New Regulations Expand Exemptions from the Contraceptive Mandate

On Oct. 6, 2017, the Departments of Labor (DOL), Health and Human Services (HHS) and the Treasury (Departments) issued two interim final rules expanding certain exemptions from the Affordable Care Act’s (ACA) contraceptive coverage mandate.

The first interim final rule expands the availability of the exemption for employers that object to providing contraceptive coverage based on their religious beliefs.

The second interim final rule provides an additional exemption for certain employers that object to providing contraceptive coverage based on their moral convictions (but not religious beliefs).

ACTION STEPS

This guidance, which is effective immediately, significantly expands the number of employers that are eligible for an exemption from the contraceptive coverage mandate. Under the expanded exemptions, a plan sponsor, issuer and plan covered by these exemptions will not be penalized for failing to include contraceptive coverage in the plan’s benefits.

Background

Effective for plan years beginning on or after Aug. 1, 2012, the ACA requires non-grandfathered health plans to cover certain women’s preventive health services without cost-sharing (such as a copay, coinsurance or deductible). Under these rules, plans must cover all FDA-approved contraceptive methods, sterilization procedures, and patient education and counseling for all women with reproductive capacity.

However, special contraceptive coverage rules apply for certain religious employers and organizations. These rules exempt churches and other houses of worship from the ACA’s requirement to cover contraceptives. For other church-affiliated institutions that object to contraceptive coverage (such as schools, charities, hospitals and universities), these rules establish an accommodations approach.

Under the accommodations approach, eligible organizations do not have to contract, arrange, pay or refer for any contraceptive coverage to which they object on religious grounds. However, separate payments for contraceptive services will be provided to females in the health plan by an independent third party, such as an insurance company or third-party administrator (TPA), directly and free of charge.

For this purpose, an “eligible organization” is one that:

– Opposes providing coverage for some or all contraceptive services that are required to be covered, on account of religious objections;

– Is organized and operates as a nonprofit entity; and

– Holds itself out as a religious organization.

In addition, on June 30, 2014, in Burwell v. Hobby Lobby Stores, Inc. et al., the U.S. Supreme Court created a narrow exception to the contraceptive mandate for closely held for-profit businesses that object to providing coverage for certain types of contraceptives based on their sincerely held religious beliefs.

To be eligible for the accommodations, an organization must also self-certify (or notify HHS) that it meets the criteria and provide the self-certification to the plan’s issuer or TPA.

Expansion of the Religious Exemption

A number of lawsuits have been filed challenging the Departments’ accommodations approach, asserting that it infringes on religious liberty. The two new regulations issued by the Departments are intended to end this long-running litigation by:

Extending the exemption to include nongovernmental employers, issuers and individuals that have sincerely-held religious or moral beliefs objecting to contraceptive or sterilization coverage; and

Making the accommodations approach optional for eligible organizations.

As a result, objecting employers are no longer required to choose between direct compliance and compliance through the accommodation. A plan sponsor, issuer and plan covered by these exemptions will not be penalized for failing to include contraceptive coverage in the plan’s benefits.

Eligible Organizations

This exemption may apply to all types of nongovernmental employers, including:

  • – Churches, integrated church auxiliaries, conventions or associations of churches, or religious orders;
  • – Nonprofit organizations;
  • – For-profit entities, regardless of whether they are closely held;
  • – Institutions of higher education; and
  • – Any other nongovernmental employers.

This exemption also applies to health insurance issuers offering group or individual insurance coverage that have sincerely-held religious or moral beliefs objecting to contraceptive or sterilization coverage.

This exemption is narrower in scope than the exemption based on religious objections. It may only apply to the following types of nongovernmental employers:

  • – Nonprofit organizations;
  • – Privately held for-profit entities; and
  • – Institutions of higher education.

Health insurance issuers offering group or individual insurance coverage that have sincerely-held moral objections to providing contraceptive or sterilization coverage may also qualify for this exemption. The Departments are requesting comment on whether this moral objection exemption should also be extended to all for-profit entities (regardless of whether they are closely held or publicly traded) and nonfederal governmental employers, such as local government hospitals.

No Self-certification Requirement

Under these new rules, employers who claim an exemption may voluntarily, but are not required to, provide any self-certification or notice to the government. The legal challenges to the accommodations approach have focused on whether the requirement to self-certify (or notify HHS) of an organization’s objections infringes on religious liberty by making the organization complicit in the provision of contraceptives. The new rules are intended to end this litigation by making the self-certification requirement optional.


