From Benefits Law Journal, Summer 2014 Issue. This article covers:
- What Triggers a Plan Audit?
- DOL Audits of Health and Pension Plans
- IRS Audits of Pension and Retirement Plans
- HIPAA Privacy and Security Audits
- How Can a Plan Sponsor Best Be Fortified
to Withstand an Audit?
- What Should a Plan Sponsor Do?
- TrailBlazer, a Medicare contractor, claimed $319 million in administrative costs from 2004-2008 to process Medicare claims.
- The OIG audited TrailBlazer's cost proposals to determine if the claimed costs were allowable under federal requirements.
- The OIG found that all administrative costs TrailBlazer claimed over the audit period were allowable, reasonable, and allocable according to federal regulations and the Medicare contract. The report contained no recommendations.
Audit Alert: How to Keep Your Benefits Plans in Good OrderCBIZ, Inc.
Can your benefit plans withstand scrutiny from the Department of Labor, the Internal Revenue Service or Treasury Department, the Department of Health and Human Services, or simply from your own internal auditors? Don’t wait to learn the hard way (think penalties for noncompliance). Read along for a closer look at what you need to know to measure up in case the auditor comes knocking. Part of the 2016 CBIZ B & I Webinar Series.
TrailBlazer claimed Medicare Part B administrative costs in accordance with Federal requirements. An audit of TrailBlazer's cost proposals for the period of October 2008 through March 2011 found that the $24,425,018 in claimed costs were reasonable, allowable, and allocable based on Federal Acquisition Regulation Part 31 and TrailBlazer's contract with CMS. The audit activities included reconciling cost proposals to accounting records, analytical tests, sampling expenses, and ensuring costs were allowable, allocable, and reasonable.
The Hawai'i Health Connector board's inadequate planning led to an unsustainable health exchange. The board failed to finalize a strategic plan and could not agree on what the exchange should be. As a result, operating costs were too high for Hawai'i's small uninsured population. Additionally, the Connector did not properly procure and manage IT contracts, circumventing procurement policies. This put $204 million in federal grants at risk due to questionable costs and lack of compliance with regulations. The audit found Hawai'i enrolled less than 15% of its enrollment target, ranking it 46th nationally for exchange participation.
This document discusses corporate compliance programs and fraud and abuse laws. It defines compliance as adhering to statutes and regulations to prevent unjust enrichment and privacy breaches. Fraud involves false representations while abuse involves improper practices that waste resources. Key laws discussed include the False Claims Act, Anti-Kickback Statute, Stark Law, and Civil Monetary Penalties. The document also outlines the roles of various government agencies in combating healthcare fraud and abuse.
HIPAA compliance report submitted to Congress by DHHS OCRDavid Sweigert
This document is an annual report submitted by the U.S. Department of Health and Human Services to Congress summarizing enforcement of the HIPAA Privacy, Security, and Breach Notification Rules for calendar years 2011 and 2012. It provides an overview of the complaint resolution process and enforcement actions taken. From 2003 to 2012, OCR received over 77,000 complaints and resolved over 70,000. The majority of complaints involved impermissible uses and disclosures of protected health information and lack of safeguards. OCR's enforcement actions have focused on obtaining voluntary compliance and corrective action from covered entities.
The document discusses several of the Department of Labor's national enforcement projects and regional enforcement projects for FY 2016. The national projects focus on areas like contributory plans, health benefits, ESOPs, and prohibited persons. The regional project for New York focuses on alternative investments and valuations. The document also summarizes an interpretive bulletin on economically targeted investments and fiduciary duties when considering non-economic factors.
- TrailBlazer, a Medicare contractor, claimed $319 million in administrative costs from 2004-2008 to process Medicare claims.
- The OIG audited TrailBlazer's cost proposals to determine if the claimed costs were allowable under federal requirements.
- The OIG found that all administrative costs TrailBlazer claimed over the audit period were allowable, reasonable, and allocable according to federal regulations and the Medicare contract. The report contained no recommendations.
Audit Alert: How to Keep Your Benefits Plans in Good OrderCBIZ, Inc.
Can your benefit plans withstand scrutiny from the Department of Labor, the Internal Revenue Service or Treasury Department, the Department of Health and Human Services, or simply from your own internal auditors? Don’t wait to learn the hard way (think penalties for noncompliance). Read along for a closer look at what you need to know to measure up in case the auditor comes knocking. Part of the 2016 CBIZ B & I Webinar Series.
TrailBlazer claimed Medicare Part B administrative costs in accordance with Federal requirements. An audit of TrailBlazer's cost proposals for the period of October 2008 through March 2011 found that the $24,425,018 in claimed costs were reasonable, allowable, and allocable based on Federal Acquisition Regulation Part 31 and TrailBlazer's contract with CMS. The audit activities included reconciling cost proposals to accounting records, analytical tests, sampling expenses, and ensuring costs were allowable, allocable, and reasonable.
The Hawai'i Health Connector board's inadequate planning led to an unsustainable health exchange. The board failed to finalize a strategic plan and could not agree on what the exchange should be. As a result, operating costs were too high for Hawai'i's small uninsured population. Additionally, the Connector did not properly procure and manage IT contracts, circumventing procurement policies. This put $204 million in federal grants at risk due to questionable costs and lack of compliance with regulations. The audit found Hawai'i enrolled less than 15% of its enrollment target, ranking it 46th nationally for exchange participation.
This document discusses corporate compliance programs and fraud and abuse laws. It defines compliance as adhering to statutes and regulations to prevent unjust enrichment and privacy breaches. Fraud involves false representations while abuse involves improper practices that waste resources. Key laws discussed include the False Claims Act, Anti-Kickback Statute, Stark Law, and Civil Monetary Penalties. The document also outlines the roles of various government agencies in combating healthcare fraud and abuse.
HIPAA compliance report submitted to Congress by DHHS OCRDavid Sweigert
This document is an annual report submitted by the U.S. Department of Health and Human Services to Congress summarizing enforcement of the HIPAA Privacy, Security, and Breach Notification Rules for calendar years 2011 and 2012. It provides an overview of the complaint resolution process and enforcement actions taken. From 2003 to 2012, OCR received over 77,000 complaints and resolved over 70,000. The majority of complaints involved impermissible uses and disclosures of protected health information and lack of safeguards. OCR's enforcement actions have focused on obtaining voluntary compliance and corrective action from covered entities.
The document discusses several of the Department of Labor's national enforcement projects and regional enforcement projects for FY 2016. The national projects focus on areas like contributory plans, health benefits, ESOPs, and prohibited persons. The regional project for New York focuses on alternative investments and valuations. The document also summarizes an interpretive bulletin on economically targeted investments and fiduciary duties when considering non-economic factors.
CMS has announced a delay in enforcing requirements for health plans to obtain and use Health Plan Identifiers (HPIDs) in transactions by the November 2014 deadline. This is due to a recommendation from an advisory committee that there is no clear need for HPIDs and replacing the existing payer ID system currently used would be disruptive. The delay allows HHS time to review changes to the HPID regulations regarding use in transactions and certification. Health plans should suspend applying for HPIDs until further guidance, but other HIPAA requirements remain in effect.
You Ought To Know April 8 2014 - HHS Guidance on Health Plan Identifier and P...Annette Wright, GBA, GBDS
The document discusses HHS guidance on health plan identifiers (HPIDs) and plan certification requirements under HIPAA. It provides the following key points:
- Health plans must obtain an HPID by November 2014 (large plans) or 2015 (small plans) and use it in electronic transactions by November 2016.
- Health plans must obtain and submit two certifications to HHS attesting to compliance with standard electronic transactions by December 2015 (large plans) or 2016 (small plans).
- Proposed regulations provide limited guidance on the certification process and many questions remain unanswered until final regulations are issued.
Cscu module 12 information security and legal complianceSejahtera Affif
Two recent watchdog reports call for increased enforcement of HIPAA's security standards and the inclusion of more security requirements in EHR programs. Additionally, two cases suggest the US has entered an era of more stringent enforcement of HIPAA's privacy and security standards, with the HHS imposing civil penalties for the first time, including a $4.3 million penalty.
