The Skinny on “Skinny Plans”

Recently there has been a trend among business owners to ask about how they can do as little as possible and still be compliant within the word of the law when it comes to PPACA. I came across an article in the WSJ “Employers Eye Bare-Bones Health Plans Under New Law” and was really taken aback. I know I should not have, I mean, the legislation has been filled with several oops moments but this one is a little bit different in that some businesses are actually looking at this as an opportunity to “game” the law. I would first start by saying that each company is different, and their specific work force is unique so I am not going to go into the validity of “skinny plans” as a viable course of action without having time to look at the workings and issues of each company. What I will do is speak to the facts that should be looked at when making a decision for your company.

With the  recent release of regulations from the IRS and the Department of Health and Human Services, administration officials confirmed to Wall Street Journal reporters that large employers will not have to meet all the generous standards for health insurance plans offered on the state exchanges, but can offer minimal health insurance to avoid penalties.

According to the law employers have to offer “minimum essential coverage.” This turns out to be substantially less generous than the “essential health benefits” required for plans sold to individuals and small businesses. To get a grasp on what is happening here we need to refer back to the penalties that can be imposed.

For employers greater than 50 full time employees – If the employer does not offer coverage, and at least one full-time employee receives a premium tax credit or cost-sharing reductions, the business must pay $2,000 for each full-time employee, not counting the first 30 employees. If the employer does offer coverage, and at least one full-time employee receives a premium tax credit or cost-sharing reductions because the coverage offered is determined “inadequate” or “unaffordable,” the employer will be required to pay $3,000 for each employee who receives assistance or $2,000 per full-time employee (not counting the first 30 employees), whichever is less. This penalty is per worker, not for the workforce as a whole. In most cases the $2,000 penalty will be less, which, if in effect, would apply to the entire workforce after the initial 30-worker exemption. Yes that is some crazy PPACA arithmetic!

So as you can imagine it did not take a long time for some employers, with less skilled work-forces, to look at this and determine that it can make sense to offer a plan that covers minimal requirements such as preventive services, but often little more. Some of the plans wouldn’t cover surgery, X-rays or prenatal care at all. Does offering these types of plans that meet minimal medical benefit make the grade? The answer right now is yes. The meet the letter but not the spirit of the law.

Employees are free to go to a health insurance exchange if their employer offers them a plan they do not like. They can get a premium subsidy if their employer fails to offer coverage that: (1) is affordable; or (2) provides minimum value. A plan’s minimum value is measured with reference to benefits covered by the employer that also are covered in any one of the essential health benefit benchmark plans adopted by a state.

Allen Greenberg with BenefitsPro has it exactly right when he says “employers that try to pass off bare-bones coverage as real health plans without smirking are kidding themselves… regulators (and a lot of self-respecting brokers) aren’t likely to view skinny plans as anything but a sleazy tactic that will draw plenty of scrutiny, raise eyebrows and evoke guffaws. Employers that go this route would be smart to have a Plan B ready.”

That being said skinny plans have become an option for restaurant and retail chains that are too big to fit in the small employer category or employers that up until now have offered no coverage. These types of business have a workforce that is typically made up of young and healthy workers that may find the bare bones option more attractive from a financial standpoint.  They most likely will stay in these types of plans until they actually get sick or injured and need real care. As Dennis from TWGS points out, “In most cases where an employer is seriously considering the skinny plan option, employees are not going to lose something they already have…[this segment of the employee population] doesn’t expect to get it, doesn’t care about it, cannot afford it, or for various other reasons doesn’t take it because it isn’t paid for by someone else.”

A question many will surely ask will be “is this really health insurance?” Rather than calling it insurance I find it is more of a payment plan for small maintenance care. Insurance is needed to protect people from expensive needs that befall the unlucky insured party. With all the exclusions that come with these skinny plans, it is difficult to see them as true health insurance plans.

From everything we have been told, the government’s initial intent was for employers to continue to sponsor full health benefits. This was to prevent consumers from being stuck with catastrophic bills that then become a drag on the economy. I’m curious how long it will take, before a plan that is so at odds with that intent, to catch the ire of the government. As some legal scholars watching the issue have noted, we will eventually find out whether the Obama administration will attempt to use nondiscrimination arguments to put a stop to skinny plans. All the more reason to have that “Plan B” ready.

Absence

I apologize for the absence. With two deaths in the family in the past month things were turned upside down. I have returned and ready to continue providing my take on all things risk.

