Benefits Counselor – February 2021

  1. Home
  2. News & Insights
  3. Benefits Counselor – February 2021

RETIREMENT PLAN DEVELOPMENTS

DOL Issues Guidance on Missing Participants

On January 12, 2021, the Department of Labor (DOL) issued highly anticipated guidance regarding fiduciary duties to locate and distribute retirement benefits to missing or nonresponsive participants. This new sub‑regulatory guidance is non‑binding and is intended to provide clarity regarding existing requirements.

The guidance includes three parts, which are summarized below. For additional information, please see Reinhart's forthcoming e-alert on the subject.

Missing Participants – Best Practices for Pension Plans

This guidance describes what the DOL views as "best practices" for retirement plan fiduciaries in addressing missing participants and identifies red flags that may signal that a plan has a problem with missing participants. Among other practices, the DOL recommends that plans regularly audit census information and periodically contact participants and beneficiaries to verify or update contact information. The DOL also identifies several steps for plan administrators to find missing participants and indicates that plans should have a written procedure regarding missing and unresponsive participants.

Compliance Assistance Release No. 2021‑01

As part of its guidance, the DOL published an internal memorandum provided to Employee Benefits Security Administration (EBSA) Regional Offices intended to make the audit practices in the DOL's Terminated Vested Participants (TVP) Project more uniform nationwide. This DOL guidance outlines the TVP investigation process, provides examples of situations in which the EBSA opens TVP investigations and describes the type of information and records requested during an investigation. The guidance also describes the types of errors EBSA looks for in investigations.

Field Assistance Bulletin No. 2021-01

The third piece of guidance provides a temporary enforcement policy regarding the use of the Pension Benefit Guaranty Corporation's (PBGC) expanded Missing Participants Program by a terminating defined contribution plan. Under FAB 2021‑01, the DOL will not pursue a fiduciary breach claim against a plan fiduciary or a Qualified Termination Administrator of an abandoned plan (QTA) that transfers accounts of missing participants in terminating defined contribution plans to the PBGC under the PBGC's missing participant program, provided certain conditions are met.

IRS Issues Annual Update to Determination Letter Procedures

On January 5, 2021, the Internal Revenue Service (IRS) published Revenue Procedure 2021‑4 (Rev. Proc. 2021‑4), which contains its annual update to the procedures for private letter rulings and determination letter requests, the user fees associated with various requests and general information about the types of advice provided by the IRS on benefit plan matters.

The revisions in Rev. Proc. 2021‑04 primarily relate to determination letter requests. Highlights include:

  • Form 5310. The procedures were revised to provide that Form 5310, Application for Determination for a Terminating Plan, must be submitted electronically beginning on August 1, 2021; plans may begin submitting Form 5310 electronically beginning on April 16, 2021.
  • Leased Employees. The procedures include information that must be provided for requests related to leased employees and note that applicants seeking rulings on the status of leased employees must specifically request such ruling in the cover letter.
  • Merged Plans. The IRS modified the procedures for determination letter requests for plans resulting from a merger of two or more plans.
  • Governmental Plans. The procedures include a new category for determination letter requests for certain preapproved governmental pension plans.

Rev. Proc. 2021‑4 also contains updates to the user fees for determination letters, as announced in Announcement 2020‑4. Effective January 4, 2021, the user fee for requests using Form 5300 (Application for Determination for Employee Benefit Plan) increased to $2,700, the fee for requests using Form 5307 (Application for Determination for Adopters of Modified Volume Submitter Plans) increased to $1,000, and the fee for requests using Form 5310 (Application for Determination for Terminating Plan) increased to $3,500.

HEALTH AND WELFARE PLAN DEVELOPMENTS

Cybersecurity Amendment to HITECH Becomes Law

On January 5, 2021, President Trump signed into law an amendment to the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) that strongly encourages covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to adopt cybersecurity measures. The cybersecurity amendment requires the Department of Health and Human Services (HHS) to consider whether a covered entity or business associate had "recognized security practices" in place for at least the prior 12 months when making determinations relating to fines under HIPAA, decreasing the length and extent of an audit, or agreeing to other remedies for potential violations of the HIPAA Security rule.

The term "recognized security practices" generally means cybersecurity standards and approaches developed under the National Institute of Standards and Technology Act and the Cybersecurity Act of 2015, as well as other federally developed or recognized programs and processes that address cybersecurity. The cybersecurity amendment does not allow HHS to increase fines or the length, extent or quantity of audits due to a lack of compliance with the recognized security practices. Additionally, covered entities and business associates will not be liable for declining to engage in the recognized security practices.

EEOC to Propose New Wellness Program Rules, Pending Approval

The Equal Employment Opportunity Commission (EEOC) announced that it would propose new rules for wellness programs under the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA). However, the proposed rules are subject to a regulatory freeze and are awaiting review by the Biden Administration.

The pending proposed rules would eliminate meaningful incentives for most wellness programs that require disclosure of medical information. In general, wellness programs could offer only de minimis incentives (such as a water bottle). However, "health‑contingent" wellness programs that require participants to satisfy a standard related to a health factor to receive a reward or avoid a penalty may continue to offer the maximum incentive under HIPAA (30% of the total cost of coverage, or 50% to the extent the wellness program is designed to prevent or reduce tobacco use), as long as they comply with the HIPAA requirements. Notwithstanding this exception, wellness programs could offer only a de minimis incentive for an employee's family members to provide information about their diseases or disorders.

