Self-Insurer June 2013

June 2013

www.sipconline.net

The Case For Self Insurance: Overcoming Common Myths

2 June 2013 | The Self-Insurer © Self-Insurers’ Publishing Corp. All rights reserved.

Features

4 the Case For self Insurance: Overcoming Common Myths by George J. Pantos, Esq.

Worksite Clinics - the Next Generation by Jonathan Spero, M.D, CEO, InHouse Physicians

employment Liability and Other Taxable Claims – How taxes and Periodic Payments Can Help Get them settled by John McCulloch, JD, CSSC

The Self-Insurer | June 2013 3© Self-Insurers’ Publishing Corp. All rights reserved.

JUNE 2013 | Volume 56

June 2013 The Self-Insurer (ISSN 10913815) is published monthly by Self-Insurers’ Publishing Corp. (SIPC), Postmaster : Send address changes to The Self-Insurer P.O. Box 1237 Simpsonville, SC 29681

editorial staff

PuBlIShINg DIreCTOrJames A. Kinder

MANAgINg eDITOrerica Massey

SeNIOr eDITOrgretchen grote

DeSIgN/grAPhICSIndexx Printing

CONTrIBuTINg eDITOrMike Ferguson

DIreCTOr OF OPerATIONSJustin Miller

DIreCTOr OF ADverTISINgShane Byars

Editorial and Advertising OfficeP.O. 1237, Simpsonville, SC 29681(888) 394-5688

2013 self-Insurers’ Publishing Corp. Officers

James A. Kinder, CeO/Chairman

erica M. Massey, President

lynne Bolduc, esq. Secretary

artICLes

10 ArT gallery: Conversation with a self-insurance convert

14 life’s a Breach, Part II: Omnibus rule revises What Constitutes a Breach under the hIPAA hITeCh Breach NotificationRequirements

28 rrgs report Financially Stable results at Year-end 2012 by Douglas A Powell

42 The Changing regulatory landscape for Stop loss Insurance by Fred e. Karlinsky, richard J. Fidei and erin T. Siska

INdustry LeadersHIP

48 SIIA President’s Message

www.sipconline.net

38

24


The Case For Self Insurance: Overcoming Common Myths

by George J. Pantos, Esq.

© Self-Insurers’ Publishing Corp. All rights reserved. The Self-Insurer | June 2013 5

In today’s changing healthcare landscape, the political discourse on Capitol hill and in many state legislatures is replete with

misstatements, charges, and claims about the so-called problems, shortcomings and risks faced by employers – primarily medium-sized and small employers – who choose toselfinsurehealthbenefitsfortheirworkforce population.

As a four decade long journeyman in the erISA legal trenches, this is one man’s attempt to set the extensive record straight with documented responses to the most common myths advanced by critics of self-insurance.

Myth: Federal preemption is a major erIsa “loophole”

Response: To call preemption a major “loophole” belies the historical record of self-insured plan growth under erISA and ignores the explicit wording by Congress which distinguishes between employer-sponsored self-insurance and commercial insurance.

Nearly 80 million individuals – a record all-time high – received their healthbenefitsthroughaself-insurederISA plan in 2010. According to the Kaiser annual survey of annual employer trends, that’s 60 percent of working individuals under age 65.1 The numberofworkersinsmallfirms(3-199 workers) alone increased to 15 percent in 2012-- up from 10 percent in 2003.2 Conducted in conjunction with the National Opinion research Center and the university of Chicago, the annual Kaiser Survey is the most comprehensive u.S. look at national trends in employer sponsored health coverage.

erISA’s preemption provisions reflectanationalpurposeinfederallaw to facilitate the administration of

uniformbenefitsacrossstatelines.ByenactingERISA’s“deemer”clauseCongressprohibitedstatesfromdeemingemployersponsoredbenefitplanstobeinsurancecompanies. Congress thus gave life to a clear and explicit statutory exception to the insurance “savings” clause by exempting self-insured plans from the threat of often costlyandconflictingstatelaws.WithmorethanhalfofworkingAmericanscoveredby self-insurance over the nearly forty years since passage of erISA, congressional intent in distinguishing between self-insurance and commercial insurance has proven to be sound policy.

