Schedule Appointment

HHS Gets Agressive: HIPAA Audits from 2016

HHS has become more aggressive with audits, and with increased penalties, covered entities and business associates simply cannot afford an audit on HIPAA rules and regulations.  In March of 2016, HHS's Office for Civil Rights (OCR) announced Phase 2 of its HIPAA Audit Program.  OCR released the update on the program last April. The Phase 2 HIPAA Audit Program reviews the policies and procedures adopted and utilized by covered entities and business associates to meet the requirements of HIPAA's Privacy, Security, and Breach Notification Rules.   These audits will primarily be conducted off-site, through the production of documents; however, some may be conducted on-site.

To target entities for audit, OCR is requesting that certain information be provided to them about covered entities and business associates, including contact information, size, type, and operations of potential auditees.  From this data, OCR is creating an audit pool.

If an entity does not respond to OCR’s request to verify its contact information or provide answers to additional questions, OCR will use publicly available information about the entity to create its audit subject pool. 

The data from 2016 has reflected HHS's increased audit activity.  Below is a summary of some key findings.  

In 2016, OCR reported $23.5 million in payouts for HIPAA violations. This was a record high, with the previous high occurring in 2014 with $7.9 million in payouts.  Additionally, average payouts have increased, where in 2016 the average HIPAA penalty payout was $1.81 million, up from $1.03 million in 2015.

Further, in 2016, the top causes of HIPAA breaches were unauthorized access / disclosure (44%) and hacking and IT incidents (33%).  Additionally, health care providers were the target of 79% of breaches, which is the highest on record, and health plans were the target of 14% of breaches, the second highest on record.  

Covered entities and business associates would be prudent to do a self-audit to correct any HIPAA issues, as opposed to allowing HHS to uncover such issues, thus subjecting themselves to audit and potential penalties.  HIPAA compliance is a time-consuming process; however, it is a must in light of increased federal audit activity and increased fines.  

 

 

 

 

 

 

Subscribe to our KLF Employee Benefits Blog mailing list!

* indicates required
Email Format

ACA: Repeal and Replace

On January 13, 2017, the U.S. House of Representatives set the repeal of the Affordable Care Act (“ACA”) in motion.  With a vote of 227-198, the House approved a budget resolution allowing Congress to repeal certain key provisions of the ACA without filibuster from the Democrats.  This same resolution passed the U.S. Senate on January 12, 2017, with a 51-48 vote.  The now-passed budget instructs both the Senate and the House to draft repeal legislation by January 27, 2017.  Two committees in each the Senate and the House are charged with drafting the repealing legislation.  This legislation, like the budget resolution, is also immune to filibuster and may be passed with a simple majority in both the Senate and the House. 

Because the Republicans are utilizing the budget resolution process for repeal, the entire ACA cannot be repealed, only certain provisions, including provisions with respect to the insurance marketplaces, Medicaid-expansion, and the employer and individual mandates, among others. 

Without meaningful replacement, approximately 22.5 million people will likely lose insurance coverage due to the repeal of the insurance marketplaces’ subsidies. 

As of January 1, 2017, 32 states, including the District of Columbia, have expanded Medicaid under the ACA.  Approximately 12.9 million people would lose Medicaid coverage, because the Republican legislation is expected to eliminate the federal funding provisions for such expansion.

For the approximately 150 million people covered under employer-sponsored plans, certain consumer protections, such as the ban against pre-existing conditions and coverage of young adults to age 26, are immune from change under the current budget resolution process.  However, Senate Republicans have recently voted against legislation that would preserve these provisions, thus making such provisions vulnerable. 

Replacement legislation does not have as clear of a path as repeal.  Unlike the repeal path, any replacement legislation will require a “super-majority,” not just a simple majority, meaning, for example, in the Senate, 60 votes will be required for passage.  Thus, Republicans must get cooperation from Democrats to gain the required support for a replacement bill.  Further, from the Republican camp, Congressmen have stated that repeal and replacement could occur 2 to 4 years from now, however, nothing conclusive has been determined.  The next few months will be legislatively instrumental in providing guidance as to content and timing of both repeal and replacement.

This is a process to which we must all pay careful attention, as the largest national reform to the health care system since Medicare in 1965 is about to go through another historical overhaul.  

Subscribe to our KLF Employee Benefits Blog mailing list!

* indicates required
Email Format

The DOL Fiduciary Rule: Part 2 - The Best Interest Contract Exemption - What Is It?

The DOL Fiduciary Rule:  Part 2  -  The Best Interest Contract Exemption - What Is It?

In adopting the Final Fiduciary Rule, the DOL allowed for some exemptions, most notably the Best Interest Contract Exemption ("BICE"). The BICE does not exempt advisors from the Final Rule's definition of a fiduciary.  The BICE provides relief to advisors providing non-discretionary advice and earn commissions on such advice.  This Blog provides a summary of the BICE.

Subscribe to our KLF Employee Benefits Blog mailing list!

* indicates required
Email Format

The DOL Fiduciary Rule: Part 1 - An Overview

The DOL Fiduciary Rule: Part 1 - An Overview

On April 6, 2016, the Department of Labor (DOL) publicly announced its final conflict of interest rule, or the fiduciary rule, as more often referenced, and published the rule in the Federal Register two (2) days later, on April 8, 2016.  The release of the final rule has been a tumultuous and controversial ride, to say the least.  This Blog Post provides an overview of the Final Rule.

Subscribe to our KLF Employee Benefits Blog mailing list!

* indicates required
Email Format