Everything You Need To Know About DOL Auditsbenefitexpress
The document discusses Department of Labor audits of employer health plans to ensure compliance with the Affordable Care Act. It notes that the DOL has begun requesting audited plans prove compliance with various ACA requirements. It recommends that plan sponsors prepare for audits by documenting compliance efforts, retaining all relevant records, and having agreements with third parties to provide necessary records if audited. Failure to comply with the ACA could result in fines or lawsuits. The document also discusses ongoing DOL audits more generally and provides tips for dealing with an audit, such as educating oneself on requirements and having a plan to efficiently provide requested documents.
The UPIC program aims to simplify and strengthen Medicaid integrity by replacing Zone Program Integrity Contractors with United Program Integrity Contractors to conduct unified audits across Medicare, Medicaid, and other federal health programs; UPICs will focus on identifying fraudulent providers, strengthening oversight of state financial policies, and collaborating between federal and state agencies to combat fraud, waste, and abuse. Providers can expect increased scrutiny of billing practices and medical records from UPIC audits starting in 2018.
Health Reform Bulletin – Completing the Transitional Reinsurance Fee Form CBIZ, Inc.
information on the release of Transitional Reinsurance reporting forms by the CMS Center for Consumer Information and Insurance Oversight (CCIIO):
1. Steps for completing the ACA Transitional Reinsurance Program Annual Enrollment Contribution Submission Form
2. Links to the User Manual, the companion to the reporting form
Fair Market Value and Physician CompensationPYA, P.C.
PYA Principal Shannon Farr led a presentation titled, “Fair Market Value and Physician Compensation,” in which she discussed current trends and hot topics in the healthcare industry, including an overview of healthcare regulatory considerations, hospital-physician alignment and physician affiliation models, and trends relating to physician compensation.
This document outlines a sample claims management process for a physician practice with 14 steps. The process begins with patient registration, verification of insurance benefits, and check-in. It continues with clinical documentation of services, assigning codes, patient check-out, coding review, pre-authorization if needed, claim generation, claim review, processing by the health insurer, collections if needed, posting payments, appeals if claims are denied, and ends with a glossary. Implementing this detailed process is intended to increase efficiency, submit clean claims, reduce denials, and ensure timely payments from health insurers.
Don’t Stumble Coming Out of the Gate –Top Ten Issues to Address When Acquirin...PYA, P.C.
PYA Consulting Principal Carol Carden co-presented with Charlene McGinty of McKenna Long. They examined the top issues to address when acquiring a physician practice and some of the common and more complex issues hospitals face during the acquisition.
Healthcare audits: Helping organizations understand audit guidelines and requ...guest32a93f
This document provides an overview of various healthcare audits conducted by government agencies and private contractors. It discusses audits performed by Medicare including the Quality Improvement Organization (QIO), Comprehensive Error Rate Testing (CERT), Recovery Audit Contractors (RAC), Zone Program Integrity Contractors (ZPIC), Medicare Administrative Contractors (MAC), Program Safeguard Contractors (PSC), and Office of Inspector General (OIG). It also covers Medicaid audits including the Medicaid Integrity Program (MIP), Medicaid Fraud Control Units (MFCU), and Payment Error Rate Measurement (PERM). The document outlines the goals, focus areas, processes, and responsibilities of each type of audit.
While the Health Insurance Portability and Accountability Act (HIPAA) is best known for its multitude of requirements that govern the way health care providers can use, disclose, and safeguard protected health information (PHI), its reach goes far beyond that to health plans and business associates that only handle PHI on a limited basis. HIPAA implementation in these environments creates unique challenges—for example, which provisions actually need to be addressed—but with 2016 marking an all-time high for HIPAA enforcement cases, it may be more important now than ever to address HIPAA compliance.
Hipaa journal com - HIPAA compliance guideFelipe Prado
The document provides an overview of HIPAA compliance guidelines. It discusses the background and objectives of HIPAA legislation over time, including the original 1996 act and subsequent additions through 2013. Key points covered include the HIPAA Privacy and Security Rules, Enforcement Rule, Breach Notification Rule, and the goals of initiatives like HITECH and Meaningful Use to incentivize electronic health records and expand coverage. The document aims to help healthcare organizations understand and implement the necessary administrative, physical, and technical safeguards to protect patient information as required by HIPAA.
Buried somewhere in the longest piece of legislation ever is the No Surprises Act. Signed into law on December 27, 2020, it expands restrictions on charging out-of-network rates for certain services. Discover what it means for your business: https://bit.ly/3cfmHg4
The document discusses the establishment of electronic health records (EHRs) in the US. It summarizes the HITECH Act which provides $19 billion in incentives for healthcare providers to adopt health IT systems like EHRs. It allocates $17 billion for physician incentives and $2 billion for HHS to develop standards, infrastructure grants, and strengthen privacy laws regarding health information. The funding is frontloaded and providers must demonstrate "meaningful use" of EHRs to receive incentives which maximize in 2011 but decrease thereafter.
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to provide protections for personal health information. It established rules regarding the use and disclosure of medical records and health information. HIPAA regulates how consumer information can be shared, provides the right to access personal medical records, and enforces penalties for violations. As technology advances, continued challenges around health information security and integrating new regulations will be an ongoing priority to ensure patient privacy is upheld.
This document discusses the implications of the Mental Health Parity and Addiction Equity Act of 2008 for employer-provided health plans. It addresses whether moving mental health benefits to an employee assistance program (EAP) would avoid the Act's requirements and analyzes different types of excepted benefits that are not subject to the Act. The document also outlines potential cost exemptions and opt-out provisions for certain self-funded government plans.
This presentation discusses how to comply with HIPAA and HITECH privacy laws. Learn key terms such as Protected Health Information, the Privacy Rule and the Security Rule as well as major changes brought by HIPAA and HITECH.
Health Reform Bulletin: Finalized ACA Reporting Forms & Employer Appeals to M...CBIZ, Inc.
This bulletin details the release of a number of forms and compliance tools to assist employers subject to the Affordable Care Act’s (ACA) Shared Responsibility Requirements to comply with the law. Of particular note, the finalized version of the forms used to satisfy the IRC Section 6056 and 6055 reporting requirements, together with the related instructions, have been issued. While the forms released last week were for the 2014 calendar year reporting (the voluntary reporting year for all employers), it is presumed the mandatory forms to be released for 2015 reporting later this year will be quite similar to those just issued.
The following Health Reform Checklist is intended to guide you through the general compliance requirements of
t he Affordable Care Act (ACA) as you prepare now for 2015 and beyond.
In general, these items apply to all employers.
Small Business Hiring Trends - January 2014CBIZ, Inc.
The CBIZ Small Business Employment Index reported a decrease of 2.71 percent in hiring this January, continuing the historically negative trend apparent in previous January readings. - See more at: https://www.cbiz.com/Insights-Resources/Blog/PostId/331/small-business-hiring-retreats-during-january-2015#sthash.aPEtY3XE.dpuf
What’s in Your Rule Book? A Common Sense Approach to Plan Documentation.CBIZ, Inc.
Two recent eligibility opportunities, one created as a result of a US Supreme Court decision and the other enacted by law, are a wake-up call for plan sponsors of welfare and pension benefit plans to review and update, as appropriate, the terms of their plans. As is well known by now, the Supreme Court’s ruling in United States v. Windsor1 extended federal tax and benefit rights to couples in a same-sex marriage. In addition, the Affordable Care Act (ACA) incents employers to extend
eligibility to their workforce or risk an excise tax penalty. Plan sponsors should review their plan documents in light of these recent developments to ensure that the plan language is current and compliant.
CMS has announced a delay in enforcing requirements for health plans to obtain and use Health Plan Identifiers (HPIDs) in transactions by the November 2014 deadline. This is due to a recommendation from an advisory committee that there is no clear need for HPIDs and replacing the existing payer ID system currently used would be disruptive. The delay allows HHS time to review changes to the HPID regulations regarding use in transactions and certification. Health plans should suspend applying for HPIDs until further guidance, but other HIPAA requirements remain in effect.
