BAS Blog


 

Symantec DLP Used to Protect BAS Systems

BAS takes the privacy and security of its clients' information very seriously. Toward that end, BAS utilizes state of the art security and virus protection software. In addition to the "gold standard" Tripwire, BAS incorporates Symantec Data Loss Prevention Software (DLP) to protect the flow of information.

Read More »

COBRA Disability Extension

Q.- A COBRA continuant requested an extension of coverage due to disability. The continuant provided a copy of the Social Security Administration's disability award. However, the COBRA continuant provided this information after the expiration of his 18 month COBRA period and wants the COBRA reinstated retroactively. Do we have to approve a disability extension?

Read More »

Wellness Program's ADA Implications

The U.S. Court of Appeals for the 11th Circuit recently held in Seff v. Broward County that a wellness program complied with the Americans with Disability Act (ADA) safe harbor provisions.

Read More »

Individual Mandate May Have an Unintended Impact

Health care reform's individual mandate requires most Americans to maintain minimum essential health insurance coverage. Beginning in 2014, individuals who do not comply with the individual mandate must make a "shared responsibility payment" to the federal government. The payment, which is labeled a "penalty" under the Affordable Care Act but has been determined to be a "tax" by the United States Supreme Court, is calculated as a percentage of household income, subject to a minimum based on a dollar amount and a maximum based on the average annual premium the person would have to pay for qualifying health coverage. For example, in 2016, the penalty will be 2.5% of an individual¹s household income, but no less than $695 and no more than the average yearly premium for insurance that covers 60% of the cost of 10 specified services. The penalty is paid to the Internal Revenue Service with an individual¹s income taxes.

According to new Congressional Budget Office estimates, approximately 6 million people will be required to pay a penalty for not maintaining appropriate health coverage. This new estimate is significantly higher than the CBO's estimate in 2010 when the Affordable Care Act was passed.

Read More »

Qualified Transportation Benefits

Many employers, particularly employers in urban locations, provide qualified transportation benefits to their employees. A Qualified Transportation Plan is offered under Section 132 of the Internal Revenue Code and can allow employees to pay a portion of their commuting expense with pre-tax dollars.

Read More »

Guidance on 90 Day Waiting Period Limitation Under Health Care Reform

The Affordable Care Act provides that for plan years beginning on or after January 1, 2014, a health plan cannot apply any waiting period that lasts more than 90 days. A waiting period is a period of time that must pass before an individual is eligible to be covered for benefits under the plan or before coverage for an individual becomes effective under the plan.

Read More »

Question of the Week

Q.- We offer employees the opportunity to participate in a health flexible spending account plan. We contribute $3,000 to each employee's FSA. I know there are new limits on FSA contributions. Can we continue to contribute to the FSA?

Read More »

Unencrypted Laptop Theft Leads to $1.5 Million HHS Settlement

The U.S. Department of Health and Human Services (HHS) announced a $1.5 million settlement with Massachusetts Eye and Ear Infirmary (“MEEI”). The settlement is a result of an Office of Civil Rights (OCR) investigation after MEEI’s self-reported loss of an unencrypted personal laptop computer that contained electronic Protected Health Information (ePHI).

The HITECH breach notification amendments to HIPAA require covered entities to provide notice to individuals whose unsecured ePHI has been breached. Covered entities must also notify HHS within 60 days of discovery of a large breach impacting 500 or more individuals. Only events that meet HITECH's definition of "breach" must be reported. Generally, a breach for HITECH reporting purposes is an unauthorized use or disclosure of electronic PHI that is not secured and that causes a significant risk of financial or reputational harm.

Read More »

Determining Full-Time Employees for Pay-or-Play Penalty

Beginning 2014, certain employers must offer their employees appropriate health coverage or be subject to a tax penalty. See our article dated July 5, 2012. This "pay or play" penalty under health care reform applies to large employers, which the Affordable Care Act considers to be employers with 50 or more full-time equivalent employees. Under the rules, a monthly penalty may be imposed on a large employer when certain of its full-time employees receive subsidized health insurance coverage through a state health insurance exchange, if the employer does not offer health coverage or if the health coverage offered by the employer does not provide minimum value. Employers will have to be able to calculate the number of full-time employees they employ in order to determine if they will be subject to the pay or play penalty.