Why Tax Reform Is the Next Hot Ticket for Healthcare Regulation

In spite of the many headlines and healthcare bills that have centered on repealing or replacing the Affordable Care Act (ACA), the healthcare landscape in the United States today looks remarkably similar to the way it did when the ACA was passed seven years ago: The majority of Americans still receive insurance through their employers.

To date, the ACA has supported the growth of consumer-directed healthcare and account-based healthcare, such as health savings accounts (HSAs), flexible spending accounts (FSAs) and health reimbursement arrangements (HRAs). It has also given rise to a robust debate about the longstanding tax exclusion on employer-sponsored healthcare.

After multiple failed attempts at repealing the ACA, the focus for the Trump administration and Republican leaders in Congress is now likely to shift to tax reform. The ACA is ultimately a tax law – and though the current tax structure for employer-sponsored health insurance works, it won’t for long. Starting in 2020, the so-called “Cadillac tax,” which is arguably the number one issue for employers in healthcare today, will be levied on insurance companies who provide employer-sponsored health benefits whose value exceeds legally specified thresholds. The concern is that by limiting the tax preference for employer-sponsored health insurance, this controversial 40-percent excise tax will burden employees. The Cadillac tax was originally to take effect in 2018, but the effective date was delayed by the Consolidated Appropriations Act to 2020. The tax is projected to be imposed on plans that cost more than $10,800 for single health plans and $29,100 for non-single (e.g., family) plans.

Already the looming Cadillac tax is leading employers to adjust the plans they offer employees. According to the American Health Policy Institute survey in 2015, 19 percent of employers were already curtailing or eliminating FSAs in order to avoid triggering the excise tax; and 13 percent were curtailing or eliminating employee contributions to HSAs. A separate survey, published in August 2017 by the National Business Group on Health, found that uncertainty surrounding the surcharge is influencing efforts to control healthcare costs for nearly 10 percent of large employers surveyed. The NBGH survey also found that 90 percent of large employers are likely to offer consumer-driven healthcare plans by 2018, with 39 percent of employers offering only higher deductible plans by that time.

In 2015, 164 million people below age 65 got insurance coverage from employers, and most of them said they were satisfied with what they received. To protect these consumers – and all Americans – from rising healthcare costs, it is essential that both employer-sponsored and consumer-driven healthcare plans remain accessible and affordable. Not only does employer-sponsored healthcare help to self-regulate the marketplace – employers want to keep costs down and competitive benefits serve to attract and retain top talent – but it also fosters an environment where high-quality healthcare can be provided to Americans in a cost-effective manner. In a tax reform package that protects the tax exclusion on employer-sponsored healthcare, there are likely to be opportunities to insert provisions that are also friendly to HSAs and consumer-driven healthcare plans.


New Rules for Disability Benefit Claims Take Effect in 2018

OVERVIEW

On Dec. 16, 2016, the Department of Labor (DOL) released a final rule to strengthen the claims and appeals requirements for plans that provide disability benefits. According to the DOL, these new protections will ensure that disability claimants receive a full and fair review of their benefit claims, as required by the Employee Retirement Income Security Act of 1974 (ERISA).
The new requirements provide disability claimants with protections that are similar to those that apply to claims for group health benefits. They are intended to protect disability claimants from conflicts of interest, increase transparency and allow claimants to respond more effectively to benefit decisions.

ACTION STEPS

ERISA plans that include disability benefits must comply with the new procedural protections, effective for claims that are submitted on or after Jan. 1, 2018. Entities that administer disability benefit claims, including issuers and third-party administrators, will need to revise their claims procedures to comply with the final rule. Although the DOL has recently indicated that it may delay or amend the final rule, it is possible that the rule’s new requirements will still take effect as scheduled.

ERISA plans that include disability benefits must comply with the new procedural protections, effective for claims that are submitted on or after Jan. 1, 2018. Entities that administer disability benefit claims, including issuers and third-party administrators, will need to revise their claims procedures to comply with the final rule. Although the DOL has recently indicated that it may delay or amend the final rule, it is possible that the rule’s new requirements will still take effect as scheduled.

