12 Steps Businesses Should Take Now To Manage Health Plan Risks

The Supreme Court's ruling upholding the individual mandates of the Affordable Care Act means that employers need to update their health plans to comply with current federal requirements, as well as begin preparing to cope with radical changes in their health plan-related responsibilities scheduled to take effect in 2014.

August 1 marked the effective date of yet another Patient Protection & Affordable Care Act (Affordable Care Act) mandate: the controversial contraceptive coverage and other women's health preventive coverage benefits mandates.

Although many new Affordable Care Act and other federal health benefit requirements have taken effect over the past two years, few employer plans are updated adequately. In some cases, businesses made deliberate decisions to delay updates pending the Supreme Court's ruling on the validity of the law. More commonly, however, many businesses continue to risk excise tax and other liability for noncompliant health plans because the management incorrectly assumes that health insurer, self-insured health plan vendors or other health plan service providers adequately address these issues.

Regardless of the reason, the Supreme Court's June 28, 2012 National Federation of Independent Business v. Sebelius ruling upholding the individual mandates of the Affordable Care Act means that employers need to get moving to update their health plans to comply with current federal requirements, as well as begin preparing to cope with radical changes in their health plan related responsibilities scheduled to take effect in 2014.

While anticipating and preparing to cope with these future changes health plan sponsors, fiduciaries, administrators and advisors need to manage the substantial and growing health plan related costs and liabilities that the sponsorship or administration of an employee health plan between now and 2014 is likely to create for their company and its management. Consequently, while planning for 2014, employers sponsoring health plans and their management, insurers, administrators and vendors must act now to update and administer their group health plans timely to comply with the requirements of the Affordable Care Act and other federal rules that have, or in coming months will, take effect pending the law's full rollout in 2014.

For most health plans, these steps should include the following:

1. Know The Cast Of Characters & What Hat(s) (Including You) They Wear & Prudently Select, Contract With & Monitor Them To Manage Risks

Employers and their management rely upon many vendors and advisors and assumptions when making plan design and risk management decisions. Many times, employer and members of their management unknowingly assume significant risk because of misperceptions about these allocations of duties and operational and legal accountability. A correct understanding of these roles and responsibilities is the foundation for knowing where the risks come from, who and to what extent a business or its management can rely upon a vendor or advisor to properly design and administer a health plan or carry out related obligations, what risks cannot be delegated, and how to manage these risks.

Under the Employee Retirement Income Security Act (ERISA), party or parties that exercise discretion or control over health plan administration, funds or certain other matters are generally called "fiduciaries." Fiduciaries generally are personally liable for prudently and appropriately administering their health plan related responsibilities prudently in accordance with ERISA and other applicable laws and the plan terms. Knowing who is acting as a fiduciary and understanding those duties and liabilities and how to manage these risks significantly affects the exposure that an employer or member of its management risks as a result of an employer's sponsorship in a group health plan or other employee benefit program. Also, knowing what duties come first and how to prove that the fiduciary did the right thing is critical to managing risks when an individual who has fiduciary responsibilities under ERISA also has other responsibilities in the management of the sponsoring employer, a vendor or elsewhere that carries duties or interests that conflict with his health plan related fiduciary duties.

The plan sponsor or members of its leadership, a service provider or members of their staff generally may be a fiduciary for purposes of ERISA if it either is named as the fiduciary, it functionally exercises the discretion to be considered a fiduciary, or it otherwise has discretionary power over plan administration or other fiduciary matters. Many plan sponsors and their management unwittingly take on liability that they assume rests with an insurer or service provider because the company or members of its management are named as the plan administrator or named fiduciary with regard to duties that the company has hired an insurer or service provider to provide or allowed that service provider to disclaim fiduciary or discretionary status with regard to those responsibilities. Also, by not knowing who the fiduciaries are, plans and their fiduciaries often fail to confirm the eligibility of all parties serving as fiduciaries, to arrange for bonding of service providers or fiduciaries as required to comply with Title I of ERISA. Failing to properly understand when the plan sponsor, member of its management or another party is or could be a fiduciary can create unnecessary and unexpected risks and lead to reliance upon vendors who provide advice but leave the employer holding the bag for resulting liability.

