to the victor go the spoils. If someone had the guts to speak up, then he or she should get the glory. Theft is wrong, and it’s just as wrong when you take someone’s idea, or hard work, and claim it as your own.

Similarly, listen to all ideas from all levels within the company. Every employee, regardless of their position on the corporate ladder, likes to feel that their contributions matter. From the C-suite, all the way down to the interns, a genuinely good idea is always worth investigating regardless of whether the person who submitted the idea has an Ivy League degree or not. Furthermore, sometimes it takes a different perspective – like one from an employee on a different management/subordinate level – to see the best way to resolve an issue.

Foster teamwork because many hands make light work. Or, as I like to say, competition breeds contempt. You compete to get your job, you compete externally against other companies, and you may even compete against your peers for an award. You shouldn’t have to compete with your own co-workers. The winner of that competition may not necessarily be the best person and it will often have negative consequences in terms of trust.

Get rid of unproductive employees. One way to stifle innovation and hurt morale is by having an employee who doesn’t do any work while everyone else is either picking up the slack, or covering for that person’s duties. Sometimes it’s necessary to prune the branches.

Let employees have their privacy – especially on social media. As long as an employee isn’t conducting personal business on company time, there shouldn’t be anything wrong with an employee updating their social media accounts when they’re “off the clock.” In addition, as long as employees aren’t divulging company secrets, or providing other corporate commentary that runs afoul of local, state, or federal laws, then there’s no reason to monitor what they post.

Promote a healthy work-life balance. Yes, employees have families, they get sick, or they just need time away from the workplace to de-stress. And while there will always be times when extra hours are needed to finish a project, it shouldn’t be standard operating procedure at a company to insist that employees sacrifice their time.

 

By Geoff Mukhtar

Originally Published By United Benefit Advisors

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued its Man-in-the Middle Attacks and “HTTPS Inspection Products” guidance. The OCR warns organizations that have implemented end-to-end connection security on their internet connections using Secure Hypertext Transport Protocol (HTTPS) about using HTTPS interception products to detect malware over an HTTPS connection because the HTTPS interception products may leave the organization vulnerable to man-in-the-middle (MITM) attacks. In an MITM attack, a third party intercepts internet communications between two parties; in some instances, the third party may modify the information or alter the communication by injecting malicious code.

OCR provides a partial list of products that may be affected. Also, OCR provides a method that organizations can use to determine if their HTTPS interception product properly validates certificates and prevents connections to sites using weak cryptography.

OCR emphasized that covered entities and business associates must consider the risks presented to the electronic protected health information (ePHI) transmitted over HTTPS. Further, OCR encouraged covered entities and business associates to review OCR’s recommendations for valid encryption processes to ensure that ePHI is not unsecured and the U.S. Computer Emergency Readiness Team’s recommendations on protecting internet communications and preventing MITM attacks.

HIPAA Enforcement in the News

Below is a round up of the settlements recently in the news related to ePHI.

OCR Announces HIPAA Settlement for Impermissible Disclosure of ePHI, Insufficient Risk Analysis, and Insufficient Risk Management Processes

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced its $2.5 million settlement with a wireless health services provider for impermissible disclosure of ePHI. OCR’s investigation revealed that the provider had insufficient risk analysis and risk management processes in place at the time of the impermissible disclosure, including failing to implement policies and procedures regarding ePHI safeguards. The settlement requires the provider to implement a corrective action plan.

OCR Announces HIPAA Settlement for Insufficient Security Management Process for ePHI

OCR announced its $400,000 settlement with a federally qualified health center (FQHC)  based on the FQHC’s failure to have a security management process, including risk analyses sufficient to meet the Security Rule’s requirements. The settlement requires the FQHC to implement a corrective action plan. OCR’s announcement also provided a link to its guidance on the Security Rule.

OCR Announces HIPAA Settlement for Failure to Have Business Associate Agreements

OCR announced its $31,000 settlement with a small, for-profit health care provider based on the provider’s failure to produce a signed business associate agreement with its business associate who stored records containing PHI. The settlement requires the provider to implement a corrective action plan.

Employers Ask…

UBA’s question of the month from employers addressed breach notification requirements:

Q. Under what circumstances do HIPAA’s breach notification requirements not apply when a breach of protected health information (PHI) occurs?