With few exceptions, the courts have interpreted erISA’s preemption clause very broadly and the distinction between self-insurance and commercial insurance has been upheld repeatedly by the u.S. Supreme Court for nearly four decades.3

Myth: self-Insurance provisions in aCa are a major “loophole” that will cause adverse selection against health insurance exchanges

Response: Similarly, there is no rational or historical basis to assert that self-insurance under ACA will cause adverse selection in future state health insurance exchange pools. As with erISA, Congress explicitly chose in ACA to distinguish between self-insured and insured plans. In other pre-ACA federal laws such as hIPAA, both self-insurers and insurers are prohibited from covering only healthy employees.4 ACA also bars discrimination by both self-insurers and insurers against plan participants based on health status.5 In a 2011 study conducted for the DOl under ACA, rAND COrPOrATION concludes that self-insured plans “do not pose a threat of adverse selection in the small group market once the new law is implemented.”6

Alater2012U.S.DepartmentofLaborReporttoCongressconfirmsthatself-insured plan membership mirrors a cross-section of workforce risk.7 employers that self-fundhealthbenefitscoverabroadcross-sectionofparticipantswithlow,mediumand high risks. As self-insured and insured plans have similar membership characteristics, there is no rational basis for highly speculative assertions that self-insured plans “cherry pick” by enrolling healthier employees and may cause adverse selection.

Myth: enrollees in self-insured plans are deprived of important aCa consumer protections.

Response: Not true. Self-insured plans are subject to most of the same ACA coverage requirements and protections that are imposed on commercially insured plans. With minor exceptions, ACA protections – enacted by Congress to remedy what were called “abusive insurance industry practices” – also apply to enrollees in self-insured plans. Among many provisions that apply to both self-insured and insured plans, ACA prohibits coverage exclusions based on pre-existing conditions, prohibits discrimination based on health factors, requires dependent children to remain under parent plan coverage until age 26, eliminates lifetime and annual caps, requiresfirstdollarcoverageforpreventiveservice,requiresuniformexplanationofplanbenefits,requiresinternalandexternalclaimsproceduresandlimitsout-of-pocket spending.8 Certain provisions such as medical loss ratios (Mlrs), rebates, and community rate rules labeled by critics as “loopholes”, in reality, are intended properly by Congress to apply only to commercial insurers.

Beginning in 2012, Mlr rules require commercial insurers who collect premiums andareinthe“businessofinsurance”tousepremiumrevenuestomeetspecific


minimumbenefitpaymentstandardsrather than excessive administrative costs, such as for executive salaries and marketing expenses – or make refunds to customers. The Commonwealth Fund has found that, for some small employers, as much as 30 percent of premium payments go to administration.9 In this regard, 16 million consumers and businesses received about $1.3 billion in rebates from insurance companies in 2012, including $377 million in the small employer market.10

Myth: regulations should be enacted to limit the ability of small groups to self-insure health benefits.

Response: While self-insurance is not for everyone, annual insurance premium increases have accelerated the trend by small employers to consider self-insurance as a viable alternative to commercial insurance. ever increasing health care costs are one of the most important challenges impacting small business firmswhicharethebackboneoftheu.S. economy. Studies show that small firmspay18percentmoreforhealthcoveragethanlargerfirms,whilefirmswith10to24workerspay10percent more.11 And the cost of u.S. healthcare services is expected to rise 7.5 percent in 2013, more than three times the projected rate of inflationandeconomicgrowth.12

eliminating the ability of small employers to self-insure would not only add to already spiraling health costs, but may even create higher levels of uninsured employees. limiting small employer ability to self-insure would be associated with a “decline in the total number individuals enrolled in health insurance coverage,” according to rAND.13

employers must be able to meet soundactuariallydeterminedfinancialstandards to demonstrate they are capable of self-insuring. under existing laws, employers of all sizes who can meet recognized standards have the freedom to choose the most appropriate method to fund their health plans, including recognized alternative risk transfer (ArT) methods such as self-insurance.

eliminating the ability of small employers to self-insure would not only add to already spiraling health costs, but may even create higher levels of uninsured employees. The rAND study states that total enrollment in coverage is higher in the small market where self-insurance is allowed.14

exacerbating the small employer cost problem, many insurers already havefiledfordouble-digitpremiumincreases, which hhS has criticized as unwarranted.15Reflectingtheseincreases,privateinsurerfinancialreports to the Securities and exchange Commissionfor2010throughthefirsthalf of 2011 document that premium revenues have been well above paymentsformedicalclaims,withprofitmargins at historic highs and rapid accumulation of reserves well beyond state insurance requirements.16

Myth: self-insured plans do not provide adequate value to enrollees.