ERISA Requirements

Section 503 of ERISA requires every employee benefit plan to:

Provide adequate notice in writing to any participant or beneficiary whose claim for benefits under the plan has been denied, setting forth the specific reasons for the denial, written in a manner calculated to be understood by the participant; and

Afford a reasonable opportunity to any participant whose claim for benefits has been denied for a full and fair review by the appropriate named fiduciary of the decision denying the claim.

The DOL first adopted claims procedure regulations for employee benefit plans in 1977. In 2000, the DOL updated its claims procedure regulations by improving and strengthening the minimum requirements for employee benefit plans, including plans that provide disability benefits.

Effective for plan years beginning on or after Sept. 23, 2010, the Affordable Care Act (ACA) amended ERISA to include enhanced internal claims and appeals requirements for group health plans.

Section 503 of ERISA requires every employee benefit plan to:

*  Provide adequate notice in writing to any participant or beneficiary whose claim for benefits under the plan has been denied, setting forth the specific reasons for the denial, written in a manner calculated to be understood by the participant; and

* Afford a reasonable opportunity to any participant whose claim for benefits has been denied for a full and fair review by the appropriate named fiduciary of the decision denying the claim.

The DOL first adopted claims procedure regulations for employee benefit plans in 1977. In 2000, the DOL updated its claims procedure regulations by improving and strengthening the minimum requirements for employee benefit plans, including plans that provide disability benefits.

Effective for plan years beginning on or after Sept. 23, 2010, the Affordable Care Act (ACA) amended ERISA to include enhanced internal claims and appeals requirements for group health plans.

Additional Protections for Disability Claimants

According to the DOL, it can be challenging for workers seeking disability benefits from an employer-sponsored plan to understand the process and why their claim is approved or denied. To improve the fairness, transparency and accuracy of the disability claims process, the final rule requires that plans, plan fiduciaries and insurance providers comply with additional procedural protections when dealing with disability benefit claimants.

The final rule includes the following requirements for the processing of claims and appeals for disability benefits:

  • Improvement to Basic Disclosure Requirements: Benefit denial notices must contain a more complete discussion of why the plan denied a claim and the standards used in making the decision.
  • Right to Claim File and Internal Protocols: Benefit denial notices must include a statement that the claimant is entitled to receive, upon request, the entire claim file and other relevant documents. Benefit denial notices also have to include the internal rules, guidelines, protocols, standards or other similar criteria of the plan that were used in denying a claim or a statement that none were used.
  • Right to Review and Respond to New Information Before Final Decision: The final rule prohibits plans from denying benefits on appeal based on new or additional evidence or rationales that were not included when the benefit was denied at the claims stage, unless the claimant is given notice and a fair opportunity to respond.
  • Avoiding Conflicts of Interest: Plans must ensure that disability benefit claims and appeals are adjudicated in a manner designed to ensure the independence and impartiality of the persons involved in making the decision. For example, a claims adjudicator or medical or vocational expert could not be hired, promoted, terminated or compensated based on the likelihood of the person denying benefit claims.
  • Deemed Exhaustion of Claims and Appeal Processes: If plans do not adhere to all claims processing rules, the claimant is deemed to have exhausted the administrative remedies available under the plan, unless the violation was the result of a minor error and other specified conditions are met. If the claimant is deemed to have exhausted the administrative remedies available under the plan, the claim or appeal is deemed denied on review without the exercise of discretion by a fiduciary and the claimant may immediately pursue his or her claim in court.
  • Certain Coverage Rescissions Are Adverse Benefit Determinations Subject to the Claims Procedure Protections: Rescissions of coverage, including retroactive terminations due to alleged misrepresentation of fact (for example, errors in the application for coverage), must be treated as adverse benefit determinations that trigger the plan’s appeals procedures. Rescissions for nonpayment of premiums are not covered by this provision.
  • Notices Written in a Culturally and Linguistically Appropriate Manner: Similar to the ACA standard for group health plan notices, the final rule requires that benefit denial notices be provided in a culturally and linguistically appropriate manner in certain situations.

Court Orders EEOC to Reconsider Wellness Rules

The U.S. District Court for the District of Columbia has issued a ruling affecting the Equal Employment Opportunity final wellness rules . In AARP v. EEOC, the  court directed the EEOC to reconsider its final wellness rules under the American with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA).