The ADA notice requirement would also be eliminated, although health contingent wellness programs still must provide a notice under the HIPAA rules regarding the availability of a reasonable alternative standard to qualify for the incentive.

Agencies to Examine Health Care Accessibility

On January 28, 2021, President Biden issued an executive order regarding the Affordable Care Act (ACA) and Medicaid. The order directs agencies to reexamine rules and policies that limit access to health care, and consider whether to take additional actions to protect and strengthen that access.

The executive order also revokes two executive orders issued by President Trump and directs agencies to reexamine actions related to or arising from them. The revoked orders are Executive Order 13765 of January 20, 2017 (Minimizing the Economic Burden of the Patient Protection and Affordable Care Act Pending Repeal), and Executive Order 13813 of October 12, 2017 (Promoting Healthcare Choice and Competition Across the United States). The former generally directed the federal agencies to waive, exempt or delay the implementation of any ACA rule that would impose a financial or regulatory burden. The latter prompted the expansion of association health plans; short‑term, limited‑duration insurance; and health reimbursement arrangements. It also provided that federal rules and guidelines should work to increase competition in healthcare and improve access to information, including data about healthcare prices and outcomes.

5th Circuit Vacates Fine, Holds HHS to Regulatory Standard in Enforcing HIPAA

On January 14, 2021, the Fifth Circuit Court of Appeals vacated a $4,348,000 penalty against the University of Texas M.D. Anderson Cancer Center (M.D. Anderson) and tightened standards for enforcement of the encryption and disclosure rules under HIPAA, as amended by HITECH.

This case, University of Texas M.D. Anderson Cancer Center v. U.S. Department of Health and Human Services, arose after M.D. Anderson informed HHS of three losses of patient data. The losses occurred when an unencrypted laptop was stolen and two individuals dropped or misplaced unencrypted thumb drives in 2012 and 2013. In all, the laptop and thumb drives contained electronic protected health information (ePHI) for about 35,000 people. As further described in our article on this case, the court took issue with HHS's imposition of a penalty, which it found arbitrary, capricious, and contrary to law, for four reasons:

  1. D. Anderson satisfied the rule requiring "a mechanism" to encrypt ePHI, even though its mechanisms did not prevent the loss of patient data;
  2. There was not an affirmative act of disclosure, and HHS could not prove that someone outside of M.D. Anderson received the ePHI;
  3. HHS came down much harder on M.D. Anderson than it had on other covered entities in similar cases; and
  4. HHS calculated the penalties based on an incorrect interpretation of the law, which it later acknowledged in a notice of enforcement discretion.

GENERAL DEVELOPMENTS

DOL Issues 2021 Adjusted Penalty Amounts

The DOL has adjusted the civil monetary penalties that may be assessed for various benefit‑related violations, effective for penalties assessed after January 15, 2021. The Inflation Adjustment Act of 2015 requires an annual adjustment of civil penalty levels for inflation.

Some of the notable increases include:

  • Form 5500. The penalty for a plan administrator's failure to file an annual report for the plan has been increased to $2,259 per day, up from $2,233.
  • Certain Retirement Plan Disclosures. The penalty for various retirement plan disclosure failures, including a multiemployer plan's failure to provide notice upon request of potential withdrawal liability, the failure to provide a notice of a funding‑based limit on benefits or benefit accruals and the failure of plans with automatic contribution arrangements to provide the required notice to participants has been increased to $1,788 per day, up from $1,767.
  • Blackout Notices. The penalty for failing to provide blackout notices or notices of diversification rights increased to $143 per day, up from $141.
  • Improper Distribution. The penalty on a plan fiduciary who makes an improper distribution has been increased to $17,416 per improper distribution, up from $17,213.
  • GINA Violations and CHIP Notice. Penalties for violations of the GINA and failures relating to disclosures regarding the availability of Medicaid and Children's Health Insurance Program (CHIP) have increased to $120 per employee per day, up from $119.
  • The maximum penalty for failing to provide a summary of benefits and coverage (SBC) increased to $1,190 per failure, up from $1,176.

UPCOMING COMPLIANCE DEADLINES AND REMINDERS

Health Plan Compliance Deadlines and Reminders

Form M‑1: Association health plans and other multiple employer welfare arrangements (MEWAs) that provide health coverage must file their annual Form M‑1 with the DOL by March 1, 2021.

HIPAA Breach Reporting: Plans must file their annual breach reports with the Office for Civil Rights (OCR) by March 1, 2021. The annual breach report is for breaches involving fewer than 500 individuals that occurred during the preceding year. Breaches involving 500 or more individuals must be reported no later than 60 calendar days from the date of the breach's discovery.

ACA Reporting Information

Furnish Forms 1095-B and 1095-C to Participants: Subject to limited exception, plan sponsors of self‑funded health plans and Applicable Large Employers (ALEs) must distribute Forms 1095‑B and 1095‑C to participants by March 2, 2021.

File Forms with IRS: Plan sponsors and ALEs must file the transmittal Forms 1094‑B and 1094‑C with their corresponding Forms 1095 with the IRS by March 1, 2021 or March 31, 2021 if e‑filing.

Retirement Plan Compliance Deadlines and Reminders

Form 1099‑R: Plan sponsors must file the Form 1099-R with the IRS by March 1, 2021 or March 31, 2021 if e‑filing.

Posted

Related Practices