A. Generally, breach notification must be provided when a breach of unsecured PHI is discovered. HHS provides only two methods of creating “secured PHI” that would not be subject to the notification requirements if there is a breach:

  • Encryption
  • Destruction

This means that if PHI/ePHI is encrypted or destroyed and a breach occurs, HIPAA’s notification requirements are not triggered.
By Danielle Capilla
Originally Published By United Benefit Advisors

Many employers understand the value of having an Employee Assistance Program (EAP) since the heart and soul of organizations are employees. Employees who are physically and mentally healthy, highly productive, engaged in their work, and loyal to their employer contribute positively to their employer’s bottom line. Fortunately, most employees are positive contributors, yet even the best of employees can occasionally have issues or circumstances arise that may inadvertently impact their jobs in a negative way. Having an EAP in place that can address these issues early may mitigate any negative impact to the workplace. This is a win-win for both employees and employers.

A key component of EAP services lies in “catching things early” by assisting employees and helping them address and resolve issues before they impact the workplace. Most employees will use EAP services on a voluntary, self-referred basis that is completely confidential. Some employers may wonder if services are even being used by employees because it won’t be all that apparent, but most EAPs provide a utilization or usage report that will show the number of people served, and possibly the types of reasons services were requested.

If employee issues do begin to appear in the workplace—related to performance, attendance, behavior, or safety—it is important for managers, supervisors, and human resources to also have access to EAP services. They may wish to consult with an employee assistance professional that can provide guidance and direction leading to problem identification and resolution. These issues have the potential to become very costly for the organization—and again, the earlier they can be addressed, the greater chance of success for both employee and employer, with minimal negative impact to the company’s bottom line.

The key to getting the most out of an EAP is to make it easily accessible to employees, safe to use, and visible enough they remember to use it. It is important that employees understand using the EAP is confidential and their identity will not be disclosed to anyone in their organization. Promoting the EAP services with materials such as flyers, posters, or website information with EAP contact information will also increase the likelihood of employees accessing services.

By Nancy Cannon, Originally Published By United Benefit Advisors

With all of the focus that is put into managing and controlling health care costs today, it amazes me how many organizations still look past one of the most effective and least disruptive cost-saving strategies available to employers with 150 or more covered employees – self-funding your dental plan. There is a reason why dental insurers are not quick to suggest making a switch to a self-funded arrangement … it is called profit!

Why self-fund dental?

We know that the notion of self-funding still makes some employers nervous. Don’t be nervous; here are the fundamental reasons why this requires little risk:

  1. When self-funding dental, your exposure as an employer is limited on any one plan member. Benefit maximums are typically between $1,000 and $2,000 per year.
  2. Dental claims are what we refer to as high frequency, low severity (meaning many claims, lower dollars per claim), which means that they are far less volatile and much more predictable from year to year.
  3. You pay for only what you use, an administrative fee paid to the third-party administrator (TPA) and the actual claims that are paid in any given month. That’s it!

Where do you save when you self-fund your dental?

Trend: In our ongoing analysis over the years, dental claims do not trend at anywhere near the rate that the actuaries from any given insurance company project (keep in mind these are very bright people that are paid to make sure that insurance companies are profitable). Therefore, insured rates are typically overstated.

Claims margin: This is money that insurance companies set aside for “claims fluctuation” (i.e., profit). For example, ABC Insurer (we’ll keep this anonymous) does not use paid claims in your renewal projection. They use incurred claims that are always somewhere between three and six percent higher than your actual paid claims. They then apply “trend,” a risk charge and retention to the overstated figures. This factor alone will result in insured rates that are overstated by five to eight percent on insured plans with ABC Insurer, when compared to self-funded ABC Insurer plans.

Risk charges: You do not pay them when you self-fund! This component of an insured rate can be anywhere from three to six percent of the premium.

Reserves: Money that an insurer sets aside for incurred, but unpaid, claim liability. This is an area where insurance companies profit. They overstate the reserves that they build into your premiums and then they earn investment income on the reserves. When you self-fund, you pay only for what you use.

Below is a recent case study

We received a broker of record letter from a growing company headquartered in Massachusetts. They were hovering at about 200 employees enrolled in their fully-insured dental plan. After analyzing their historical dental claims experience, we saw an opportunity. After presenting the analysis and educating the employer on the limited amount of risk involved in switching to a self-funded program, the client decided to make the change.