The final rule allows employers to offer wellness incentives of up to 30 percent of the cost of health plan coverage. The court held that the EEOC failed to provide a reasoned explanation for adopting the incentive limit. Rather than vacating the final rules, the court sent them back to the EEOC for reconsideration.

ACTION STEPS

It is unclear how the EEOC will respond to the court’s decision—the EEOC may appeal the ruling or reduce the January 1, 2017 amount of permitted incentives. For now, the EEOC’s final EEOC’s final wellness rules under wellness rules remain in place.

Due to this new legal uncertainty, employers should carefully August 22, 2017 consider the level of incentives they use with their wellness District court remands final wellness programs. Employers should also monitor any developments rules to the EEOC for related to the EEOC’s rules.

Final Wellness Rules

  • ** Under the ADA, an employer may make disability- EEOC’s final wellness rules, related inquiries and require medical examinations after concluding that it was not well employment begins only if they are job-related and consistent with business necessity. However, these reasoned, and sent the rules back inquiries and exams are permitted if they are part of a to the EEOC for reconsideration. voluntary wellness program.
  • ** Under GINA, employers cannot request, require or purchase genetic information. This includes information about an employee’s genetic tests, the genetic tests of family members and the manifestation of a disease or disorder of a family member. Like the ADA, GINA includes an exception that permits employers to collect this information as part of a wellness program, as long as the provision of information is voluntary.

Neither the ADA nor GINA define the term “voluntary” in the context of wellness programs. For many years, the EEOC did not definitively address whether incentives to participate in wellness programs are permissible under the ADA and, if so, in what amount. On May 16, 2016, the EEOC issued long-awaited final rules that describe how the ADA and GINA apply to employer-sponsored wellness programs. These rules became effective on Jan. 1, 2017.

  • ** The final ADA rule provides that incentives offered to an employee who answers disability-related questions or undergoes medical examinations as part of a wellness program may not exceed 30 percent of the total cost for self-only health plan coverage.
  • ** The final GINA rule clarifies that an employer may offer an incentive of up to 30 percent of the total cost of self-only coverage to an employee whose spouse provides information about his or her current or past health status as part of the employer’s wellness program.

Court Decision

On Aug. 22, 2017, the U.S. District Court for the District of Columbia ruled against the EEOC and remanded the final wellness rules back to the agency for reconsideration. In this case, the AARP argued that the 30 percent incentive limit is inconsistent with the voluntary requirements of the ADA and GINA, and that employees who cannot afford to pay a 30 percent increase in premiums will be forced to disclose their protected information when they would otherwise choose not to do so. The EEOC identified numerous reasons for why it adopted the 30 percent incentive limit. However, the court concluded that the EEOC’s basis for establishing this incentive level was not well reasoned and not entitled to deference from the court. Rather than vacating the rules altogether, however, the court remanded them to the EEOC for reconsideration.


US Citizenship and Immigration Services Revises Form I-9

Updated Form I-9 Required Beginning Sept. 18

On July 17, 2017, U.S. Citizenship and Immigration Services (USCIS), part of the U.S. Department of Homeland Security, issued an updated version of Form I-9: Employment Eligibility Verification (Form I-9). Under federal law, every employer that recruits, refers for a fee or hires an individual for employment in the United States must complete a Form I-9. The updated form replaces a version that was issued in 2016. Employers must begin using the new form on Sept. 18, 2017. The new form expires on Aug. 31, 2019. The updated Form I-9 includes revisions to the instructions and to the list of acceptable documents, but does not include substantive revisions for completing the Form I-9.


IRS Confirms ACA Mandate Penalties Still Effective

OVERVIEW

The Internal Revenue Service (IRS) Office of Chief Counsel has President Trump’s executive order recently issued several information letters regarding the does not change the law. Affordable Care Act’s (ACA) individual and employer mandate Taxpayers are still required to penalties. These letters clarify that:

** Employer shared responsibility penalties continue to any applicable penalties. apply for applicable large employers (ALEs) that fail to offer acceptable health coverage to their full-time employees (and dependents); and

** Individual mandate penalties continue to apply for individuals that do not obtain acceptable health coverage (if they do not qualify for an exemption).

These letters were issued in response to confusion over President Donald Trump’s executive order directing federal April 14, 2017 agencies to provide relief from the burdens of the ACA.