In addition to fiduciary status, employer and other plan sponsors also need to understand the additional responsibilities and exposures that the employer bears as a plan sponsor. Beyond contractual and fiduciary liabilities, federal law increasingly imposes excise tax or other liability for failing to maintain legally compliant plans, file required reports, provide required notifications or fulfill other requirements. The Affordable Care Act, the Internal Revenue Code, the Social Security Act, the Privacy, Security, and Administrative Simplification For instance, the Health Insurance Portability & Accountability Act (HIPAA) and various other federal laws also impose certain health plan related obligations and liabilities on employer or other health plan sponsors and other parties. The Internal Revenue Service interprets Internal Revenue Code § 6039D as obligating employers sponsoring health plans that violate these and certain other federal health plan rules to self-identify, self-report, and self-assess and pay excise and other taxes due under the Internal Revenue Code as a result of this non-compliance. Knowing what everyone's roles and responsibilities are is a critical first step to properly understanding and managing health plan responsibilities and related risks.

An accurate understanding of the risks and who bears them is critical to understand the risks, opportunities to mitigate risk through effective contracting or other outsourcing, when outsourcing does not effectively transfer risks, where to invest resources for contract, plan or process review and changes or other risk management, and where to expect costs and risks and implement processes and procedures to deal with risks that cannot be outsourced or managed.

2. Know What Rules Apply To Your Plan, The Sponsoring Employer, The Plan Its Fiduciaries & Plan Related Vendors & How This Impacts You & Your Group Health Plan

The requirements and rules impacting health plans and their liabilities have undergone continuous changes. Amid these changing requirements, health plans, their sponsors, fiduciaries, insurers, and service providers often may not have kept their knowledge, much less their plan documents, summary plan descriptions and other communications, administrative forms and procedures and other materials and practices up to date. These requirements and their compliance and risk management significance may vary depending upon whether the reviewing or regulated party is the plan, its sponsor, fiduciary, insurer or services in some other rules; how the plans are arranged and documented, the risk and indemnification allocations negotiated among the parties, the risk tolerance of the party, and other factors. Proper understanding of these rules and their implications is critical to understand and manage the applicable risks and exposures.

3. Review & Update Health Plan Documents, SPDs & Other Communications, Administrative Forms & Procedures, Contracts & Processes To Meet Requirements & Manage Exposures

Timely updating written plan documents, communications and administration forms, administrative practices, contracts and other health plan related materials processes and procedures has never been more critical.

Federal law generally requires that health plans be established, maintained and administered in accordance with legally compliant, written plan documents and impose a growing list of standards and requirements governing the design and administration of these programs. In addition, ERISA, the Internal Revenue Code, the Social Security Act, federal eligibility and coverage continuation mandates of laws like the Consolidated Omnibus Budget Reconciliation Act (COBRA), the Health Insurance Portability & Accountability Act, the Family & Medical Leave Act, Michelle's Law and others require that health plan administrators or sponsors communicate plan terms and other relevant information to participants and beneficiaries.

Failing to update documents, communications, administrative forms and processes and other materials and practices can unleash a host of exposures. Among other things, noncompliant plans, communications and practices can trigger unanticipated costs and liabilities by undermining the ability to administer plan terms and conditions. They also may expose the plan, plan fiduciaries and others to lawsuits, administrative enforcement and sanctions and other enforcement liabilities.

Beyond these exposures, employers who sponsor group health plans that violate certain federal group health plan mandates have a duty to self-report certain regulatory plan failures and pay excise taxes where such failures are not corrected in a timely fashion once discovered, or are due to willful neglect. Internal Revenue Code Section 6039D imposes excise taxes for failure to comply with health care continuation (COBRA) , health plan portability (HIPAA), genetic nondiscrimination (GINA), mental health parity (MHPAEA) , minimum hospital stays for newborns and mothers (Newborns' and Mothers' Health Protection Act), coverage of dependent students on medically necessary leaves of absence (Michelle's Law), health savings account (HSA) and Archer medical savings account (Archer MSA) contribution comparability and various other federal requirements incorporated into the Internal Revenue Code. Since 2010, Internal Revenue Service regulations have required employers sponsoring group health plans not complying with mandates covered by Internal Revenue Code Section 6039D to self-report violations and pay related excise taxes. Under these regulations, the sponsoring employer (or in some cases, the insurer, HMO or third-party administrator) must report health plan compliance failures annually on IRS Form 8928 ("Return of Certain Excise Taxes Under Chapter 43 of the Internal Revenue Code") and self-assess and pay resulting excise taxes. The potential excise tax liability that can result under these provisions can be significant. For example, COBRA, HIPAA, and GINA violations typically carry excise tax liability of $100 per day per individual affected. Compliance with applicable federal group health plan mandates is critical to avoid these excise taxes as well as other federal group health plan liabilities.