After we had received 12 months of mature claims, we did a look back into the financial impact of the change. Had the client accepted what was historically a well-received “no change” fully-insured dental renewal, they would have missed out on more than $90,000 added to their bottom line. Their employee contributions were competitive to begin with, so the employer held employee contributions flat and was able to reap the full financial reward.

This is just one example. I would not suggest that this is the norm, but savings of 10 percent are. If you are a mid-size employer with a fully-insured dental plan, self-funding dental is a cost-savings opportunity you and your consultant should be monitoring at every renewal.

By Gary R. Goodhile, Originally Published By United Benefit Advisors

I’ve looked at clouds from both sides now
From up and down and still somehow
It’s cloud illusions I recall
I really don’t know clouds at all

— Joni Mitchell, “Both Sides, Now”

And like that song from 1969, it appears that most employees really don’t know cloud computing at all. In an article on the Society for Human Resource Management’s website titled, “Public Enemy No. 1 for Employers? Careless Cloud Users, Study Says,” a North American IT solutions and managed services provider called Softchoice found that 1 in 3 users of cloud-based apps (e.g., Google Docs and Dropbox) download the app without letting their IT department know. Cloud computing became popular a few years ago because people could store all their documents, photos, and other information and then access that data from anywhere at any time and on any device.

What makes this such a bad situation is not the cloud computing itself, but that the vast majority of employees lack any sense of cybersecurity. That same study found that 1 in 5 employees:

  • Keep their passwords in plain sight (e.g., on Post-it Notes on their desks).
  • Have accessed work files from a device that was not password-protected.
  • Have lost devices that weren’t password-protected.

Complicating this further is that the employees who actually do use passwords usually have weak passwords. That is, they are easy to guess (e.g., “1234,” “password,” or their username). Rather than leave a company and its network vulnerable to attack, some IT people suggest a ban on cloud accounts for work.

Security breaches involving a company’s intellectual property can be very costly. Sometimes referred to as “ransomware,” the important data of an organization will either be stolen or encrypted and will not be released until a fee is paid.

A better solution to a ban on cloud accounts would be to educate employees on the necessity for cyber security, train them to improve their online security habits, and remind them that IT rules are in place to make a company more secure, not make it more difficult for employees to be productive. Cyber thieves are clever and when they can’t break into a system using technology, they often rely on the flaws of human nature.

As we become more and more connected to the Internet, we leave ourselves and the companies where we work more accessible to cyber threats. It’s imperative that employees keep everything locked down.

By Tara Marshall, Originally Published By United Benefit Advisors

A fixed indemnity health plan pays a specific amount of cash for certain health-related events (for example, $40 per office visit or $100 per hospital day). The amount paid is neither related to the medical expense incurred, nor coordinated with other health coverage. Further, a fixed indemnity health plan is considered an “excepted benefit.”

Under HIPAA, fixed dollar indemnity policies are excepted benefits if they are offered as “independent, non-coordinated benefits.” Under the Patient Protection and Affordable Care Act (ACA), excepted benefits are not subject to the ACA’s health insurance requirements or prohibitions (for example, annual and lifetime dollar limits, out-of-pocket limits, requiring individual and small-group policies to cover ten essential health benefits, etc.). This means that excepted benefit policies can exclude preexisting conditions, can have dollar limits, and do not legally have to guarantee renewal when the coverage is cancelled.

Further, under the ACA, excepted benefits are not minimum essential coverage so a large employer cannot comply with its employer shared responsibility obligations by offering only fixed indemnity coverage to its full-time employees.

Some examples of fixed indemnity health plans are AFLAC or similar coverage, or cancer insurance policies.

Recently, the IRS released a Memorandum on the tax treatment of benefits paid by fixed indemnity health plans that addresses two questions:

  1. Are payments to an employee under an employer-provided fixed indemnity health plan excludible from the employee’s income under Internal Revenue Code §105?
  2. Are payments to an employee under an employer-provided fixed indemnity health plan excludible from the employee’s income under Internal Revenue Code §105 if the payments are made by salary reduction through a §125 cafeteria plan?

 

By Danielle Capilla, Originally Published By United Benefit Advisors

You are absolutely the best! Thank you. p.s.  Others take note. You don't get service like this every day.”

- Securities Broker in San Francisco, CA

Categories