You Ought To Know April 8 2014 - HHS Guidance on Health Plan Identifier and P...Annette Wright, GBA, GBDS
The document discusses HHS guidance on health plan identifiers (HPIDs) and plan certification requirements under HIPAA. It provides the following key points:
- Health plans must obtain an HPID by November 2014 (large plans) or 2015 (small plans) and use it in electronic transactions by November 2016.
- Health plans must obtain and submit two certifications to HHS attesting to compliance with standard electronic transactions by December 2015 (large plans) or 2016 (small plans).
- Proposed regulations provide limited guidance on the certification process and many questions remain unanswered until final regulations are issued.
Cscu module 12 information security and legal complianceSejahtera Affif
Two recent watchdog reports call for increased enforcement of HIPAA's security standards and the inclusion of more security requirements in EHR programs. Additionally, two cases suggest the US has entered an era of more stringent enforcement of HIPAA's privacy and security standards, with the HHS imposing civil penalties for the first time, including a $4.3 million penalty.
Everything You Need To Know About DOL Auditsbenefitexpress
The document discusses Department of Labor audits of employer health plans to ensure compliance with the Affordable Care Act. It notes that the DOL has begun requesting audited plans prove compliance with various ACA requirements. It recommends that plan sponsors prepare for audits by documenting compliance efforts, retaining all relevant records, and having agreements with third parties to provide necessary records if audited. Failure to comply with the ACA could result in fines or lawsuits. The document also discusses ongoing DOL audits more generally and provides tips for dealing with an audit, such as educating oneself on requirements and having a plan to efficiently provide requested documents.
The UPIC program aims to simplify and strengthen Medicaid integrity by replacing Zone Program Integrity Contractors with United Program Integrity Contractors to conduct unified audits across Medicare, Medicaid, and other federal health programs; UPICs will focus on identifying fraudulent providers, strengthening oversight of state financial policies, and collaborating between federal and state agencies to combat fraud, waste, and abuse. Providers can expect increased scrutiny of billing practices and medical records from UPIC audits starting in 2018.
Health Reform Bulletin – Completing the Transitional Reinsurance Fee Form CBIZ, Inc.
information on the release of Transitional Reinsurance reporting forms by the CMS Center for Consumer Information and Insurance Oversight (CCIIO):
1. Steps for completing the ACA Transitional Reinsurance Program Annual Enrollment Contribution Submission Form
2. Links to the User Manual, the companion to the reporting form
Fair Market Value and Physician CompensationPYA, P.C.
PYA Principal Shannon Farr led a presentation titled, “Fair Market Value and Physician Compensation,” in which she discussed current trends and hot topics in the healthcare industry, including an overview of healthcare regulatory considerations, hospital-physician alignment and physician affiliation models, and trends relating to physician compensation.
This document outlines a sample claims management process for a physician practice with 14 steps. The process begins with patient registration, verification of insurance benefits, and check-in. It continues with clinical documentation of services, assigning codes, patient check-out, coding review, pre-authorization if needed, claim generation, claim review, processing by the health insurer, collections if needed, posting payments, appeals if claims are denied, and ends with a glossary. Implementing this detailed process is intended to increase efficiency, submit clean claims, reduce denials, and ensure timely payments from health insurers.
Don’t Stumble Coming Out of the Gate –Top Ten Issues to Address When Acquirin...PYA, P.C.
PYA Consulting Principal Carol Carden co-presented with Charlene McGinty of McKenna Long. They examined the top issues to address when acquiring a physician practice and some of the common and more complex issues hospitals face during the acquisition.
Healthcare audits: Helping organizations understand audit guidelines and requ...guest32a93f
This document provides an overview of various healthcare audits conducted by government agencies and private contractors. It discusses audits performed by Medicare including the Quality Improvement Organization (QIO), Comprehensive Error Rate Testing (CERT), Recovery Audit Contractors (RAC), Zone Program Integrity Contractors (ZPIC), Medicare Administrative Contractors (MAC), Program Safeguard Contractors (PSC), and Office of Inspector General (OIG). It also covers Medicaid audits including the Medicaid Integrity Program (MIP), Medicaid Fraud Control Units (MFCU), and Payment Error Rate Measurement (PERM). The document outlines the goals, focus areas, processes, and responsibilities of each type of audit.
While the Health Insurance Portability and Accountability Act (HIPAA) is best known for its multitude of requirements that govern the way health care providers can use, disclose, and safeguard protected health information (PHI), its reach goes far beyond that to health plans and business associates that only handle PHI on a limited basis. HIPAA implementation in these environments creates unique challenges—for example, which provisions actually need to be addressed—but with 2016 marking an all-time high for HIPAA enforcement cases, it may be more important now than ever to address HIPAA compliance.
Hipaa journal com - HIPAA compliance guideFelipe Prado
The document provides an overview of HIPAA compliance guidelines. It discusses the background and objectives of HIPAA legislation over time, including the original 1996 act and subsequent additions through 2013. Key points covered include the HIPAA Privacy and Security Rules, Enforcement Rule, Breach Notification Rule, and the goals of initiatives like HITECH and Meaningful Use to incentivize electronic health records and expand coverage. The document aims to help healthcare organizations understand and implement the necessary administrative, physical, and technical safeguards to protect patient information as required by HIPAA.
Buried somewhere in the longest piece of legislation ever is the No Surprises Act. Signed into law on December 27, 2020, it expands restrictions on charging out-of-network rates for certain services. Discover what it means for your business: https://bit.ly/3cfmHg4
The document discusses the establishment of electronic health records (EHRs) in the US. It summarizes the HITECH Act which provides $19 billion in incentives for healthcare providers to adopt health IT systems like EHRs. It allocates $17 billion for physician incentives and $2 billion for HHS to develop standards, infrastructure grants, and strengthen privacy laws regarding health information. The funding is frontloaded and providers must demonstrate "meaningful use" of EHRs to receive incentives which maximize in 2011 but decrease thereafter.
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to provide protections for personal health information. It established rules regarding the use and disclosure of medical records and health information. HIPAA regulates how consumer information can be shared, provides the right to access personal medical records, and enforces penalties for violations. As technology advances, continued challenges around health information security and integrating new regulations will be an ongoing priority to ensure patient privacy is upheld.
This document discusses the implications of the Mental Health Parity and Addiction Equity Act of 2008 for employer-provided health plans. It addresses whether moving mental health benefits to an employee assistance program (EAP) would avoid the Act's requirements and analyzes different types of excepted benefits that are not subject to the Act. The document also outlines potential cost exemptions and opt-out provisions for certain self-funded government plans.
This presentation discusses how to comply with HIPAA and HITECH privacy laws. Learn key terms such as Protected Health Information, the Privacy Rule and the Security Rule as well as major changes brought by HIPAA and HITECH.
Health Reform Bulletin: Finalized ACA Reporting Forms & Employer Appeals to M...CBIZ, Inc.
This bulletin details the release of a number of forms and compliance tools to assist employers subject to the Affordable Care Act’s (ACA) Shared Responsibility Requirements to comply with the law. Of particular note, the finalized version of the forms used to satisfy the IRC Section 6056 and 6055 reporting requirements, together with the related instructions, have been issued. While the forms released last week were for the 2014 calendar year reporting (the voluntary reporting year for all employers), it is presumed the mandatory forms to be released for 2015 reporting later this year will be quite similar to those just issued.
The following Health Reform Checklist is intended to guide you through the general compliance requirements of
t he Affordable Care Act (ACA) as you prepare now for 2015 and beyond.
In general, these items apply to all employers.
Small Business Hiring Trends - January 2014CBIZ, Inc.
The CBIZ Small Business Employment Index reported a decrease of 2.71 percent in hiring this January, continuing the historically negative trend apparent in previous January readings. - See more at: https://www.cbiz.com/Insights-Resources/Blog/PostId/331/small-business-hiring-retreats-during-january-2015#sthash.aPEtY3XE.dpuf
What’s in Your Rule Book? A Common Sense Approach to Plan Documentation.CBIZ, Inc.