Response: As noted, in large part, the value of self-insurance as an alternativefundingmethodisreflectedin the large number of covered participants in self-insured plans of all sizes as reported in recent studies. According to the 2010 Annual Kaiser Survey, 57 percent of covered workers infirmswiththreeormoreworkerswere in self-funded plans in 2010.17 This includes 26 percent of workers among smaller plans with 100 to 199

participants. Based on an analysis of the Kaiser data, rAND reports that the share of employee enrollment in self-insured plans rose from 52.6 percent in 2006 – up to 57 percent in 2010.18

The principal advantages of self-insuring for employers have been well documented; greater control overdesignofplanbenefitsandprovider networks, costs based on their own claims experience, control overreserves,improvedcashflowanduniformbenefitstoworkersindifferent locations. Moreover, access to plan claims data provides self-insured employers with the ability to design wellness programs directly targeted toworkforcehealthprofilesthathaveproven successful in reducing costs.

using data on deductibles, copayments and other out-of-pocket expenses to measure the relative generosity of health plans, rAND researchers concluded that there is little difference in plan generosity between fully insured plans when comparing plans of the same size, including small plans with 3 to 199 workers.19 In the study conducted for hhS in collaboration with the u.S. labor Department, rAND found that self-insured plans offered by small and mid-sizedfirmscoveredapproximatelythe same proportion of medical expenses as fully insured plans.20

rAND reports that the state regulatory environment, exacerbated by the excessive prices employers must pay for administrative services in commercial plans, plays a major role in employer decisions to self-insure healthbenefits.21 Studies show that of the $95 billion paid by consumers and employers in premiums to u.S. commercial insurers in 2007, about 7.5 percent was paid for insurance administration – the highest share in the world.22 These costs were paid for advertising, sales commissions,


underwriting, and other administrative functions as well as net additions to insurer reserves, rate credits and dividendsandprofits.23

While state mandates provide added protection to some consumers in commercially insured plans, they impose additional costs that most often are passed along to employers in the form of higher premiums. By contrast, inadditiontogreatercostefficiencyand lower administrative expenses, self-insured employers add value by retaining for their own investment purposes that portion of premiums collected by insurers to fund insurer reserverequirementsandprofits.Self-insured employers add additional value-basedplandesignbytailoringbenefitpackagestomeetspecificworkforceneeds rather than costly mandated statebenefits.24

Other important factors which add value include greater plan autonomy andplancontrolandtheflexibilityundererISA for employers operating across statelinestoofferuniformbenefitpackages. While not always covering certainstatebenefitsmandatedinfullyinsured plans, self-insured plans are no less generous overall, and in many instances provide even more generous benefits,accordingtointerviewsconducted for the rAND study.25

Myth: state regulation of stop loss attachment points is needed and legislative proposals calling for higher attachment points should be supported.

Response: Several states and the NAIC have attempted to regulate stop-loss attachment points which they contend “could” pose a threat to state exchanges coming on line in 2014. In proposing higher stop-loss attachment points, state legislators

have poorly masked their real intent to curb the self-funding method for small

employers.

In proposing extremely high individual attachment points ($45,000), legislation such as

California’s SB 161, and similar state legislative proposals, are designed to negatively impact

thedecisionofmostotherwisefinanciallyqualifiedsmallemployerstoself-insurehealth

benefits.Bymandatingthatsmallemployersassumegreaterfinancialrisk,suchproposals

would have the effect of eliminating the entire cash funding reserves of most self-insured

small employers.

Such state legislative proposals raise the legal issue of federal preemption and

the bounds of permissible state insurance regulation under erISA. Many states do

not have minimum requirements for stop-loss and only three states have passed

laws based on NAIC’s 1999 “model” stop-loss act recommending a minimum

attachment point of $20,000 per person.26

however, federal courts have held that states cannot regulate stop-loss insurers

inamannerthatinfluencesthestructureoradministrationoftheunderlyingself-

insured plan, such as by regulating attachment points.27 Courts also have held that

statescannotdefineatwhatpointaself-insuredplanbearssolittlerisk(dueto

generous stop-loss attachment points) that the plan is no longer self-insured and

the stop-loss carrier is a primary health insurer.28 Thus, if enacted into law, proposals

such as SB 161 clearly would be subject to a preemption challenge under erISA’s

federal provisions.

