Client Alert from the Employee Benefits & Executive Compensation practice

May 14, 2009

Health Plan Documents Must be Updated Immediately to Comply with SCHIP Program

As we reported to you here in February, the new Children’s Health Insurance Program Reauthorization Act of 2009 funds and expands the State Children’s Health Insurance Program (SCHIP).

Beginning April 1, 2009, this law adds two “HIPAA Special Enrollment” events.  The first event is termination of Medicaid or SCHIP coverage due to ineligibility.  The second is becoming eligible for premium assistance in the employer’s group health plan under a Medicaid or SCHIP program.  Both of these events come with a 60-day notification period.

REMINDER:  While the effective date for document compliance has passed, employers that have not yet done so still need to amend their health plan and cafeteria plan documents as soon as possible. 

The new law also adds corresponding notice and disclosure obligations.  However, employers are not required to distribute any notices until the DOL issues model notices, which are due within a year.

New HIPAA Rules Require Business Associate Contract Changes

The Health Information Technology for Economic and Clinical Health Act (HITECH) provisions of the American Recovery and Reinvestment Act of 2009 (ARRA) include important changes in the HIPAA privacy rules related to a group health plan’s business associates. Administrative, physical, and technical safeguards, and policy, procedure, and documentation requirements of HIPAA’s Administrative Simplification Security Rule will apply to a business associate of a group health plan in the same manner that they apply to the plan itself.  These changes become effective one year after enactment of ARRA-that is, on February 17, 2010.

Application of the Security Rule to business associates of covered entities is a significant change.  Previously, if there was a breach involving a business associate of which the group health plan was aware, the covered entity (the plan) could just terminate the contract if the breach was not remedied.  Responsibility and liability rested with the group health plan.  With the change made by HITECH, the business associate now has responsibility and liability directly for a breach.  A breach requires notification, which is triggered when there is an incident of “unsecured protected health information.”

We are happy to assist employers in notifying their group health plan’s business associates of the security rule, notification, and enforcement penalty changes in HITECH, and to begin working on revisions to business associate contracts to reflect the changes.

A Waiver is Not a Waiver, Unless It is Knowing and Voluntary

Plan administrators beware.  A court has recently held that a joint and survivor annuity waiver that otherwise satisfies ERISA’s and the Internal Revenue Code’s waiver requirements can be challenged by a surviving spouse if the plan representative knew that the participant and his spouse did not understand the documents they were signing, and the plan representative failed to fully explain the nature of the waiver.  In Canestri v. NYSA-ILA Pension Trust Fund, the District Court of New Jersey denied the Fund’s motion for summary judgment and held that the trial court could find that the plan representative had breached a fiduciary duty.  Here, the plan representative knew that the participant was terminally ill, but failed to explain to the participant’s spouse that a waiver of a joint and survivor annuity meant that she would not receive a pension after the participant’s death.  In that case, the trial court could invalidate the waiver because it was not knowing and voluntary.

A copy of the opinion can be viewed here.

New 401(k) Disclosure Bill Introduced

House Democrats recently introduced new legislation that, if passed, would require additional disclosure regarding fees charged to plans and plan participants.  Applicable to individual account plans, the 401(k) Fair Disclosure for Retirement Security Act of 2009 (HR 1984) would impose detailed disclosure of plan fees and change the requirements of ERISA Section 404(c). Some of the bill’s provisions include:

  • Requiring that all fees (as a single number) charged against a participant’s account be included in the participant’s quarterly benefit statement;
  • Requiring service providers break down fees charged on all investment options into four categories: administrative fees, investment management fees, transaction fees, and other fees;
  • Requiring plan administrators offer at least one unmanaged or passively managed low-cost index fund to plan participants in order to receive 404(c) protection;
  • Requiring service providers disclose financial relationships to make sure there are no conflicts of interest; and
  • Giving the U.S. Department of Labor the authority to enforce new disclosure rules and to fine service providers who violate them.

We will keep close watch on the bill as it progresses through Congress.  A copy of HR 1984 can be found here.

Final Auto Enrollment Regulations Are Here

The Pension Protection Act of 2006 added new Code sections 401(k)(13) and 401(m)(12) to expressly permit automatic contribution arrangements to individual account plans.  The Internal Revenue Service has now released its final regulations relating to these arrangements.  These regulations differ from the proposed regulations issued last year and will significantly impact plan administration and require notification to participants and beneficiaries of 401(k) plans and other eligible plans that include an automatic contribution or automatic enrollment provision. The regulations are generally effective on February 24, 2009.  However, some portions of the regulations may be applied retroactively to plan years beginning on or after January 1, 2008, and other portions will not be applicable until plan years that begin after January 1, 2010.  Good-faith compliance is required for plan years beginning in 2008.

The final regulations may be viewed here.