Two recent eligibility opportunities, one created as a result of a US Supreme Court decision and the other enacted by law, are a wake-up call for plan sponsors of welfare and pension benefit plans to review and update, as appropriate, the terms of their plans. As is well known by now, the Supreme Court’s ruling in United States v. Windsor1 extended federal tax and benefit rights to couples in a same-sex marriage. In addition, the Affordable Care Act (ACA) incents employers to extend
eligibility to their workforce or risk an excise tax penalty. Plan sponsors should review their plan documents in light of these recent developments to ensure that the plan language is current and compliant.
Construction Vital Statistics - February 2015CBIZ, Inc.
Get all of the construction industry statistics in one convenient, easy to digest document with the Construction Vital Statistics for February 2015 from CBIZ MHM, LLC. Track unemployment rates, permits, starts, material pricing, spending, interest rates, backlog and owner confidence.
FAIR MARKET VALUE & COMMERCIAL REASONABLENESSCBIZ, Inc.
FAIR MARKET VALUE AND COMMERCIAL REASONABLENESS:
What we have learned in the last decade from our role as Governments Consulting Experts and involvement in Hospital Transactions.
Victim of tax refund fraud? Here's what to doCBIZ, Inc.
So what should you do if you find out that someone stole your identity and filed a fraudulent tax return to claim your refund? Here are five actions you should take.
Does an apple a day really keep the doctor away?
Is 100 an obtainable number for us living in the 21st century?
Find out all that and more in this month's issue of Wellbeing Insights. Also, September is National Suicide Prevention Month. Learn some fast facts and preventive measures about the 10th leading cause of death of Americans.
Health Care Reform Matrix: A Tool for Understanding the ImpactCBIZ, Inc.
Our Health Care Reform Matrix is a comprehensive tool to help you understand all of the impacts of the Patient Protection and Affordable Care Act and the Health Care and Education Reconciliation Act.
The document provides guidance on tax planning strategies for the 2013-2014 tax years in light of increased tax rates and new taxes taking effect. It recommends that taxpayers maximize retirement savings to avoid new Medicare taxes, consider income timing strategies to minimize taxes, and update estate plans to take advantage of increased exemption amounts. Effective tax planning is important to mitigate the impact of higher taxes on ordinary income and overall tax liability.
Not-for-Profit Compensation Controversies Continue to Add Fuel to the FireCBIZ, Inc.
Compensation in the not-for profit sector has been a consistent lightning rod for the IRS and other federal governing bodies, as well as for states, for many years.
In this issue of Wellbeing Insights, we cover important summer wellness topics including sun care, iron deficiency, skin cancer signs and sun burn care.
The document discusses compliance requirements for healthcare providers, including Medicaid compliance programs mandated by New York state and the Affordable Care Act. It notes that compliance includes reporting any issues related to patient care, operations, procedures, non-compliance, fraud, waste or abuse. The document also summarizes elements of an effective compliance program and defines fraud, waste and abuse. Key compliance laws and regulations are also outlined such as the anti-kickback statute and HIPAA privacy and security rules.
Health Reform Bulletin: Certification of Compliance with Electronic Transacti...CBIZ, Inc.
The proposed regulations require controlling health plans (CHPs) and subhealth plans (SHPs) to obtain a unique health plan identifier (HPID) and certify compliance with electronic transaction standards. CHPs and SHPs apply for an HPID online and must certify that eligibility, claims status, and EFT/remittance advice transactions comply with standards. Self-funded plans should ensure their TPAs handle HPID and certification requirements.
The Employee Retirement Income Security Act of 1974 (ERISA) is a federal law that sets minimum standards for employee benefit plans maintained by private-sector employers. ERISA includes requirements for both retirement plans (for example, 401(k) plans) and welfare benefit plans (for example, group health plans). ERISA has been amended many times over the years, expanding the protections available to welfare benefit plan participants and beneficiaries.
The Department of Labor (DOL), through its Employee Benefits Security Administration (EBSA), enforces most of ERISA’s provisions. Violating ERISA can have serious and costly consequences for employers that sponsor welfare benefit plans, either through DOL enforcement actions and penalty assessments or through participant lawsuits.
Translating compliance requirements into action items 340BCompliatric
The document provides guidance on complying with 340B program requirements by taking specific action items, such as keeping HRSA 340B database information accurate and up-to-date, preventing diversion of drugs to ineligible patients, preventing duplicate discounts, and preparing for potential audits by maintaining thorough documentation and policies and procedures. Non-compliance can result in findings during HRSA audits, so covered entities must understand eligibility rules, establish data sharing processes, and conduct regular self-audits to ensure only eligible patients and locations are utilizing 340B discounted drugs.
With constant changes in HRSA’s “expectations”, “recommendations” and audit focus, implementation and ongoing compliance of hospital and grantee’s 340B programs can be an arduous task, and also a moving target. RPh Innovations (RPHI), a 340B Program Support and Independent Auditor established in 2011, will re-center the focus around core statues and regulatory concepts of the program, and outline action items to help attendees start implementing structure, policy, and delegation of responsibilities within their respective institutions.
The document discusses compliance and accounts receivable risk areas for skilled nursing facilities. It identifies five main risk areas for bad debt and lost revenue: bad debt, compliance issues, inefficiencies and waste, cash flow problems, and theft. It also provides tips for minimizing these risks through best practices in admissions, compliance processes, personnel management, billing and collection standards, and oversight and monitoring.
The document outlines the key responsibilities of a chief compliance officer, which include overseeing and monitoring the compliance program, reporting regularly to leadership, revising the program based on changes, ensuring employee training, and disseminating new laws and regulations. It then provides examples of educational materials and policy documents developed by the compliance officer related to identity theft, billing changes, and HIPAA compliance.
The Employee Retirement Income Security Act of 1974 (ERISA) is a federal law that sets minimum standards for employee benefit plans maintained by private-sector employers. ERISA includes requirements for both retirement plans (for example, 401(k) plans) and welfare benefit plans (for example, group health plans)…
Conducting a Governance Audit April 11 2012 _finalBethune Whiston
This document provides an overview of conducting a governance audit for a pension plan. It discusses that a governance audit reviews a plan's documents, procedures, delegation of duties, investments, and documentation to ensure compliance with laws and best practices. The summary identifies that a governance audit serves to ensure legal compliance, improve administration, and preemptively identify and manage risks. It also covers what a governance audit typically involves and that it is generally conducted by an independent third party with governance experience.
The document discusses HIPAA compliance and the HITRUST framework. It provides an overview of HIPAA requirements including the Privacy Rule, Security Rule, and breach notification. It outlines fines and penalties for non-compliance. It then discusses the mission and objectives of HITRUST, which provides a certifiable framework to demonstrate HIPAA compliance. The document argues that organizations can use HITRUST certification to address challenges in demonstrating HIPAA compliance through its standardized tools and processes.
Chapter 10 Privacy and Security of Health RecordsLearnin.docxcravennichole326
Chapter 10 Privacy and Security of Health Records
Learning Outcomes
After completing this chapter, you should be able to:
♦ List HIPAA transactions and uniform identifiers
♦ Understand HIPAA privacy and security concepts
♦ Apply HIPAA privacy policy in a medical facility
♦ Discuss HIPAA security requirements and safeguards
♦ Follow security policy guidelines in a medical facility
♦ Explain electronic signatures
Understanding HIPAA
In Chapter 11 we will discuss various ways the Internet is being used for healthcare, including various implementations of EHR on the Internet, Internet-based personal health records (PHR), and remote access. In Chapter 12 we will explore the relationship of the EHR data to the determination of codes required for medical billing. Before moving to those topics it is prudent to understand HIPAA. HIPAA is an acronym for the Health Insurance Portability and Accountability Act, passed by Congress in 1996.
The HIPAA law was intended to:
♦ Improve portability and continuity of health insurance coverage.