For the purpose of deciding what and how much to do, it is critical to keep in mind the devil is in the details. Not only must the documentation meet all technical mandates, the language, its clarity and specificity, and getting the plan document to match the actual processes that will be used to administer the plan and ensuring that the plan documents and processes match the summary plan description, summary of benefits and coverage, administrative forms and documentation and other plan communications and documentation in a legally compliant way significantly impacts the defensibility of the plan terms and the cost that the plan, its sponsor and fiduciaries can expect to incur to defend it.

4. Update & Tighten Claims and Appeals Plan & SPD Language, EOBs & Other Notifications, Processes, Contracts & Other Practices For Changing Compliance Requirements & Enhanced Defensibility

Proper health plan claims and appeals plan and summary plan description language, procedures, processing, notification and documentation is critical to maintain defensible claims and appeals decisions required to enforce plan terms and manage claims denial related liabilities and defense costs. Noncompliance with these requirements may prevent health plans from defending their claims or appeals denials, expose the plan administrator and plan fiduciaries involved or responsible for these activities to penalties, prompt unnecessary lawsuits, Labor Department enforcement or both; and drive up plan administration costs.

Unfortunately, most group health plans, their insurers and administrators need to substantially strengthen their plan documentation; handling; timeliness; notifications and other claims denials; and other claims and other appeals processes and documentation to meet existing regulations and otherwise strengthen their defensibility. Among other things, existing court decisions document that many plans existing plan documents, summary plan descriptions and explanations of benefits, claims and appeals investigations and documentation and notifications often need improvement to meet the basic plan document, summary plan description and reasonable claims rules of the plan document, summary plan description, fiduciary responsibility, reasonable claims and appeals procedures of ERISA and its implementing regulations. Court precedent shows that inadequate drafting of these provisions, as well as specific provisions coverage and benefit provisions frequently undermines the defensibility of claims and appeals determinations. In addition to requiring that claims be processed and paid prudently in accordance with the terms of written plan documents, ERISA also requirements that plan fiduciaries decide and administer claims and appeals in accordance with reasonable claims procedures. Although the Labor Department updated its regulations implementing this reasonable claims and appeals procedure requirement more than 10 years ago, the Department of Labor updated its ERISA claims and appeals regulations to include detailed health plan claims and appeals requirements, many group health plans, their administrators and insurers still have not updated their health plans, summary plan descriptions, claims and appeals notification, and claims and appeals procedures to comply with these requirements. The external review and other detailed additional requirements that the Affordable Care Act dictates that group health plans not grandfathered from its provisions and its provisions holding these non-grandfathered plans strictly liable for deficiencies in their claims and appeals procedures makes the need to address inadequacies even more imperative for those non-grandfathered group health plans. Inadequate attention to these concerns can force a plan to pay benefits for claims otherwise not covered as well as other defense costs and penalties.

5. Consistency Matters: Build Good Plan Design, Documentation & Processes, Then Follow Them.

Defensible health plan administration starts with the building and adopting strong, legally compliant plan terms and processes that are carefully documented and communicated in a prudent, legally compliant way. The next key is to actually use this investment by conducting plan administration and related operations consistent with the terms and allocated responsibilities to administer the plan in a documented, legally compliant and prudent manner. Good documentation and design on the front end should minimize ambiguities in the meaning of the plan and who is responsible for doing what when. With these tools in place, delays and other hiccups that result from confusion about plan terms, how they apply to a particular circumstance or who is responsible for doing what, when should be minimized and much more easily resolved by timely, appropriate action by the proper responsible party. This facilitation of administration and its consistency can do much to enhance the defensibility of the plan and minimize other plan related risks and costs.