ACTION STEPS

These information letters clarify that the ACA’s individual June 20, 2017 and employer mandate penalties still apply. Individuals and ALEs must continue to comply with these ACA requirements, The IRS issued a letter clarifying the including paying any penalties that may be owed.

Background

The ACA’s employer shared responsibility rules require ALEs to offer affordable, minimum value health coverage to their full-time employees or pay a penalty. These rules, also known as the “employer mandate” or “pay or play” rules, only apply to ALEs, which are employers with, on average, at least 50 full-time employees, including full-time equivalent employees (FTEs), during the preceding calendar year. An ALE may be subject to a penalty only if one or more full-time employees obtain an Exchange subsidy (either because the ALE does not offer health coverage, or offers coverage that is unaffordable or does not provide minimum value)

The ACA’s individual mandate, which took effect in 2014, requires most individuals to obtain acceptable health insurance coverage for themselves and their family members or pay a penalty. The individual mandate is enforced each year on individual federal tax returns. Individuals filing a tax return for the previous tax year will indicate, by checking a box on their individual tax return, which members of their family (including themselves) had health insurance coverage for the year (or qualified for an exemption from the individual mandate). Based on this information, the IRS will then assess a penalty for each nonexempt family member who doesn’t have coverage.

On Jan. 20, 2017, President Trump signed an executive order intended to “to minimize the unwarranted economic and regulatory burdens” of the ACA until the law can be repealed and eventually replaced. The executive order broadly directs the Department of Health and Human Services and other federal agencies to waive, delay or grant exemptions from ACA requirements that may impose a financial burden. However, the executive order does not include specific guidance regarding any particular ACA requirement or provision, and does not change any existing regulations.

IRS Information Letters

Office of Chief Counsel issued a series of information letters clarifying that the ACA’s individual and employer mandate penalties continue to apply.

Letter numbers 2017-0010 and 2017-0013 address the employer shared responsibility rules. Letter number 2017-0017 addresses the individual mandate.

According to these letters, the executive order does not change the law. The ACA’s provisions are still effective until changed by Congress, and taxpayers are still required to follow the law, including paying any applicable penalties.

More Information

For additional information on the ACA Executive Order and the current tax filing season, please visit:                                https://www.irs.gov/tax-professionals/aca-information-center-for-tax-professionals

 


Senate Rejects Efforts to Repeal the ACA

 

OVERVIEW

In the early morning hours of July 28, 2017, members of the U.S. Senate voted 49-51 to reject a “skinny” version of a bill to repeal and replace the Affordable Care Act (ACA), called the  Health Care Freedom Act (HCFA).

This was the final vote of the Senate’s 20-hour debate period, and effectively ends the Republicans’ current efforts to repeal and replace the ACA. However, the skinny repeal bill may be reintroduced at some point in the future.

IMPACT ON EMPLOYERS

Because the Senate was unable to pass any ACA repeal or IMPORTANT DATES replacement bill, the ACA remains current law, and employers must continue to comply with all applicable ACA  provisions. Following the vote, Senate Majority Leader Mitch McConnell ACA repeal legislation for debate and indicated that Republicans now intend to focus on other amendments. legislative issues, although they remain committed to repealing the ACA. Despite this, the Senate may choose to reintroduce the skinny repeal bill, or pursue their own ACA The Senate rejected a skinny repeal repeal and replacement, in the future.

Legislative Process

Currently, Republicans in both the Senate and the U.S. House of Representatives have been using the budget reconciliation process in their efforts to repeal and replace the ACA. This means that the proposed bills can only address ACA provisions that directly relate to budgetary issues—specifically, federal spending and taxation. As a result, these proposals cannot fully repeal the ACA. Budget reconciliation legislation can be passed by both houses with a simple majority vote. However, a full repeal of the ACA must be introduced as a separate bill that would require 60 votes in the Senate to pass.

On May 4, 2017, the House voted 217-213 to pass the American Health Care Act (AHCA), which is its proposal to repeal and replace the ACA. As a result, the AHCA moved on to the Senate for consideration. In response, the Senate originally drafted the Better Care Reconciliation Act (BCRA) as its own ACA repeal and replacement bill, followed by amendments to the BCRA on July 13, 2017. However, on July 18, 2017, Senate Republicans abandoned the BCRA due to a lack of votes.