♦ Combat waste, fraud, and abuse in health insurance and healthcare delivery.
♦ Promote use of medical savings accounts
♦ Improve access to long-term care
♦ Simplify administration of health insurance
HIPAA law regulates many things. However, a portion known as the Administrative Simplification Subsection1 of HIPAA covers entities such as health plans, clearinghouses, and healthcare providers. HIPAA refers to these as covered entities or a covered entity. This means a healthcare facility or health plan and all of its employees. If you work in the healthcare field, these regulations likely govern your job and behavior. Therefore, it is not uncommon for healthcare workers to use the acronym HIPAA when they actually mean only the Administrative Simplification Subsection of HIPAA.
Note Covered Entity
HIPAA documents refer to healthcare providers, plans, and clearing-houses as covered entities. In the context of this chapter, think of a covered entity as a healthcare organization and all of its employees.
As someone who will work with patients’ health records, it is especially important for you to understand the regulations regarding privacy and security. However, let us begin with a quick review of HIPAA, then study the privacy and security portions in more depth.
HIPAA implementation and enforcement is under the jurisdiction of several entities within the U.S. Department of Health and Human Services (HHS). This chapter will make extensive use of documents prepared by HHS.
Administrative Simplification Subsection
The Administrative Simplification Subsection has four distinct components:
1. Transactions and code sets
2. Uniform identifiers
3. Privacy
4. Security
HIPAA Transactions and Code Sets
The first section of the regulations to be implemented governed the electronic transfer of medical information for business purposes such as insurance claims, payme ...
HIPAA and FDCPA Compliance for Process ServersLawgical
This document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the Fair Debt Collection Practices Act (FDCPA). It summarizes that HIPAA establishes national standards for protecting individuals' personal health information and applies to health plans, providers, and clearinghouses. It also notes that the FDCPA aims to eliminate abusive debt collection practices and applies to debt collectors. Violations of these acts that could affect the reader are discussed.
This educational webinar will review how to prepare when an employer or a client is notified that its health and welfare plans are being audited by the Department of Labor (DOL).
This document provides an overview of changes to HIPAA regulations under the HITECH Act, including increased penalties, new requirements for business associates, and strengthened breach notification rules. It discusses how business associates are now directly regulated and subject to civil and criminal penalties. Three case studies are presented that illustrate HIPAA enforcement actions against organizations that failed to properly safeguard protected health information. The document emphasizes the importance of conducting risk analyses, training staff, and implementing security measures like encryption to avoid penalties for noncompliance.
MD Ranger provides tools and resources to help organizations audit physician contracts for compliance. An internal audit allows an organization to:
1) Identify any non-compliant agreements and risks related to the Stark Law, Anti-Kickback Statute, and False Claims Act.
2) Ensure all physician contracts have proper documentation of fair market value and accurate terms.
3) Benchmark contracts against facilities of similar size and specialty mix.
Proper planning is important - determine current procedures, resources needed, timing, documentation, and follow up responsibilities. MD Ranger's online platform can support the entire auditing process.
This document provides an overview and agenda for a webinar on HIPAA compliance and security requirements for Federally Qualified Health Centers (FQHCs). The webinar will cover HIPAA/HITECH requirements including the new Omnibus Rule, the importance of security, and administrative, physical, and technical security standards. It will discuss required security risk assessments and the presenter's qualifications. Breach notification rules, costs of data breaches, and lessons learned will also be reviewed to emphasize the importance of security compliance.
Executive Presentation on adhering to Healthcare Industry complianceThomas Bronack
Thomas Bronack of Data Center Assistance Group proposes assisting healthcare providers in adhering to regulatory requirements regarding workplace security, violence prevention, and workflow management. The proposal outlines new compliance regulations around patient privacy, security, and freedoms as well as penalties for non-compliance. Bronack would perform risk assessments, implement physical and data security controls, and provide training and awareness to help organizations achieve Joint Commission accreditation and compliance.
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessment Series: HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule (Part 1)
Presentation designed to explain Business Associates the basics of HIPAA and real-life examples of cases that failed to implement and follow HIPAA requirements on a timely basis.
Similar to Federal Benefits Developments - Audits Abound: Are You Ready? (20)
BIZGrowth Strategies — Cybersecurity Special Edition 2023CBIZ, Inc.
As cybercriminals continue to advance and evolve, a stagnant cyber risk management approach is simply not an option. Further, the prevalence of cyber breaches means cybersecurity is not solely an IT concern. It takes a robust set of processes and people from across your organization, working together toward a common goal. We offer fresh insights to help protect your organization from cyberthreats in multiple operational areas. Articles include:
- How Cybercriminals Are Weaponizing Artificial Intelligence
- Employee Benefits Cyber Risk Exposure Scorecard
- Closing the Security Gap: Managing Vendor Cyber Risk
- Retirement Plan Sponsor Cybersecurity Checklist
- Protect Your Digital Frontline With Employee Training
BIZGrowth Strategies - Back to Basics Special EditionCBIZ, Inc.
Amid the increasing complexity of today’s business landscape, it can be of great benefit to shut out the noise and simply get back to the basics. Summer offers the rare opportunity for organizations to slow down and sweat the small stuff.
In this issue, our experts address seven key topics intended to help leaders guide their teams to stability and refocus on the foundational elements of success, including:
- Talent Management 101: How to Attract & Retain Great Employees
- Exploring the What, Why & How Behind the Employee Experience
- The Shifting Normal: 3 Ways Leaders Can Embrace Change & Conquer Challenge
- What is Financial Wellbeing & Why Should Employers Care?
- D&O Insurance Application Basics to Protect Your Leaders
- Your Life Insurance Policy May Be One of Your Biggest Assets
- Understanding Labor Law Poster Compliance
Welcome to our newly branded newsletter, "The Advantage." The articles in this issue provide insights to help you:
■ Have conversations around tough decisions during periods of economic uncertainty
■ Evaluate fast-growing artificial intelligence tools like ChatGPT
■ Recognize colleagues who are key allies in supporting women in the workplace
■ Navigate career shifts along the path to successful leadership
■ Manage workplace culture in a hybrid model
■ Garner inspiration from the 2023 Women Transforming Business finalists and winners
BIZGrowth Strategies - Workforce & Talent Optimization Special EditionCBIZ, Inc.
Amid today’s economic uncertainty, we know you need strategies and solutions that will help your business thrive. With workforce and talent concerns running high for employers across the nation, our experts developed these articles with those critical issues top of mind. We offer fresh insights designed to attract, retain, engage and motivate your employees — all while protecting your bottom line and managing emerging risks. Articles include:
- Unlock Success with Effective Performance Management
- How Employers Can Benefit from Financial Wellbeing Programs
- How to Talk About Hard Decisions During a Recession
- Cost-Effective Health Plan Perks to Consider in 2023
- 3 HR Strategies to Recession-Proof Your Organization
- Responding to Employment Practices Liability (EPL) Claims
- Versatility — Important in Life & Life Insurance
BIZGrowth Newsletter - Economic Slowdown Solutions Special EditionCBIZ, Inc.
The "Economic Slowdown Solutions Special Edition" newsletter includes articles that present tips, strategies and ideas to help your organization master economic uncertainty and recessionary concerns. Topics include:
- Considerations for a Reduction in Force
- Tips to Prepare for Risk Management Challenges
- Tactics to Recession-Proof Your Benefits Strategy
- HR Best Practices
- Recruitment Strategies to Keep You Competitive
- 3 Innovations to Stay Nimble
- Disability Insurance for Business Owners
BIZGrowth Strategies - Cybersecurity Special EditionCBIZ, Inc.
Cyberattacks are becoming more frequent and sophisticated, making a recovery from them increasingly difficult. Without preparation, a cyberattack can be devastating to your business, having severe operational, financial, legal and reputational implications.
The prevalence of cyber breaches also means cybersecurity is no longer solely an IT concern. Elevating your information security from functional to effective takes a robust set of elements, processes and people working together toward a common goal.
Our professionals have developed these articles and resources to help you protect your organization from these attacks.