Myth: A federal definition of self-insurance is needed Response: Callingforafederaldefinitionofself-insuranceassumesthatsmall

employersneedtoassumemoreriskforhealthbenefitsinordertoqualifyas

qualifiedself-insuredplansponsors.Withoutdefining“significant,criticsproposethat

selfinsuredplansshouldbear“significantrisk,”andthatstop-lossattachmentpoints

besetata“significantlevel.”Thisunrealisticapproachisnotonlyinconsistentwith

erISA and other federal laws relating to insurance regulation, but also ignores the

historicalnatureofstop-lossinsuranceasaclassofindemnificationcoveragefor

employer catastrophic losses.

At its core, stop-loss insurance programs are forms of excess liability protection

designed to indemnify employer plan sponsors for health care expenses above

predetermined dollar amounts. While stop-loss carriers are subject to state

insurance regulation as insurers, this is not the same as regulating health insurance

* TPA and Stop-Loss Savings Specialists

* Products for Group Health, Workers’ Comp. & Auto Liability

* Industry Leading Bill Review Services

* Our SERVICE separates us from the competition!


carriersthatbearhealthrisklossforindividuals.Varyingbystate,specificregulationof stop-loss insurers generally covers solvency and licensing requirements and regulation of investments. More closely resembling property and casualty insurance, stop-loss is a form of catastrophic insurance coverage that reimburses an employer for unforeseen and abnormally high plan expenses. The protection offered by comprehensivestop-losscoveragereflectsitsvalueinhelpingplansponsorsincluding small employers to manage catastrophic plan events. Since stop-loss insurancedoesnotbearfinancialresponsibilityforindividualplanparticipantsthereisnorationalbasistoclassifystop-lossinsuranceashealthinsuranceortodefineself-insurance based on federally regulated attachment points. n

George J. Pantos, Esq. is Executive Director of the Healthcare Performance Management Institute (www.hpminstitute.org) and former General Counsel, Self Insurance Institute of America.

1KaiserFamilyFoundationandHealthResearch&EducationTrust,2012EmployerHealthBenefitsSurvey2Ibid.3See Metropolitan life Insurance Co. v. Massachusetts, 471 u.S. 724(1985) (discussing erISA’s “savings” and “deemer” clauses.4health Insurance Portability and Accountability Act (hIPAA), Pub.l. No104-191,1996.5Affordable Care Act (ACA) P.l. 111-118 (2010).6rAND COrPOrATION, employer Self-Insurance Decisions and the Implications of PPACA, report to u.S. Department of labor (2011).7Secretary of labor, Annual report to Congress on Self-Insured group health Plans (2011) and (2012).8See note 6.9S.Collins, ”Medical loss ratio regulation good For Consumers”, Commonwealth Fund Blog (Nov.2010).10Kaiser health News , Insurer rebates under Medical loss ratios for Consumers (Nov. 2010).11J.gabel,r.McDevitt et al., Commonwealth Fund health Affairs, May-June 2006 25(3) 83243.12PricewaterhouseCoopersResearchInstitute,availableatwww.pwc.com/us/en/healthbehind-the-numbers/keyfindings.13See note 6.14See note 6.15See note 6.16R.Abelson,“HealthInsurersMakingRecordProfitsasManyPostponeCare”,NewYorkTimes,May3,2011.17KaiserFamilyFoundationandHealthResearch&EducationalTrust,2010EmployerHealthBenefitsSurvey.18See note 6.19Ibid.20rAND COrPOrATION, report to u.S. Department of health and human Services in collaboration with u.S. Department of labor, report to Congress On Study of large group Market (2011).21Ibid.22The Commonwealth Fund, Issue Brief “ how health Care reform Can lower the Costs of Insurance Administration”, (July 2009).23CenterforMedicareandMedicaidServices,OfficeoftheActuary,NationalHealthExpenditureAccounts,availableatwww.cms.gov/NationalhealthexpendData/downloads/dsm-o7.pdf.24healthcare Performance Management Institute, governance, risk and Compliance Management Strategies for Self-Insured health Plans, White Paper (2011).25See note 20.26NAIC Model #92: Stop loss Insurance Model Act (Only Minnesota, New hampshire and vermont have adopted the model law).27American Medical Security v. Bartlett, 111 F3d 358, (4th Cir. 1997) cert denied, 118 S.Ct. 2350 (1998).28Brown v granatelli , 897 F2d 1351 (5th Cir. 1990, cert. denied 498 u.S.848 (1990).