Guest Speaker on Kaiser Health Hour 550 KTSA – San Antonio

On Sunday afternoon I had the great pleasure to be asked to speak on the topic of Health Care Reform with Lenore Kaiser of Kaiser Health Hour. As you can imagine we kept it as light as possible only having less than an hour to answer some of her questions but the theme was still there – If you are still waiting for guidance to be issued you have missed the boat. Your agent, broker, consultant whatever should by now be pretty deep into strategy sessions with you about what your 2014 is going to look like. If this is not happening, or is the solutions you are getting are ones that you feel came out of a magic 8 ball then it is time to look around for another agency.

Head on over and take a listen I will add the podcast here when it is available. I hope you enjoy it as much as we did.

Link to Listen to the Podcast

 

PPACA Compliance and the Onion Layers

The Deadlines for some of the most of major provisions of Patient Protection and Affordable Care Act (PPACA) or “Obama Care” are currently looming very close on the horizon,  and as an advisor I have begun to notice that many of the companies that I speak to still feel a level of unease and confusion when it comes to how they will navigate the impending changes. This unease is exacerbated by the lack of formal guidance by the government on several provisions of the law.

One thing that has been painfully obvious is that the guidance is being released like layers of an onion. The pattern has shown to be as follows: first a high-level comment, then some corrections and clarifications, then they get a little more detailed and so on. The problem is we don’t know how many layers there are to this onion. This is even more problematic when you take into account how much time has to pass between the government making the initial comment to get our attention, and the final guidance on compliance. If you have been following the maturation of the act you have seen many instances in the last year where the final regulations had to be changed from the initial proposal.

We are now about six months away from 2014 and we still have advisors, brokers, and agents preaching the “wait and see” game. Many have gone so far as to come up with creative solutions that help buy their clients and prospects time until “things get hashed out”. One such suggestion I’ve heard time and again is the shifting of enrollment dates forward to be able to take advantage 2013 rules. What is worrisome here, is with six months to go, we still don’t know about many of the notice requirements.

Among the PPACA compliance issues that employers are still trying to get their arms around are:

Automatic enrollment

Employers with 200 or more employees still do not know how they will comply with the automatic enrollment provision in the healthcare reform law.

Under the law, employers are required to notify employees about automatic enrollment and give them an opportunity to opt out of a plan in which they are automatically enrolled. However, regulators have said the automatic enrollment rules will not be published until 2014.

• Exchange notices

Employers are required to notify employees about the availability of public health insurance exchanges, but they have been uncertain about how to do so because the Department of Health and Human Services has yet to issue guidance on how those notices must be worded, as well as whether the exchange information must be communicated electronically or in print. The Department of Labor’s Employee Benefits Security Administration finally issued technical guidance in early May 2013 to assist employers in complying with this statutory notice requirement.  The guidance includes references to model notices.  One model is recommended for employers who do not offer a health plan, and another model is recommended for employers who offer a health plan to some or all employees.  (If using a model, only Part A is required for distribution; Part B is optional.)

The notice must inform employees of the exchanges’ existence, describe the services provided by the exchanges, and identify the manner in which the employee may contact an Exchange for assistance.  The notice also must inform employees that they may be eligible for a premium tax credit if they purchase coverage through an exchange.  Finally, the notice must inform employees that by purchasing such coverage, they may lose the employer contribution (if any) for any employer health coverage for which they are otherwise eligible, and that such an employer contribution may be excludable from federal income tax.

Employers must provide individualized notice to all employees, regardless of whether they are part-time or full-time, or whether they are eligible for any employer health plan.  Employers must provide the notice to all current employees by no later than October 1, 2013.  For those hired after that date, employers must provide the notice within 14 days of the hire date.  Inclusion within “new hire” paperwork is recommended.

There is no codified penalty for non-compliance at this time.  The Department of Labor has not yet promulgated regulations related to exchange notices.

On Jan. 23, federal officials announced that the notification requirement’s effective date is postponed indefinitely until regulations are issued and “become applicable.”

• Self-funded plan reporting

Self-funded employers remain uncertain about how to comply with a requirement that takes effect in 2015 that they report details of their group health plans to the Internal Revenue Service. Among other things, self-funded employers are required to report to the IRS the identities of all individuals enrolled in their plan, the dates for which those individuals were covered, and any contributions made to the total cost of benefits provided.