Then, on July 25, 2017, the Senate voted 50-50 to open up the AHCA for debate and amendments, with Vice President Mike Pence casting the tie-breaking vote in favor of the measure. As a result of the vote, the Senate began a 20-hour debate period, where amendments would be introduced and voted on in succession. The HCFA was the last amendment that was introduced during the 20-hour debate period.

Overview of the Health Care Freedom Act

Introduced by Senator McConnell, the HCFA is a skinny bill to repeal the ACA. After it was introduced, Senate Democrats moved to commit the bill to the Senate committee on Health, Education, Labor and Pensions (HELP committee), but that motion failed on a 48-52 vote.

Similar to the AHCA and the BCRA, the HCFA would repeal the ACA’s individual and employer mandate penalties, effective Dec. 31, 2015. However, the employer mandate repeal would only be effective through 2024. In addition, the ACA’s reporting requirements under Sections 6055 and 6056 would remain intact.

Introduced by Senator McConnell, the HCFA is a skinny bill to repeal the ACA. After it was introduced, Senate Democrats moved to commit the bill to the Senate committee on Health, Education, Labor and Pensions (HELP committee), but that motion failed on a 48-52 vote.

Similar to the AHCA and the BCRA, the HCFA would repeal the ACA’s individual and employer mandate penalties, effective Dec. 31, 2015. However, the employer mandate repeal would only be effective through 2024. In addition, the ACA’s reporting requirements under Sections 6055 and 6056 would remain intact.

The HCFA would also:

** Extend the moratorium on the medical devices excise tax (from Dec. 31, 2017, to Dec. 31, 2020). However, unlike the AHCA and the BCRA, it would not affect any other ACA taxes;

** Increase the contribution limit for health savings accounts (HSAs) up to the maximum out-of-pocket limits allowed by law for high deductible health plans (at least $6,650 for self-only coverage and $13,300 for family coverage) for 2018 through 2020; and

**Amend the ACA’s existing Section 1332 State Innovation Waivers to add $2 billion in funding for states that submit and implement state innovation waivers, add stricter requirements for the Department of Health and Human Services in approving waivers, and extend waivers to eight years (instead of five), with unlimited renewals.

Congressional Budget Office (CBO) Report

On July 27, 2017, the CBO issued a cost estimate report on the HCFA, estimating that the bill would:

** Reduce the deficit by $135.6 billion;

** Increase the number of uninsured by 15 million; and

** Increase premiums in the individual market by roughly 20 percent relative to the ACA in all years between 2018 and 2026.

Next Steps

Because the Senate was unable to pass any ACA repeal or replacement bill, the ACA remains current law, and employers must continue to comply with all applicable ACA provisions. The Senate’s rejection of the HCFA was the final vote of the Senate’s 20-hour debate period, and effectively ends the Republicans’ current efforts to repeal and replace the ACA.

Following the vote, Senator McConnell indicated that Republicans now intend to focus on other legislative issues, although they remain committed to repealing the ACA. Despite this, the Senate may choose to reintroduce the HCFA, or pursue its own ACA repeal and replacement, in the future.

 


HR Insights to Employee Retention

 

Employee Retention  

It costs nearly 20 percent of an employee’s annual salary to replace a current employee. If you are experiencing high turnover, chances are you are experiencing high losses as well. The costs of reviewing applications, processing  candidates, conducting interviews, training and purchasing equipment for new hires aren’t only monetary—they also cost time and lost productivity.

                        (Over 3 million employees in the United States quit their jobs in March 2017 , according to the Bureau of Labor Statistics)

Given the high cost of losing an employee, retention should be a top priority for every organization. If you do not already have a retention strategy, now is the time to make one. The first step in curbing turnover is figuring out why employees are leaving.

Why Employees Leave

Employees leave organizations for a variety of reasons, depending on their unique circumstances. However, there are some common reasons that may help determine the best retention strategy for your organization. Below are some of the most common reasons employees leave.

  • Stagnation—Employees are often looking for career and personal growth. If they have no upward mobility at your company, they may look for it elsewhere.
  • Pay—Compensation needs to be competitive to attract the best talent. Likewise, good pay is needed to retain top talent. 
  • Workplace culture—Expectedly, co-workers matter to employees. If they feel ostracized or marginalized by co-workers (or management), they will want to leave that environment. 
  • Better opportunities—Like with stagnation, employees leave when they believe they have better prospects elsewhere. This could be due to a higher-paying position or simply a job more aligned with their interests.