He has a new heart. His employer has peace of mind. With stop-loss coverage from Sun Life, your clients are protected against catastrophic claims. And they get the benefit of an independent point of view from one of America’s leading stop-loss providers. In the past three years alone, we processed 68,000 claims —over $1.3 billion in payouts. Why not put our expertise to work for you? Ask your Sun Life rep how.

sunlife.com/wakeup

Group insurance policies are underwritten by Sun Life Assurance Company of Canada (Wellesley Hills, MA) in all states, except New York, under Policy Form Series 02-SL and 07-SL. In New York, group insurance policies are underwritten by Sun Life Insurance and Annuity Company of New York (New York, NY) under Policy Form Series 02-NYSL and 07-NYSL. Product offerings may not be available in all states and may vary depending on state laws and regulations.

© 2013 Sun Life Assurance Company of Canada, Wellesley Hills, MA 02481. All rights reserved. Sun Life Financial and the globe symbol are registered trademarks of Sun Life Assurance Company of Canada. PRODUCER USE ONLY. SLPC 24842 04/13 (exp. 04/15)

HELP YOUR CLIENTS

TO THE BENEFITS OF STOP-LOSS.

Life’s brighter under the sun


by Dick Goff

art gAllerYConversation with a self-insurance convert

Isn’t it wonderful how self-insurance and other ArT forms keep eluding the fatal blows of those who would put us out of business? Think of the combined power of elements of both federal and state governments, joined by the marketing and lobbying clout of the giant insurance

companies, all coming after us with sledgehammers.

But we’re the pesky critters in the Whack-a-Mole game that keep popping up in another location each time we elude a fatal blow. I’ve been thinking of that characteristic and it occurs to me that we are successful survivalists because we keep our eye on the goal of providing better, more efficientservicetoourcustomers.

We don’t share the motivations of politicians or even major competing commercial organizations. We are not rigid adherents to any ideology or philosophy. Our approach is practical, realistic and with healthy regard for free enterprise.

Oh, and one more thing: we like to learn and apply new ideas that help us stay ahead of whatever game we’re playing at the time. unlike politicians or corporate fat cats, we humbly understand that we don’t yet know it all. And our best schoolroom is conversations with our peers.

I’m reminded of that when I see that SIIA will emphasize captives during this fall’s National Conference under the theme “Outsmarting reform 2013.” One point of the conference will be that participation in stop-loss captive programs can make it easier for smaller and mid-sized employers to operate self-insured group health plans.

And I also had a lesson recently during a conversation with hollins riley, president of Associated Marketing of virginia, Inc. (AMvA), headquartered in Naples, Florida. AMvA created NationCare, a leading out-of-area coverage solution for local and regional provider-sponsored health plans. AMvA also provides management consulting services to health plans and consults with health systems interested in forming their own insurance solution for the market they serve.

riley’s study of federal health reform has led him to an unexpected conclusion. “until this year I didn’t believe self-insurance was a good approach for small groups but I’ve changed my mind,” he says. he now takes the position that self-insurance is the best way to surmount the obstacles of health reform for employers of any size.

Oneespeciallytrickyminefieldtonavigateunderhealthreformthathasasignificantimpactontheindividualandsmallgroupmarketsisthecompression of age-range premium bands.

Bycurrentunderwritingpractice,thehighestratecanbeasmuchasfiveor six times the lowest rate – meaning that younger people can get by with premiums that are far lower than older people. That will change, Mr. riley

points out, to premiums that can vary only by a factor of three times between the oldest and youngest plan members.

“This puts employers of generally younger people who purchase traditional health insurance at a distinct disadvantage compared to their previous experience,” riley says. “This along with the fact that essential health benefitprovisionscallformuchrichercoverage will drive premiums up under health reform.”

riley reports that traditional health insurers are preparing to renew many healthcare policies on December 31, 2013 – the day before health reform rules fully kick in. “There will be a tsunami of policies taking effect just to give buyers within one day of a full year’s relief from health reform rules and premiums,” he said.

“I think this story needs to be told, to help employers make smart choices,” riley said. “Well educated buyers will be our best customers.”

riley reports also that some traditional insurers are looking at creative ways of entering the self-funded arena in the smaller employer group size by reverting to the split premium and minimum premium models that were prevalent in the larger group market segments in the 80s and 90s.

The way I understand those premium models, you can think of “deductible” as a self-insured retention and plans that provide coverage above a deductible amount of, say, ten to twenty thousands dollars as “stop-loss” insurance. And there you have self-


insurance, courtesy of your friendly traditional healthcare insurer. Smart TPAs or brokers could build their group healthcare captives and supplement coverage with a fronting insurer.

Today’s lesson goes back to my early premise: through nimble creativity, the ArT industry can develop products with ease of entry and the support servicestohelpemployersfindtheirbest solutions.