Read More »

Telemedicine – A New Enhancement to Employee Benefits

Telemedicine is a relatively new health care concept that is a desired enhancement to many health plans. According to the American Telemedicine Association, "Telemedicine is the use of medical information exchanged from one site to another via electronic communications to improve patients' health status." Employers appreciate telemedicine as it can reduce time away from work, due to less time in doctors' offices and reduced phone calls for appointment scheduling.

Read More »

Question of the Week - Change in DCAP Election for Spouse's Work Schedule

Q.- We have an employee who wants to change her Dependent Day Care Flexible Spending Account Plan contribution amount because her spouse has switched from full-time to part-time employment. Can we allow her to reduce her contribution election?

Read More »

Cobra Control Services, LLC Provides Automated COBRA Administration

BAS' COBRA administration service through its subsidiary Cobra Control Services, LLC provides a full-service COBRA administration alternative. Our automated process offers employers a needed tool to outsource COBRA administration at on-demand, wholesale pricing.

Read More »

Approved Software List

Employers may benefit from implementing procedures to address software employees download to company computers for both personal and business use. Monitoring software on company computers can cut the risk of malware or potential viruses infecting company data.

Read More »

Question of the Week - HIPAA Applicability to FMLA Documentation

Q.- One of our employees has requested FMLA leave and has provided a lot of documentation from her doctor about her medical condition. Do I have to be concerned with HIPAA?

Read More »

Religious Exemption for Women's Contraceptive Coverage

The Affordable Care Act requires non-grandfathered health plans to provide coverage for preventive care services without cost-sharing. Some preventive care services relate specifically to women's health issues. To review our article on women's preventive health services, click here.

Read More »

Consider Disability Issues when Implementing Technology Changes

The Department of Labor recently posted a blog entry reminding employers to consider disability discrimination issues when implementing technology in the workplace.

Read More »

How to Correct a Denied Flexible Spending Account/Health Reimbursement Account Claim

Each week, BAS receives more than 2,500 flexible spending account and/or health reimbursement account claims. Approximately 85% of claims submitted to BAS are properly filed and substantiated, and, subsequently, reimbursed during the weekly claims reimbursement on Tuesday. However, some claims cannot be paid because the substantiation supporting the claim does not contain sufficient information. Common examples of receipts that do not contain enough detail to substantiate a claim include: cash register receipts for prescription copays; provider payment receipts that do not contain dates of service or the reason for the expense; and receipts for services or items with both a medical and non-medical purpose (also known as dual-purpose items or services) that are not accompanied by a physician’s letter of medical necessity.

Many FSA/HRA plans offer a period for participants to cure denied claims. For plans subject to ERISA, the period is typically 180 days or more from the date the claim is denied. Correcting an claim that was denied because of inadequate substantiation can be easy. We offer suggestions below to assist with correcting a denied claim.

Read More »

NIST Offers Risk Assessment Toolkit for HIPAA Security Rule Analysis

The Security Rule of the Health Insurance Portability and Accountability Act (HIPAA) established national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. One key safeguard required for compliance with the Security Rule is the completion of regular risk assessments. As we have previously reported, the absence of a formal risk assessment can be grounds for substantial fines for non-compliance with the Security Rule (see Lack of HIPAA Training and Risk Analysis cited in $1.7 Million HHS Settlement). As part of its regulatory and enforcement role, the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) established guidance that identifies the essential elements of a risk assessment.

The National Institute of Standards and Technology (NIST) released a “HIPAA Security Rule Toolkit” to assist covered entities and business associates with conducting a risk assessment, as required by HIPAA’s Security Rule. NIST’s toolkit is a single-user, stand-alone software that guides the user through the 45 specifications established by OCR. NIST designed the software to be used by both large entities and smaller entities with little IT knowledge or access. However, the technical questions can be difficult to answer without experience or background knowledge in IT and the Security Rule. Overall, the software can prove a valuable tool in getting entities started on the path of risk analysis or ensuring the risk analysis is sufficiently robust.

Read More »