In particular, employers need clarity about how to determine individual plan members’ coverage effective dates and how to handle the coordination of information with the third-party administrators and insurers that administer their plans. Employers also have raised the issue of potential redundancies with other reporting requirements stipulated by the healthcare reform law.

On June 3, 2013, the IRS posted on its website an updated Form 720, as well as accompanying instructions. The new form now contains in Part II (lines marked “IRS No. 133”) a section for reporting the Patient-Centered outcomes Research Institute (PCORI) fee. The fee for 2013 is $1 per covered life, which is due on July 31, 2013, for calendar-year plans

Unfortunately, the new Form and instructions raise a few questions. The instructions state that the PCORI fee associated with insured plans should be added to the fee for self-insured plans and the total reported on line 133. It is unclear how this is supposed to work, since two different parties (insurers for insured plans and plan sponsors for self-insured plans) are responsible for the fees. Up to this point it was assumed that insurers and plan sponsors would file their own Form 720, and it is hard to see how that could be otherwise. Note also that the revised Form shows a revision date of April 2013, which is a bit odd because the Form 720 posted on the IRS website between April 2013 and June 3, 2013 also showed a revision date of April 2013, but did not address the PCORI fee at all.

• Excise tax on high-value plans

Employers still have time to comply with rules on the excise tax provision for “Cadillac plans,” because it does not go into effect until 2018. However, some employers already have started projecting the likelihood that their plans will become subject to the 40% tax on premium costs that exceed $10,200 for single coverage and $27,500 for family coverage. This provision has been pushed way down on the list as critics have pointed out that today the average cost of healthcare runs about $9,400. Considering how quickly healthcare costs are rising, this could make virtually all plans a “Cadillac” plan by next year.

Under the law, insurers will pay the tax on the plans they insure, while third-party administrators will pay the tax on behalf of self-insured plans. Insurers and third-party administrators are expected to recover the taxes they pay from employer plans.

• Full-time employee definition

A notice issued by the IRS in December gives employers a bit more flexibility than had been expected in determining which of their employees must be offered coverage under the federal healthcare reform law, experts say.

Employers that intend to utilize the safe harbor look-back method for coverage beginning January 1, 2014, must begin their  measurement periods during 2013.  The proposed regulations provide a special transition rule for 2013.  Specifically, if an employer intends to use a 12-month stability period which begins in 2014, it may use an “abbreviated” measurement period  that (1) runs at least 6 months but less than 12 months, (2) begins on or before July 1, 2013, and (3) ends no more than 90 days before the first day of the plan year that begins on or after January 1, 2014.   For example, an employer that offers a calendar-year plan and intends to use a 12-month stability period beginning on January 1, 2014, will have to begin a 6-month measurement period no later than July 1, 2013.

Under the notice, which will remain in effect at least through 2014, employers can use a retrospective measurement period lasting between three and 12 months to determine whether an employee’s hours meet the definition of “full-time.”

Even though the IRS has issued this notice, many employers are having a difficult time with the complex nature of the calculations involved. When one considered that using the wrong look-back period can cost a company thousands of dollars it is easy to understand why many business have been reeling and pushing this off.

• Transitional reinsurance fee

For 2014 there is an additional “transitional reinsurance fee” which will be assessed by Health and Human Services (HHS) to “stabilize premiums in the individual health insurance market during the initial years of the state and federal exchanges”. The fee for 2014 is expected to be $63 per covered life. We still not have seen guidance in this matter, however we expect it as we get closer to 2014.

There are some questions about whether this fee violates ERISA if it is assessed by the states. The Employee Retirement Income Security Act precludes states from regulating self-funded employee benefits plans.

• Defining minimum essential benefits

On February 1, 2013, the Treasury Department and the Department of Health and Human Services (HHS) published three proposed and final rules under the Affordable Care Act addressing several issues that are important to plan sponsors of group health plans. As background, Section 5000A(f) of PPACA defines minimum essential coverage as one of the following: (1) coverage under a specified government sponsored program, (2) coverage under an eligible employer-sponsored plan, (3) coverage under a health plan offered in the individual market within a state, (4) coverage under a grandfathered health plan, and (5) other health benefits coverage that the Secretaries of HHS and the Treasury recognize for purposes of section 5000A(f). This proposed rule addresses option (5) by providing criteria and a process by which these other types of coverage may be designated as minimum essential coverage. In addition, HHS proposes that state high risk pools initially be designated minimum essential coverage, but reserves the right to assess and reevaluate this decision. To this end, the agency is seeking comments on whether state high risk pools should automatically be designated as minimum essential coverage, or whether they should be required to follow the process outlined in other sections of the proposed rule for being recognized as meeting the necessary requirements.