How to Retain Employees

Retention strategies are not universal. It is possible that techniques and strategies that work for some organizations will not work for yours. This means you need to analyze why your employees are leaving and strategize how to combat those reasons.

Exit interviews are a great way to analyze why employees are leaving. During exit interviews, managers ask questions to employees who are on their way out of the company. Questions should be related to the employees’ time with the company, such as what they enjoyed, what they disliked and what prompted their resignation. Exit interviews will only be useful with employees who resign or leave voluntarily, not those who have been terminated.

Depending on the responses from the exit interviews, you can begin crafting a retention strategy. For instance, if a main catalyst for employee turnover is a lack of upward mobility, think about how to change that. It could mean creating new roles or, if roles already exist, making a clear guide for career pathing at the organization.

Creating a retention strategy does not need to be solely reactive. Consider creating a survey to gauge employee satisfaction with the company. Include questions about what people like and what they do not like about their job.

Summary

There is no hard and fast rule for successful employee retention. Creating a retention strategy for your organization requires you to analyze both your company and its industry. Contact gente for more information on retention and for materials to help you craft your strategy


U.S. Department of Labor to Publish Request for Information on Overtime Rule

WASHINGTON – The U.S. Department of Labor will publish a Request for Information for the overtime rule on Wednesday, July 26, 2017. The RFI is an opportunity for the public to provide information that will aid the department in formulating a proposal to revise these regulations which define and delimit exemptions from the Fair Labor Standards Act’s minimum wage and overtime requirements for certain employees.

The RFI solicits feedback on questions related to the salary level test, the duties test, varying cost-of-living across different parts of the U.S., inclusion of non-discretionary bonuses and incentive payments to satisfy a portion of the salary level, the salary test for highly compensated employees, and automatic updating of the salary level tests.

The RFI will be published in the Federal Register with a 60-day public comment period. Instructions on submitting public comments are in the RFI. Comments may also be submitted electronically at http://www.regulations.gov.

Click here for a preview copy of the RFI.

OPA & WHD News Release:
07/25/2017
Contact Name:

Edwin Nieves

Phone Number:
Contact Name:

Michael Trupo

Phone Number:
Release Number:
17-1039-NAT

HHS Issues HIPAA Cyber Attack Response Checklist

OVERVIEW

Under the Health Insurance Portability and Accountability Act (HIPAA), a covered entity that experiences a ransomware attack or other cyber-related security incident must take immediate steps to prevent or mitigate any impermissible release of protected health information (PHI).

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a checklist to help HIPAA-covered entities determine the specific steps they must take in the event of a data breach.

This document outlines those steps and provides general information regarding which entities are subject to HIPAA and the type of data that must be protected under the law.

ACTION STEPS

Employers that are subject to HIPAA should become familiar with the OCR’s checklist and other guidance for preventing and responding to cyber security breaches involving PHI. These employers should also ensure that they have procedures and contingency plans in place for responding to and mitigating the effects of any potential breach.

OCR Quick-response Checklist

Has your entity just experienced a ransomware attack or other cyber-related security incident, and you are wondering what to do now? The guide issued by OCR explains, in brief, the steps for a HIPAA covered entity or its business associate (the entity) to take in response to a cyber-related security incident.

In the event of a cyber attack or similar emergency, a covered entity:

o    Must execute its response and mitigation procedures and contingency plans.

For example, the entity should immediately fix any technical or other problems to stop the incident. The entity should also take steps to mitigate any impermissible PHI disclosure. These steps may be performed by the entity’s own information technology staff, or by an outside entity brought in to help (which would be a business associate, if it has access to PHI for that purpose).

 

o    Should report the crime to appropriate law enforcement agencies.

These agencies may include state or local law enforcement, the FBI or the Secret Service. Reports to these agencies should not include PHI unless otherwise permitted under HIPAA. If a law enforcement official tells the entity that any potential breach report would impede a criminal investigation or harm national security, the entity must delay reporting a breach for the time the law enforcement official requests in writing or for 30 days if the request is made orally.

 

o    Should report all cyber threat indicators to federal and information-sharing and analysis organizations (ISAOs).

These organizations may include the Department of Homeland Security, the HHS Assistant Secretary for Preparedness and Response, and private-sector cyber-threat ISAOs. Reports to these organizations should not include PHI. The OCR does not receive these reports from its federal or HHS partners.