Connections Help Law Practice Efficiently Obtain $5 Million Line of CreditCBIZ, Inc.
A 15-attorney law firm operated on a contingency and hourly fee basis. While it had a strong outlook for contingency cases, the costs incurred to work...
Custom Communication Plan & Active Enrollment Result in Increased ConsumerismCBIZ, Inc.
The firm embarked on a multi-year strategic plan to build a culture of wellbeing and engagement. They wanted
to educate employees to become more engaged and wise health care consumers...
Experienced Consulting Approach Leads Engineering Firm to the Right CFOCBIZ, Inc.
The Chief Financial Officer of a leading multi-disciplined engineering and consulting
firm indicated he was considering retiring. After initially considering a search process as an in-house project, the company’s leadership agreed...
Check out the latest edition for articles on Preventing Social Engineering Attacks, Triumphing in the Talent War, 3 Signs It’s Time for a Compensation Study, Strategies to Protect Your Retirement & Tips for a Successful OSHA Inspection.
Inflation, Interest Rates & the Disruption to CRECBIZ, Inc.
From assessing the various sectors to analyzing the future of your investments, learn more from our experienced team leaders on the wide-spread trends of commercial real estate property and sales.
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...CBIZ, Inc.
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Jun 2022) provides you with news and guidance on the labor crisis, how to retain top talent during the Great Resignation, the business impacts of the Russia-Ukraine War, and the benefit of long-term bonus plans.
Rethinking Total Compensation to Retain Top TalentCBIZ, Inc.
Even with a developed recruiting program, strong company culture and great work-life balance, it’s difficult for companies to attract and retain the best employees without an all-inclusive compensation strategy. Add in the combination of high inflation, talent shortages and the Great Resignation, and we’re left with a hyper-competitive labor market. As a result, employers must think outside of the box to retain top performers and explore new ways to increase the value of total compensation offered. Learn how in this article.
Common Labor Shortage Risks & Tips to Mitigate Your ExposuresCBIZ, Inc.
No industry is safe from the risks of the current labor market. Employee shortages can influence multiple liabilities, but a proactive strategy can help protect your organization. In this article, learn measures to minimize labor shortage liability risks across all industries, as well as influential industry risks for construction, manufacturing and trucking.
How the Great Resignation Affects the Tax FunctionCBIZ, Inc.
Talent shortages remain a challenge universally, but it may be hitting financial roles within businesses particularly hard. The
pressures to meet tax reform obligations coupled with the
job changeover opportunities that emerged during the Great Resignation have left many tax departments feeling under-resourced. If your company is experiencing a similar situation, here are steps you can take to support your tax function.
While employee turnover is inevitable, there are several strategies companies can implement to help combat the Great Resignation, and at the center of all these strategies is technology that can benefit employers and their staff. In this article, learn how your organization can use technology to enhance the recruiting and onboarding processes, which will help attract top talent, while setting new hires up for success.
Experienced Consulting Approach Leads Engineering Firm to the Right CFOCBIZ, Inc.
The Chief Financial Officer of a leading multi-disciplined engineering and consulting firm indicated he was considering retiring. After initially considering a search process as an in-house project, the company’s leadership agreed to secure the assistance of an executive search professional.
BIZGrowth Strategies - The Great Resignation Special EditionCBIZ, Inc.
The Great Resignation continues to plague organizations across the country. It has exacerbated a host of employer challenges, including attraction, retention and engagement of top talent, as well as mitigating new risks. Our experts have developed these articles and linked resources to help your organization combat the mass employee exodus.
Kansas businesses have an opportunity for state tax incentives of which you may want to be aware.
Recent changes to the Kansas High Performance Incentive Program (HPIP) make it more broadly available
than it was in the past.
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)CBIZ, Inc.
The January 2022 issue of CBIZ’s Commercial Real Estate Quarterly Hot Topics Newsletter is now available! Learn about the impact of changes lease accounting, post-pandemic calculation companies are using to reassess office space needs, tax planning knowns and unknowns and the impact of rising construction costs on insurance costs. Plus – access strategies to combat the great resignation and safeguard against the unexpected.
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....Lacey Max
“After being the most listed dog breed in the United States for 31
years in a row, the Labrador Retriever has dropped to second place
in the American Kennel Club's annual survey of the country's most
popular canines. The French Bulldog is the new top dog in the
United States as of 2022. The stylish puppy has ascended the
rankings in rapid time despite having health concerns and limited
color choices.”
NIMA2024 | De toegevoegde waarde van DEI en ESG in campagnes | Nathalie Lam |...BBPMedia1
Nathalie zal delen hoe DEI en ESG een fundamentele rol kunnen spelen in je merkstrategie en je de juiste aansluiting kan creëren met je doelgroep. Door middel van voorbeelden en simpele handvatten toont ze hoe dit in jouw organisatie toegepast kan worden.
The Most Inspiring Entrepreneurs to Follow in 2024.pdfthesiliconleaders
In a world where the potential of youth innovation remains vastly untouched, there emerges a guiding light in the form of Norm Goldstein, the Founder and CEO of EduNetwork Partners. His dedication to this cause has earned him recognition as a Congressional Leadership Award recipient.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This presentation is a curated compilation of PowerPoint diagrams and templates designed to illustrate 20 different digital transformation frameworks and models. These frameworks are based on recent industry trends and best practices, ensuring that the content remains relevant and up-to-date.
Key highlights include Microsoft's Digital Transformation Framework, which focuses on driving innovation and efficiency, and McKinsey's Ten Guiding Principles, which provide strategic insights for successful digital transformation. Additionally, Forrester's framework emphasizes enhancing customer experiences and modernizing IT infrastructure, while IDC's MaturityScape helps assess and develop organizational digital maturity. MIT's framework explores cutting-edge strategies for achieving digital success.
These materials are perfect for enhancing your business or classroom presentations, offering visual aids to supplement your insights. Please note that while comprehensive, these slides are intended as supplementary resources and may not be complete for standalone instructional purposes.
Frameworks/Models included:
Microsoft’s Digital Transformation Framework
McKinsey’s Ten Guiding Principles of Digital Transformation
Forrester’s Digital Transformation Framework
IDC’s Digital Transformation MaturityScape
MIT’s Digital Transformation Framework
Gartner’s Digital Transformation Framework
Accenture’s Digital Strategy & Enterprise Frameworks
Deloitte’s Digital Industrial Transformation Framework
Capgemini’s Digital Transformation Framework
PwC’s Digital Transformation Framework
Cisco’s Digital Transformation Framework
Cognizant’s Digital Transformation Framework
DXC Technology’s Digital Transformation Framework
The BCG Strategy Palette
McKinsey’s Digital Transformation Framework
Digital Transformation Compass
Four Levels of Digital Maturity
Design Thinking Framework
Business Model Canvas
Customer Journey Map
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
4 Benefits of Partnering with an OnlyFans Agency for Content Creators.pdfonlyfansmanagedau
In the competitive world of content creation, standing out and maximising revenue on platforms like OnlyFans can be challenging. This is where partnering with an OnlyFans agency can make a significant difference. Here are five key benefits for content creators considering this option:
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Neil Horowitz
On episode 272 of the Digital and Social Media Sports Podcast, Neil chatted with Brian Fitzsimmons, Director of Licensing and Business Development for Barstool Sports.
What follows is a collection of snippets from the podcast. To hear the full interview and more, check out the podcast on all podcast platforms and at www.dsmsports.net
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...my Pandit
Explore the fascinating world of the Gemini Zodiac Sign. Discover the unique personality traits, key dates, and horoscope insights of Gemini individuals. Learn how their sociable, communicative nature and boundless curiosity make them the dynamic explorers of the zodiac. Dive into the duality of the Gemini sign and understand their intellectual and adventurous spirit.