That’s the way we’ll stay alive to fightanotherday.

As always, I welcome all feedback and opinions. Please feel free to comment to me personally via e-mail or send it in article form to our editor at [email protected]. n

Dick Goff is managing member of The Taft Companies LLC, a captive insurance management fi rm and Bermuda broker at [email protected]. Hollins Riley may be reached at [email protected].

Do you aspire to be a published author? Do you have any stories or opinions on the self-insurance and alternative risk transfer industry that you would like to share with your peers?

We would like to invite you to share your insight and submit an article to The Self-Insurer! SIIA’s o� cial magazine is distributed in a digital and print format to reach over 10,000 readers around the world. The Self-Insurer has been delivering information to the self-insurance/alternative risk transfer community since 1984 to self-funded employers, TPAs, MGUs, reinsurers, stop-loss carriers, PBMs and other service providers.

Articles or guideline inquiries can be submitted to Editor Gretchen Grote

at [email protected].

The Self Insurer also has advertising opportunities available. Please contact Shane Byars at [email protected] for advertising information.


This changes everything. And nothing.

23bnDOLLARS IN ASSETS

Presidio is proud to now be the health division of PartnerRe.

The three core principles Presidio was founded on – excellence of service, continuous innovation and client � nancial peace of mind – are as much a part of who we are as ever. Our management team and our employees remain in place and continue to offer you the innovative solutions you expect.

But some changes will be big. Very big. PartnerRe’s $23 billion in assets gives Presidio stability that is unsurpassed by others in the Accident & Health market. Our truly global reach allows us to provide � nancial peace of mind worldwide. For almost 20 years, we’ve brought you the best rated carriers. Now we are one.

Contact us to discuss your health risk needs at 1 415 354 1551 or PresidioRe.com.

This changes everything. And nothing.

23bnDOLLARS IN ASSETS

Presidio is proud to now be the health division of PartnerRe.

The three core principles Presidio was founded on – excellence of service, continuous innovation and client � nancial peace of mind – are as much a part of who we are as ever. Our management team and our employees remain in place and continue to offer you the innovative solutions you expect.

But some changes will be big. Very big. PartnerRe’s $23 billion in assets gives Presidio stability that is unsurpassed by others in the Accident & Health market. Our truly global reach allows us to provide � nancial peace of mind worldwide. For almost 20 years, we’ve brought you the best rated carriers. Now we are one.

Contact us to discuss your health risk needs at 1 415 354 1551 or PresidioRe.com.


E L I T E U W . C O M • 8 8 8 . 3 0 3 . 3 3 7 9

RISK MANAGEMENTSOLUTIONS REQUIRE

COORDINATEDPRECISION

RISK MANAGEMENTSOLUTIONS REQUIRE

COORDINATEDPRECISION

Client centric solutions are the building blocks of our business.Client centric solutions are the building blocks of our business.

Advising our clients since 1994, Elite Underwriting Services is one of thecountry’s most prominent Managing General Underwriters. Entrusted withmanaging premium, we are partnered with A+ and A rated carriers. Creatinga culture of innovation and service, we leverage our expertise and industryrelationships – enabling us to offer a wide array of products and services, aswell as superior stop loss custom solutions for our clients.


PPACA, HIPAA and Federal Health Benefi t Mandates: Practical Q&AThe Patent Protection and Affordable Care Act (PPACA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other federal health benefi t mandates (e.g., the Mental Health Parity Act, the Newborns and Mothers Health Protection Act, and the Women’s Health and Cancer Rights Act) dramatically impact the administration of self-insured health plans. This monthly column provides practical answers to administration questions and current guidance on PPACA, HIPAA and other federal benefi t mandates.

Life’s a Breach, Part II: Omnibus rule revises What Constitutes a Breach under the HIPaa HIteCH Breach Notifi cation Requirements

hIPAA’s “Omnibus rule”1 (also referred to in this advisory as the “rule”), publishedonJanuary25,2013,modifiedmanypartsoftheHIPAAregulations,includingthosethatrequirenotificationofbreachesofunsecured protected health information (“PhI”) by covered entities

and their business associates (the “Breach regulations”). 2 This article discusses the

BreachRegulationsasmodifiedbytheOmnibusRule.Inthisarticle,wewillrefer

totheBreachRegulations,asmodifiedbytheOmnibusRuleprovisions,as“Final

Breach rules.” Compliance with the Final Breach rules, as is the case with most

other Omnibus rule provisions, is required by September 23, 2013.