 

o    Must report the breach to affected individuals and to the OCR as soon as possible.

o   If a breach affects 500 or more individuals, the covered entity must notify the affected individuals, the OCR and the media no later than 60 days after discovering the breach, unless a law enforcement official has requested a delay in the reporting.

o   If a breach affects fewer than 500 individuals, the entity must notify the affected individuals without unreasonable delay, but no later than 60 days after discovery of the breach, and notify the OCR within 60 days after the end of the calendar year in which the breach was discovered.

Continue reading for more information on various aspects of the HIPAA Security Rule, which was provided by OCR along with the checklist.

HIPAA Covered Entities

HIPAA is a federal law designed in part to protect the privacy of certain health care information known as PHI. In general, the HIPAA privacy and security rules apply to all health plans that provide or pay for the cost of medical care. These include employer-sponsored group health plans, government and church-sponsored health plans, and multi-employer health plans. However, a group health plan with less than 50 participants is not a covered entity if it is administered solely by the employer that established and maintains the plan.

The HIPAA privacy and security rules also apply to business associates of HIPAA-covered entities. A business associate is any vendor that creates, receives, maintains or transmits PHI for or on behalf of a covered entity. This includes vendors that have access to PHI in order to provide information technology-related services to a covered entity. Other activities a business associate may perform on behalf of a covered entity include claims processing, data analysis, utilization review and billing.

Protected Health Information

PHI includes all individually identifiable health information held by covered entities. Information is “individually identifiable” if it identifies, or if there is a reasonable basis to believe it can be used to identify, an individual. This information is PHI if it relates to:

  • The individual’s past, present, or future physical or mental health or condition;
  • The provision of health care to the individual; or
  •  

    For example, PHI includes:

    *Treatment information

    * Billing information

    * Insurance information

    * Contact information

    * Social Security numbers

     

    The past, present or future payment for the provision of health care to the individual.

HIPAA Security Rule

Under HIPAA’s Security Rule, a “security incident” is defined as the attempted or successful unauthorized access, use, disclosure, modification or destruction of information, or interference with system operations in an information system. The Security Rule requires covered entities to:

Identify and respond to suspected or known security incidents;

Mitigate, to the extent practicable, harmful effects of security incidents that are known to the entity;

*     Document security incidents and their outcomes; and

*     Establish and implement contingency plans, including data backup plans, disaster recovery plans and emergency mode operation plans.

Reportable Incidents and Indicators

Text Box: A security incident may not be reportable if the affected covered entity:  
•	Encrypted the information at the time of the incident; or
•	Determines, through a written risk assessment, that there was a low probability that the information was compromised during the breach. 
HIPAA regulations also require covered entities to report certain cyber-related security incidents to affected individuals, the OCR and other agencies. In general, a reportable breach occurs anytime PHI was accessed, acquired, used or disclosed.

Certain “cyber threat indicators” may be reportable under the Cybersecurity Information Sharing Act (CISA) as well. CISA describes cyber threat indicators as information that is necessary to describe or identify any of the following:

  • *    * Malicious reconnaissance;
  • *   *  Methods of defeating a security control or exploitation of a security vulnerability;
  • *    * A security vulnerability;
  • *   *  Methods of causing a user with legitimate access to defeat a security control or exploitation of a security  vulnerability;
  • *    * Malicious cyber command and control;
  • *   *  A description of actual or potential harm caused by an incident; or

*     Any other attribute of a cyber security threat, if disclosure of such attribute is not prohibited by law. 

Enforcement and Liability

Under HIPAA’s Enforcement Rule, the OCR may assess civil money penalties of up to $1,677,299 per violation, per year, against a covered entity that fails to properly protect PHI. In determining the amount of an applicable penalty, the OCR may consider all mitigation efforts taken by a covered entity during any particular cyber security breach investigation. A covered entity’s mitigation efforts may include voluntary sharing of breach-related information with law enforcement agencies and other federal and analysis organizations.

In addition, the CISA provides liability protection to entities that monitor information systems or share or receive indicators or defensive measures in a manner consistent with the HHS sharing process.

Therefore, covered entities should ensure that their procedures for protecting PHI meet HIPAA standards and should take the steps outlined in the above OCR checklist in the event of a cyber security incident involving PHI.