𝐔𝐧𝐯𝐞𝐢𝐥 𝐭𝐡𝐞 𝐅𝐮𝐭𝐮𝐫𝐞 𝐨𝐟 𝐄𝐧𝐞𝐫𝐠𝐲 𝐄𝐟𝐟𝐢𝐜𝐢𝐞𝐧𝐜𝐲 𝐰𝐢𝐭𝐡 𝐍𝐄𝐖𝐍𝐓𝐈𝐃𝐄’𝐬 𝐋𝐚𝐭𝐞𝐬𝐭 𝐎𝐟𝐟𝐞𝐫𝐢𝐧𝐠𝐬
Explore the details in our newly released product manual, which showcases NEWNTIDE's advanced heat pump technologies. Delve into our energy-efficient and eco-friendly solutions tailored for diverse global markets.
IMPACT Silver is a pure silver zinc producer with over $260 million in revenue since 2008 and a large 100% owned 210km Mexico land package - 2024 catalysts includes new 14% grade zinc Plomosas mine and 20,000m of fully funded exploration drilling.
HR search is critical to a company's success because it ensures the correct people are in place. HR search integrates workforce capabilities with company goals by painstakingly identifying, screening, and employing qualified candidates, supporting innovation, productivity, and growth. Efficient talent acquisition improves teamwork while encouraging collaboration. Also, it reduces turnover, saves money, and ensures consistency. Furthermore, HR search discovers and develops leadership potential, resulting in a strong pipeline of future leaders. Finally, this strategic approach to recruitment enables businesses to respond to market changes, beat competitors, and achieve long-term success.
Dive into this presentation and learn about the ways in which you can buy an engagement ring. This guide will help you choose the perfect engagement rings for women.
Industrial Tech SW: Category Renewal and CreationChristian Dahlen
Every industrial revolution has created a new set of categories and a new set of players.
Multiple new technologies have emerged, but Samsara and C3.ai are only two companies which have gone public so far.
Manufacturing startups constitute the largest pipeline share of unicorns and IPO candidates in the SF Bay Area, and software startups dominate in Germany.
Storytelling is an incredibly valuable tool to share data and information. To get the most impact from stories there are a number of key ingredients. These are based on science and human nature. Using these elements in a story you can deliver information impactfully, ensure action and drive change.
Federal Benefits Developments - Audits Abound: Are You Ready?
1. Federal Benefits Developments
BENEFITS LAW
JOURNAL
VOL. 27, NO. 2 SUMMER 2014
Audits Abound: Are You Ready?
Karen R. McLeese
With this column, we welcome Karen R. McLeese, the Vice President
of Employee Benefit Regulatory Affairs for CBIZ Benefits & Insurance
Services, Inc., a division of CBIZ, Inc. She serves as in-house counsel,
with particular emphasis on monitoring and interpreting state and
federal employee benefits law. Ms. McLeese is based in the Leawood,
Kansas, CBIZ office.
Whether it is the Department of Labor or the Internal Revenue
Service and Treasury Department reviewing your health or
retirement plan, or the Office of Civil Rights reviewing your HIPAA
privacy compliance, there are many agencies interested in making
sure your plans and processes are compliant. Read on for some tips
on how to make certain your benefit abode is clean and tidy should
the government pay you a visit.
What Triggers a Plan Audit?
An audit is an inspection or examination to evaluate or improve the
appropriateness, efficiency, accuracy, prudence, or the like of a par-
ticular process. Put in an ERISA plan perspective, an audit, whether
self-imposed or commenced by a regulatory agency, is for the pur-
pose of ensuring that the plan is operated in accordance with, and in
compliance with, the law. Of utmost importance is ensuring that the
plan is administered for the exclusive benefit of plan participants and
beneficiaries.
Federal Benefits Developments
2. BENEFITS LAW JOURNAL 2 VOL. 27, NO. 2, SUMMER 2014
Federal Benefits Developments
To that end, an audit most typically focuses on ensuring that the
terms and conditions of the plan are, first and foremost, written with
the intent of benefitting plan participants and beneficiaries, and sec-
ond, that the plan is so administered. Of paramount importance is
ensuring that plan assets are used for the exclusive benefit of plan
participants and, in particular, that participant contributions are timely
contributed to the trust, paid to an insurer, or otherwise used in accor-
dance with the terms and conditions of the plan.
A number of events can trigger an audit, such as plan filings or
random selection. One of the most common events generating an
audit is a complaint by a plan participant or a perceived injured
party.
DOL Audits of Health and Pension Plans
An audit initiated by the Department of Labor’s Employee Benefit
Security Administration (EBSA) to investigate a health plan or pension
plan may be any of the following:
1. Limited review (no specific issue);1
2. Fiduciary investigation;2
or
3. Prohibited person investigation.3
In conducting an audit of these types of plans, EBSA will request
and review many documents4
including:
• Form 5500 filings and related summary annual reports;
• The plan document and related disclosures;
• All related insurance and reinsurance contracts, third-party
agreements, and administrative services agreements; and
• Documents describing employer or plan sponsor responsi-
bilities regarding payment of associated plan costs.
Additional items that may be requested include:
• Collective bargaining agreements (if applicable);
• Lag reports of participant claims filed;
• The plan’s accounting records (bank or trust statements);
• Documents identifying plan assets, liabilities, revenue, and
expenses;
• Fiduciary liability bond;
3. BENEFITS LAW JOURNAL 3 VOL. 27, NO. 2, SUMMER 2014
Federal Benefits Developments
• Fidelity (fraud and dishonesty) bond; and
• Identity and contact information of service providers (attor-
ney, accountant, actuary, insurance agent, third-party admin-
istrator, and trustee)
In addition, a health plan might be required to produce documents
showing compliance with laws5
such as:
• Consolidated Omnibus Budget Reconciliation Act (COBRA);
• Health Insurance Portability and Accountability Act (HIPAA);
• Mental Health Parity Laws (MHPA and MHPAEA);
• Genetic Information Nondiscrimination Act (GINA); and
• Patient Protection and Affordable Care Act (Affordable Care
Act or ACA).
The direction the EBSA would follow in a pension or retirement
plan audit generally depends upon whether there is a potential viola-
tion of participant’s rights under the plan, whether there are prohib-
ited individuals serving as fiduciaries or service providers of the plan,
or whether the investigation focuses on a fiduciary violation. Several
years ago, EBSA commenced a three-prong effort to enhance plan
sponsor and participant awareness of retirement plan fees. As part of
its initiative, the service provider fee disclosure rules6
require service
providers of qualified retirement plans to provide certain plan infor-
mation, in writing, to plan fiduciaries who, in turn, provide fee-related
information to plan participants.7
These types of disclosures would
also be reviewed during an EBSA audit.
IRS Audits of Pension and Retirement Plans
Audits of pension and retirement plans can also be initiated by the
Internal Revenue Service (IRS).8
An IRS examination would generally
focus on plan data and operations to confirm compliance. The main
areas of an IRS examination could include:
1. Review of plan documents and amendments, as well as trust
documents
2. Plan qualification substantiation relating to:
• Coverage and nondiscrimination tests
• Minimum distribution requirements
• Verification of compensation limits
4. BENEFITS LAW JOURNAL 4 VOL. 27, NO. 2, SUMMER 2014
Federal Benefits Developments
• Eligibility requirements and plan entry dates
• Vesting provisions
3. Potential prohibited transaction matters: plan rules relat-
ing to participant loans, transactions between the plan and
employer, or any self-dealing by the plan’s fiduciary(ies)
4. Plan operation matters: review of allocations and general
compliance with the terms of the plan, including eligibility,
distributions, deferral elections, and automatic enrollment
features
5. Review of plan asset matters: investments held by trust,
whether contributions are timely transmitted, and payment
of expenses by plan assets and investment elections
6. Tax review: prohibited transaction excise tax, tax on deemed
distributions due to defaulted loans or Internal Revenue
Code 72(p) noncompliance, deduction limits, shortfalls
under minimum distribution rules, proper withholding, and
timing of income on corrective distributions
7. Review of reporting documents to the IRS such as Forms
1099s, 5500s, and W-2s
HIPAA Privacy and Security Audits
The administrative simplification standards required under the
HIPAA law9
include three components: health care privacy rules, elec-
tronic data interchange rules, and security of health data rules:
• The health care privacy rules govern how individually iden-
tifiable medical information must be protected.