Brief Overview• Breach Defi ned.TheFinalBreachRulesprovideaspecificdefinitionof

“breach,” and compliance with the breach notice obligations begins with

understandingthisdefinitionandbeingabletoidentify“breaches.”A“breach”

isdefinedasthe(i)acquisition,access,use,ordisclosure(ii)ofprotected

health information” (iii) that is not permitted under the hIPAA Privacy rule3


and which (iv) compromises the security or privacy of the protected health information. The definitionof“breach”hasseveralmoving parts and exceptions, and thus requires careful examination. Not every violation of the hIPAA Privacy rule will constitute a breach for purposes of the Final Breach rules.

• “Unsecured” PHI. The notice obligations set forth in the Final Breach rules arise only for breaches of “unsecured” PhI. PhI is “secured” for purposes of the Final Breach rules only to the extent it is encrypted in accordance with the methodologyspecifiedbytheSecretary of health and human Services (hhS) (the “encryption guidance”).4 For PhI that is secured in that manner, the notice obligations set forth in the Final Breach rules do not apply – even if there is an unauthorized use or disclosure (although other notice obligations may apply).

• New Rule: Presumption of Breach. If PhI is acquired, accessed, used or disclosed in a manner that violates the hIPAA Privacy rule, the Final Breach rules require a rebuttable presumption of breach – that is, an entity must presume that such acquisition, access, use or disclosure has compromised the security or privacy of the PhI unless it can demonstrate that there is a low probability that the PhI has been compromised. This is in clear contrast to the old rule (i.e., pre-Omnibus rule), which required no presumption and simply entailed an assessment of whether the use or disclosure posesasignificantriskoffinancial,reputational, or other harm to

the individual. In assessing the probability that the PhI has been compromised, the Final Breach rules list four factors that must be considered.

• Burden of Proof. Covered entities have the burden of demonstrating thattheysatisfiedthespecificnotice obligations following a “breach”asdefinedbytheFinalBreach rules, or, if notice is not made following an unauthorized use or disclosure, that the unauthorized use or disclosure did not constitute a “breach.”

What is a “Breach” under the Final Breach rules?

Thespecificnoticeobligationssetforth in the Final Breach rules apply only to the extent there has been a “breach”. As noted above, the Final BreachRulesdefinea“breach”asthe:

•Acquisition, access, use, or disclosure of PhI that violates hIPAA’s Privacy rule relating to use or disclosure of PhI and that compromises the security or privacy of such PhI.

Theseelementsandthespecificexceptions are discussed in more detail below.

PHI Only. As a threshold matter, the Final Breach rules are concerned only with breaches involving PhI. If the information is not PhI, there is no breach.Thus,de-identifiedinformation5 and employment records held by a covered entity in its role as employer6 are not PhI. Note that in the Omnibus rule removed the exception in the old rules (i.e., pre-Omnibus rule) for certain limited data sets that exclude both birth dates and zip codes – under the Final Breach rules, limited data sets are treated no differently than any other PhI.

Acquisition, Access, Use, or Disclosure. To be a breach, there

must be an “acquisition, access, use or disclosure” of unsecured PhI. Thesetermsarebroadlydefinedandencompass essentially any access, use or exchange of PhI (whether authorized or not). Although the regulations do notspecificallydefine“acquisitionandaccess,” hhS stated that they are to be interpreted by their plain meanings, and that each is encompassed within thecurrentdefinitionsof“use”and“disclosure.”“Use”isdefinedasthe“sharing, employment, application, utilization, examination, or analysis of [PhI] within an entity that maintains such information.”7 “Disclosure” isdefinedas“therelease,transfer,provision of access to, or divulging in any manner of information outside the entity holding the information.”8

“Unsecured” PHI. Only an acquisition, access, use, or disclosure of “unsecured” PhI can trigger the notice obligations under the Final Breach rules. “unsecured” PhI is PhI that is not secured through the use of approved encryption or destruction method that renders the PhI unusable, unreadable, or indecipherable to unauthorized individuals. Conversely, only PhI secured in accordance with the encryption guidance is considered “unusable, unreadable, or indecipherable” for purposes of the Final Breach rules. hhS has issued guidance on what types of encryption will fall within the safe harbor provision.9

The Encryption Guidance. According to the encryption guidance, PhI is considered unusable, unreadable or indecipherable to unauthorized individuals if it has been encrypted by “the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidentialprocessorkey,”11andsuchconfidentialprocessorkeythatmight enable decryption has not


been breached. To avoid a breach of theconfidentialprocessorkey,thesedecryption tools must be stored on a device or at a location separate from the data they are used to encrypt or decrypt. The encryption guidance identifiesspecificmethodsthatHHShas determined, in accordance with statute, meet the standard. (See our prior advisory on the encryption guidance, accessible at www.alston.com/health_care_advisory_recovery.)