Now if that doesn’t get your head spinning, they are not doing you any favors with nebulous terms such as ‘minimum essential coverage’ ‘minimum value’ and ‘essential benefits.’ Confusion arises because the terms are so easily interchangeable.

As a result, there are a lot of employers who don’t know what minimum essential coverage really is. There are a variety of possibilities. We know it’s got to provide coverage for typical medical plan services including inpatient, outpatient services and prescription drugs, as noted above. Could it be a mini-med plan? A limited medical plan looks like it could satisfy the definition. Another possibility is preventive-only coverage bolted to an indemnity plan that provides catastrophic coverage.

Application of 105(h) nondiscrimination rules

The IRS also has yet to issue regulations on how employers must apply the 105(h) nondiscrimination rules to fully insured health plans to ensure they do not discriminate against lower-paid employees. The Affordable Care Act (“ACA”) provides that non-grandfathered, fully-insured health plans will also be subject to rules “similar” to Code Section 105(h). It is not clear when this rule will become effective for such plans. The rule was supposed to have become effective in 2011, but the federal government delayed its effective date until an unknown date in the future. Note that the delayed effective date only applies for fully-insured health plans – self-funded health plans are currently subject to the rule, as they have been for several decades. The is even more troublesome for those industries that have traditionally had a management group that bought into the benefits while other lesser compensated employees chose to opt out and not participate, such as restaurants and other hospitality and service sectors.

We are now 6 months out from game time, and in many cases it can take that long just to ensure a smooth transition for those employers not subject to the mandate who had never offered it in the past. If you are wanting to sit on the sidelines and wait it out – DON’T! that time has passed. Although there are still some parts of the act that are not set in stone, there is enough guidance out there to start taking action. Get with an advisor that is knowledgeable and proficient in PPACA and work with them to put together a viable strategy for your company.

Cybersecurity Risks, Leaks, and Securities Litigation

In the wake of the Edward Snowden and Bradley Manning information leaks, it is important for companies to consider the ramifications that leaked information can mean to your enterprise when the unforeseen happens. Digital information has not only become easier to access and store but also  much easier to leak. In their search for efficiency many businesses unwittingly put themselves in a very exposed position when it comes to cyber security. The situation is exacerbated without a proper cyber-risk management strategy of proper controls, policies, and if need be appropriate methods of risk transference through insurance.

The true complexities associated with cyber – liabilities start to take form when you consider that at stake may not only be company sensitive information, private client data, and trade secrets, but also the reputation of the company and those that do business with it. A recent article in PRWeek discusses how Booz Allen is having to fight massive reputation damage in relation to the NSA leak by former employee Edward Snowden. Booz Allen quickly made a public statement – “News reports that this individual has claimed to have leaked classified information are shocking, and if accurate, this action represents a grave violation of the code of conduct and core values of our firm. We will work closely with our clients and authorities in their investigation of this matter”.

This was not enough for Wall Street as Booz Allen shares dropped Monday on news that the leaker was associated with the company. The Associated Press printed :

NEW YORK  Shares of Booz Allen Hamilton Holding Corp. (BAH) fell on Monday, after the company’s employee, Edward Snowden, stepped forward as the person who last week leaked information about secret government surveillance programs to several news media outlets.

Shares fell 76 cents, or 4.2 percent, to $17.24 in morning trading. That’s closer to the high end of the stock’s 52-week trading range of $11.85 to $19.23.

Not only did this leak cause a monumental problem to the national security of the country but we must now consider the BAH shareholders who were financially impacted due to this security breach. In October 2011, the SEC’s Division of Corporate Finance issued “Disclosure Guidance” on cybersecurity related issues. Among other things, the Guidance clarified that the agency expects companies to disclose the risk of cyber incidents among their “risk factors” in their periodic filings and also expects companies to disclose material cybersecurity breaches in their Management Discussion and Analysis. Subsequently one can expect failure to promptly disclose a cyber breach may put a company at risk of facing formal SEC investigations, shareholder class actions, or derivative lawsuits to which having applicable insurance coverage may provide protections.