• HIPAA requires national standards for electronic health care
transactions; code standards; and national identifiers for health
care plans, providers, and clearinghouses. The intent of these
standards is to improve the efficiency and effectiveness of the
nation’s health care system by encouraging the widespread
use of electronic data interchange (EDI) in health care.
• HIPAA requires that security standards be established for
the protection of electronic health information. In addition,
covered entities (health care providers, health care clear-
inghouses, and health plans) are required to notify affected
individuals in the event of a breach of their unsecured health
information.
5. BENEFITS LAW JOURNAL 5 VOL. 27, NO. 2, SUMMER 2014
Federal Benefits Developments
The Department of Health and Human Services’ Office for Civil
Rights (OCR) is responsible for enforcing the privacy and security
rules.10
According to the OCR, the increased use of health informa-
tion technology, while beneficial, also carries new risks to consumer
privacy. Thus, the Administrative Simplification Rules enacted under
HIPAA and the Health Information Technology for Economic and
Clinical Health Act (HITECH)11
include national standards for the
privacy of protected health information (PHI), the security of elec-
tronic protected health information (e-PHI), and breach notification
to consumers.
The types of information that may be requested during an OCR
audit12
include the following:
1. Substantiation of compliance with the privacy rule require-
ments relating to:
• Implementation of ongoing administrative requirements,
such as appointment of a privacy and security officer,
maintenance of written policies and procedures, entering
into business associate agreements, providing privacy
training to the workforce, maintenance and certification
of plan documents, and record retention
• Maintenance and distribution of the entity’s notice of
privacy practices
• Ongoing monitoring of the use and disclosure of PHI by
the covered entity
• Honoring individual rights, including the right to request
privacy protection of PHI, the right to access and amend
PHI, and the right to an accounting of disclosures
2. Substantiation of compliance with the security rule require-
ments for implementing administrative, physical, and techni-
cal safeguards in the protection of PHI and e-PHI, as well as
mobile device security
3. Substantiation of satisfying the requirements of the Breach
Notification Rules
Audits could also be initiated by the Centers for Medicare and
Medicaid Services (CMS), which administers and enforces other
aspects of the HIPAA Administrative Simplification Rules, including
standards relating to transactions and code sets and the employer
and national provider identifiers.13
In addition, the HITECH law
authorized enforcement of privacy violations by state attorneys
general.
6. BENEFITS LAW JOURNAL 6 VOL. 27, NO. 2, SUMMER 2014
Federal Benefits Developments
How Can a Plan Sponsor Best Be Fortified
to Withstand an Audit?
One of the best ways a plan sponsor can be prepared to withstand
an audit is to regularly engage in a bit of spring cleaning. An employer
should, for example, regularly review its plans to ensure compliance
with all of the policies and procedures governing those plans. This is
particularly important in the current environment of constant change.
The three governing agencies mentioned in this article provide
manuals, compliance tools, checklists, and other information to assist
plan sponsors in determining whether their plans are compliant.
Following are some of these sources that may be helpful.
EBSA Resources
Health and welfare benefit plans:
• HIPAA & Other Health Care-Related Provisions Tool14
• Affordable Care Act Provisions Tool15
• EBSA Enforcement Manual—Health Plan Investigations16
Pension and retirement plans:
• EBSA Enforcement Manual—Participant’s Rights,17
Prohibited
Persons,18
and Fiduciary Investigations Program19
• Voluntary Correction Programs20
IRS Qualified Pension and Retirement Plan Resources
• Employee Plans Examination Guidelines21
• Checklists22
containing Fix-it Guides23
on an array of retire-
ment plans such as 401(k) and 403(b) plans, Simple IRAs,
SEPs and SARSEPs
• Three programs for correcting plan errors:24
• Self-Correction Program (SCP)
• Voluntary Correction Program (VCP)
• Audit Closing Agreement Program (Audit CAP)
HIPAA Privacy and Security Resources
• OCR’s Audit Program Protocol25
provides compliance assis-
tance to covered entities relating to privacy, security, and
breach rules.
7. BENEFITS LAW JOURNAL 7 VOL. 27, NO. 2, SUMMER 2014
Federal Benefits Developments
• Workgroup for Electronic Data Interchange (WEDI) has
developed compliance tools such as a breach risk assess-
ment tool, a security risk assessment tool, and Health IT
Compliance Guide.26
• The CMS Web site provides educational materials and com-
pliance tips.27
In Summary: What Should a Plan Sponsor Do?
1. Establish and maintain practices and procedures to ensure
compliance with all applicable laws.
2. Periodically engage in an internal audit of relevant practices,
procedures, and documents.
3. If an audit request is received:
• Make any audit requests a high priority;
• Engage legal counsel immediately;
• Create a positive, cooperative relationship;
• Assign a point person and coordinate with all players;
• Brief management on relevant issues;
• Respond timely to all requests; and
• Don’t panic.
Notes
1. EBSA Enforcement Manual, Chapter 53, Targeting and Limited Reviews.
2. Id., Fiduciary and Part 7 Investigations, Program 48.
3. Id., Chapter 47, Prohibited Person.
4. Id.
5. Id., Chapter 50, Health Plan Investigations.
6. 29 C.F.R. Part 2550, Reasonable Contract or Arrangement Under Section 408(b)(2)—
Fee Disclosure.
7. 29 C.F.R. Part 2550, Fiduciary Requirements for Disclosure in Participant-Directed
Individual Account Plans.
8. Internal Revenue Manual, Part 4, Examining Process, Chapter 72. Employee Plans
Technical Guidelines.
9. Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law
104-191, 45 C.F.R. Parts 160, 162, and 164.
8. BENEFITS LAW JOURNAL 8 VOL. 27, NO. 2, SUMMER 2014
Federal Benefits Developments
10. 45 C.F.R. Part 160, Subparts C, D, and E.
11. Health Information Technology for Economic and Clinical Health (HITECH) Act,
enacted February 17, 2009, as part of the American Recovery and Reinvestment Act
of 2009 (Public Law 111-5).
12. 45 C.F.R. Part 160, Subparts C, D, and E.
13. Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law
104-191, 45 C.F.R. Parts 160, 162, and 164.
14. HIPAA & Other Health Care-Related Provisions Tool, http://www.dol.gov/ebsa/pdf/
part7-1.pdf.
15. Affordable Care Act Provisions Tool, http://www.dol.gov/ebsa/pdf/part7-2.pdf.
16. EBSA Enforcement Manual, Chapter 50, Health Plan Investigations.
17. Id., Chapter 53, Participant’s Rights.
18. Id., Chapter 47, Prohibited Person.
19. Id., Fiduciary and Part 7 Investigations, Program 48.
20. EBSAVoluntaryCorrectionsPrograms,http://www.dol.gov/ebsa/compliance_assistance.
html#Section8.
21. IRS Employee Plan Examination Process Guide, http://www.irs.gov/Retirement-
Plans/EP-Examination-Process-Guide.
22. IRS Checklists, http://www.irs.gov/Retirement-Plans/Have-You-Had-Your-
Retirement-Plan-Check-Up-This-Year.
23. IRS Fix-it Guides, http://www.irs.gov/Retirement-Plans/Plan-Sponsor/Fix-It-
Guides-Common-Problems-Real-Solutions.
24. IRS Employee Plans Compliance Resolution System (EPCRS), http://www.irs.
gov/Retirement-Plans/EPCRS-Overview); Correcting Plan Errors, http://www.irs.gov/
Retirement-Plans/Correcting-Plan-Errors.
25. OCR’s Audit Program Protocol, http://www.hhs.gov/ocr/privacy/hipaa/enforcement/
audit/protocol.html.
26. Workgroup for Electronic Data Interchange (WEDI), Privacy and Security, http://
www.wedi.org/topics/privacy-security.
27. Centers for Medicare and Medicaid Services, HIPAA—General Information,
http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/
HIPAAGenInfo/index.html.