6. Ensure Correct Party Carefully Communicates About Coverage and Claims in Compliant, Timely, Prudent, Provable Manner

Having the proper party respond to claims and inquiries in a compliant, timely, prudent manner is another key element to managing health plan risk and promoting enforceability. Ideally, the party appointed to act as the named fiduciary for purposes of carrying out a particular function also should conduct all plan communications regarding that function in terms that makes clear its role and negates responsibility or authority of others. When an employer or other plan sponsor goes to the trouble to appoint a committee, service provider or other party to serve as the named fiduciary then chooses to communicate about the plan anyway, the Supreme Court in FMC v. Halliday made clear it runs the risk that the plan related communications may be considered discretionary fiduciary conduct for which it may be liable as a functional fiduciary. Meanwhile, these communications by non-fiduciaries also may create binding obligations upon the plan and its named fiduciaries to the extent made by a plan sponsor or conducted by a staff member or service provider performing responsibilities delegated by the plan fiduciary. Beyond expanding the scope of potential fiduciaries, communications conducted by nonfiduciaries also tend to create defensibility for many other reasons. For instance, allowing unauthorized parties to perform plan functions may not comport with the plan terms, and are less likely to create and preserve required documentation and follow procedures necessary to promote enforceability. Also, the communications, decisions and other actions by these non-fiduciary actors also are unlikely to qualify for discretionary review by the courts because grants of discretionary authority, if any in the written plan document to qualify the decisions of the named fiduciary for deferential review by courts typically will not extend to actions by these non-fiduciary parties. Furthermore, the likelihood that the communication or other activity conducted will not comply with the fiduciary responsibility or other requirements governing the performance of the plan related functions is significantly increased when a plan sponsor, service provider, member of management, or other party not who has not been appointed or accepted the appointment act as a named fiduciary undertakes to speak or act because that party very likely does not accept or fully appreciate the potential nature of its actions, the fiduciary and other legal rules applicable to the conduct, and the potential implications for the non-fiduciary actor, the plan and its fiduciaries.

7. Design and Implement Updated, Properly Secured Payroll, Enrollment, Eligibility and Other Data Collection Features To Meet New Requirements and Prepare For Added Affordable Care Act Data Gathering and Reporting Requirements.

Existing and impending Affordable Care Act mandates require that group health plans, their sponsors collect, maintain and administer is exploding. Existing eligibility mandates, for example, already require that plans have access to a broad range of personal indentifying, personal health and a broad range of other sensitive information about employees and dependents who are or may be eligible for coverage under the plan. While employers and their health plans historically have collected and retained the names, place of residence, family relationships, social security number, and other similar information about employees and their dependents, these data collection, retention and reporting requirements have and will continued to expand dramatically in response to evolving legal requirements. Already, health plans also from time to time need employee earnings, company ownership, employment status, family income, family, medical, military, and school leave information, divorce and child custody, enrollment in Medicare, Medicaid and other coverage and a broad range of other additional information. Under the Affordable Care Act, these data needs will explode to include a whole new range of information about total family income, availability and enrollment in other coverage, cultural and language affiliations, and many other items. Collecting, retaining and deploying this information will be critical to meeting existing and new plan administration and reporting requirements. How this data collection is conducted, shared, safeguarded against misuse or other legally sensitive contact by the employer, service providers, the plan and others will be essential to mitigate exposures to federal employment and other nondiscrimination, HIPAA and other privacy, fiduciary responsibility and other legal risks and obligations. To the extent that payroll providers, third party administrators or other outside service providers will participate in the collection, retention, or use of this data, time also should be set aside both to conduct due diligence about their suitability, as well as to negotiate the necessary contractual arrangements and safeguards to make their involvement appropriate. Finally, given the highly sensitive nature of this data, employers, health plans and others that will collect and use this data will need to implement appropriate safeguards to prevent and monitor for improper use, access or disclosure and to conduct the necessary training to suitably protect this data.

8. Monitor, Assess Implications & Provide Relevant Input to Regulators About Emerging Requirements & Interpretive Guidance Implementing 2014 Affordable Care Act & Other Mandates.

While the Supreme Court's decision upholds the constitutionality of the Affordable Care Act's individual mandates, many opportunities to impact its mandates remain. Beyond the highly visible, continuing and often heated debates ranging in Congress and the court of public opinion concerning whether Congress should modify or repeal its provisions, a plethora of regulatory interpretations issued or impending release by the implementing agencies, the Internal Revenue Service, Department of Health & Human Services, Department of Labor and state insurance regulators will significantly impact what requirements and costs employers, insurers, individuals and governments will bear when the law takes effect. Businesses sponsoring health plans should carefully scrutinize this regulatory guidance and provide meaningful, timely input to Congress, the regulators or both as appropriate to help influence the direction of regulatory or Congressional actions that would materially impact these burdens.