Kevin LaCroix of the D&O Diary, a periodic journal containing discussions about Directors and Officers liability issues, writes:

In addition to the risk of SEC enforcement action, companies experiencing cyber breaches also face the possibility of a securities class action lawsuit. However, the memo notes, a company experiencing a cyber breach “will likely not be a target of a securities class action unless the disclosure of the breach can be linked to a statistically significant drop in the company’s share price.” In that respect, it is worth noting that several high profile companies announcing cyber breaches have not experienced a significant drop in their stock price following the announcement. (For example, recent announcements by Facebook, Apple and Microsoft that they have been the target of sophisticated cyber attacks did not affect the companies’ share prices.) Nevertheless, it seems likely that at least some companies experiencing cyber breaches or subject to cyber attacks will also suffer a drop in their share price, and “thus result in securities class action litigation.” 

Although this can be quite troubling to most enterprises, it is not news that cybersecurity risks represent a significant concern for just about every company involved in the current economy. It is becoming more obvious that discussions pertaining to cyber-liabilities and how to manage these risks in a holistic manner will be heating up over the next year as we become more aware to the associated perils.

Study Shows Cyber Insurance Utilization Low

A recent article by Anya Khalamayzer cited that based on a Willis North American reporty, more than HALF of the Fortune 500 believe their firms would be seriously harmed by a cyber-attack. With increased cloud computing adoption, more and more small to mid sized businesses are finding themselves in situations similar to their Fortune 500 counterparts. In October of 2011, the Securities and Exchange Commission (SEC) issued guidance to U.S. listed companies to provide extensive disclosure on cyber exposures.

Ann Longmore, who is an executive vice president with Willis North America and co-author of the report said “D&O liability risk may be heightened for companies that experience cyber breaches if cyber risk disclosures are deemed not to meet SEC standards and a significant loss were to occur. This may be especially true if peers have provided more detailed disclosure.” Obviously the SEC feels that companies are not doing a good job of disclosing their exposure level for cyber-liability to their shareholders.

While most companies will fall outside of the scope of the SEC guidance, it is no less important to note the damage that can be caused by a cyber attack on a middle market company. Data is one of your most important assets yet it is not covered by standard property insurance policies. The loss of critical archive data, billing files, proposals, or other hard to replace data can be a crippling blow to a company. While data security is important to many companies, it is not the only asset  that needs to be considered.  Critical electronic systems or equipment crashing can be incredibly detrimental to a business. Imagine Point of Sale systems crashing during the holiday season, or the loss of revenue associated with that system’s  downtime.

Right now, most businesses just don’t understand the perils associated with  cyber integration. Mainly this is because it is not as tangible as a fire, flooding, or employee injuries. This does not make it any less real. It is also reasonable to note that 15 percent of the Willis study group said that they do not have the resources to protect themselves from critical attacks. Usually the costliest risks are the one’s never appreciated or considered fully. This is why I implore business owners really take stock into how bad it can be if things do go south, and realistically determine the impact a liability loss would cause them.

I believe as more companies get “plugged in” we will see a rise in losses associated with these types of risks. These experiences will become part of IT consciousness  and owners, directors, and department heads will demand ways to protect themselves; it will be our job as risk consultants to educate them as to the tools available to mitigate this new and evolving risk.

Medical Device Companies May Be Exposed to Cyber Liability Risks

Some Durable Medical Equipment (DME) manufacturers may now have to educate themselves to a new risk that can pose significant chance of loss if not properly prepared for.

An alert published on the government’s Industrial Control Systems Cyber Emergency Response Team website, cited research from Billy Rios and Terry McCorkle of the cyber security firm Cylance Inc., who said they have identified more than 300 pieces of medical equipment that are vulnerable to cyber attack. They include surgical and anesthesia devices, ventilators, drug infusion pumps, patient monitors and external defibrillators.

Reuters reports that because of the alarming new revelations,  the U.S. Food and Drug Administration on Thursday urged medical device makers and medical facilities to upgrade security protections to protect against potential cyber threats that could compromise the devices or patient privacy.

“Over the past year, we’ve become increasingly aware of cyber security vulnerabilities in incidents that have been reported to us,” William Maisel, deputy director for science at the FDA’s Center for Devices and Radiological Health, said in an interview. “Hundreds of medical devices have been affected, involving dozens of manufacturers,” Mr. Maisel said, adding that many were infected by malicious software, or malware.

These new exposures have opened up a new opportunity for risk consultants to have conversations with DME manufacturers. This time, in addition to your traditional product liability insurance, it may be prudent to discuss cyber-liability coverage since this type of peril may not be specifically covered.