9. Help Employees & Their Families Build Their Health Care Coping Skills With Training & Supportive Tools

Whether or not your company plans to continue to sponsor employee health coverage after 2014, providing training and tools to help employees and their families strengthen their ability to understand and manage their health, health care needs and benefits can pay big dividends. Beyond the financial costs to employees and employers of paying to care for a serious illness or injury, productivity also suffers while employees dealing with their own or a family member's chronic or serious health care condition. Wellness programs that encourage and support the efforts of employees and their families to stay healthy may be one valuable part of these efforts. Beyond trying to prevent the need to cope with illness behind wellness programs, however, opportunities to realize big financial, productivity and benefit value recognition rewards also exist in the too often overlooked opportunity to provide training, education and tools that employees and their families need to better understand and self-manage care, benefits, finances and life challenges that commonly arise when dealing with their own or a family member's illness. Providing education, tools and other resources that can help employees access, organize and effectively use health care and benefit information to manage care and the consequences of illness, their benefits and how to use them, to take part more effectively in care and care decisions, to recognize and self-manage financial, lost-time and other challenges associated with the illness not addressable or covered by health benefit programs, and other practical skills can help reduce lost time and other productivity impacts while helping employees and their families get the most out of the health care dollars spent.

10. Pack Your Parachute & Locate The Nearest Exit Doors

With the parade of expenses and liabilities associated with health plans, businesses sponsoring health plans and the management, service providers and others involved in their establishment, continuation, maintenance or administration are well advised to pack their survival kit and develop their exit strategies to position to soften the landing in case their health plan experiences a legal or operational disaster.

Employers and other health plan sponsors and fiduciaries typically hire and rely upon a host of vendors and advisors to design and administer their health plans. When selecting and hiring these service providers, health plan sponsors and fiduciaries are well-advised to investigate carefully their credentials as well as require the vendors to provide written commitments to stand behind their advice and services. Too often, while these service providers and advisors encourage plan sponsors and fiduciaries to allow the vendor to lead them or even handle on an ongoing basis plan administration services by touting their services, experience, expert systems and process and commitment to stand behind the customer when making the sale or encouraging reliance upon their advice when tough decisions are made, they rush to stand behind exculpatory and on-sided indemnification provisions in their service contracts to limit or avoid liability, demand indemnification from their customer or both when things go wrong. While ERISA may offer some relief from certain of these exculpatory provisions under some circumstances, plan sponsors and fiduciaries should work to credential service providers and require service providers to commit to being accountable for their services by requiring contracts acknowledge all promised services and standards of quality, require vendors to commit to provide legally compliant and prudently designed and administered services that meet or exceed applicable legal requirements, to provide liability-backed indemnification or other protection for damages and costs resulting from vendor imprudence or malfeasance, to allow for contract termination if the vendor becomes unsuitable for continued use due to changing law or other circumstances and requiring the vendor to return data and other documentation critical to defend past decisions and provide for ongoing administration. Keep documentation about advice, assurances and other relevant evidence received from vendors which could be useful in showing your company's or plan's efforts to make prudent efforts to provide for the proper administration of the plan. When concerns arise, use care to investigate and redress concerns in a timely, measured fashion which both shows the prudent response to the concern and reflects sensitivity to the fiduciary and other roles and responsibilities of the employer sponsor and other parties involved.

11. Get Moving Now On Your Compliance & Risk Management Issues.

Since many compliance deadlines already have past and the impending deadlines allow plan sponsors and fiduciaries limited time to finish arrangements, businesses, fiduciaries and their service providers need to get moving immediately to update their health plans to meet existing and impending compliance and risk management risks under the Affordable Care Act and other federal laws, decisions and regulations.

12. Monitor, Assess Implications & Provide Relevant Input to Regulators About Emerging Requirements & Interpretive Guidance Implementing 2014 Affordable Care Act & Other Mandates.

While the Supreme Court upheld the individual mandate, employer and other health plan sponsors, Congress continues to debate changes to the Affordable Care Act and other federal health plan rules. Meanwhile, significant opportunity still exists to provide input to federal and state regulators on many key aspects of the Affordable Care Act and its relationship to other applicable laws even as court challenges to contraceptive coverage and other specific requirements are emerging. Businesses and other health plan sponsors, plan fiduciaries, insurers and administrators, and other vendors must stay involved and alert. Zealously monitor new developments and share timely input with Congress and regulators about existing and emerging rules that present concerns and other opportunities for improvement even as you position to respond to these rules before they become fully implemented.

Read More