If a covered entity or business associate “secures” PhI in accordance with the rules, and an unauthorized use ordisclosureisdiscovered,thespecificnotice obligations set forth in the Final Breach rules do not apply because the PhI is considered “secure”. On the other hand, if some other method not specificallyidentifiedintheEncryptionguidance is used, then the PhI is not considered secure and an unauthorized use or disclosure that constitutes a “breach,”willgiverisetothespecificnotice obligations set forth in the Final Breach rules.

Violation of HIPAA Privacy Rule. An acquisition, access, use, or disclosure of unsecured PhI will not give rise to a “breach” unless the acquisition, access, use or disclosure is a violation of hIPAA’s Privacy rule (e.g., a violation of the minimum necessary rule). As was the case prior to the Omnibus rule, a violation of hIPAA’s Security rule does not itself constitute a potential breach under the Final Breach rules, although such a violation may lead to a breach if it results in a use or disclosure of PhI that is not permitted under the Privacy rule.

Compromise the Security or Privacy of PhI. even if it is established that a use or disclosure of unsecured PhI violates the Privacy rule, a breach may not have occurred if the violation does not “compromise the security or privacy” of the PhI. however, as noted in the Brief Overview section above,

an acquisition, access, use, or disclosure of protected health information in a manner not permitted by hIPAA’s Privacy rule is presumed, under the Final Breach rules, to be a breach unless the entity demonstrates that there is a “low probability that the protected health information has been compromised.” The entity’s demonstration must be based on a risk assessment of all of the following factors:10

(i) The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification;

hhS has stated that this factor looks at the types of information involved, such as whether the disclosure involved information that is of a more sensitive nature. Forexample,withrespecttofinancialinformation,thisincludescreditcardnumbers, social security numbers, or other information that increases the risk ofidentitytheftorfinancialfraud.Withrespecttoclinicalinformation,thismayinvolve considering not only the nature of the services or other information, but also the amount of detailed clinical information involved (e.g., treatment plan, diagnosis, medication, medical history information, test results). This assessment is intended to help entities determine the probability that PhI could be used by an unauthorized recipient in a manner adverse to the individual or otherwise used to further the unauthorized recipient’s own interests. Additionally, hhS saidthatwheretherearefew,ifany,directidentifiersinthePHIinvolved,entitiesshoulddeterminethelikelihoodthatthePHIcouldbere-identifiedbasedonthecontext and the ability to link the information with other available information (e.g., where diagnosis and discharge dates are involved, consider the likelihood ofidentificationbasedonthespecificityofthediagnosis,thesizeoftherelevantcommunity, and the ability of the recipient of the PhI to use other available information to re-identify the individuals).

(ii) The unauthorized person who impermissibly used the protected health information or to whom the impermissible disclosure was made;

This factor considers whether the person who impermissibly (i.e., in violation of the Privacy rule) uses or receives the PhI has obligations to protect the privacy or security of information. hhS stated that if, for example, PhI is impermissibly disclosed to another entity governed by the hIPAA Privacy and Security rules, or to a federal agency that is obligated to comply with the Privacy Act of 1974 (5 uSC 552a) and the Federal Information Security Management Act of 2002 (44 uSC 3541 et seq.), there may be less risk of harm to the individual, because the recipient entity is obligated to protect the privacy and security of the information it received in the same or similar manner as the entity that disclosed the information. In contrast, if PhI is impermissibly disclosed to any entity or person that does not have similar obligations to maintain the privacy and security of the information, the risk of harm to the individual is much greater. hhS also stated that this assessment should also consider (as mentioned above forthefirstrequiredassessment)theriskofre-identification.Forexample,ifinformation containing dates of health care service and diagnoses of certain employees was impermissibly disclosed to their employer, the employer may be abletodeterminethattheinformationpertainstospecificemployeesbasedon other information available to the employer, such as dates of absence from work. In this case, there may be more than a low probability that the protected health information has been compromised. Other guidance recommended by hhS adds that the likelihood any unauthorized individual will know the value of


866.265.1719 . dccinc-us.com

advancing the care, outcomesand cost managementof kidney disease

DCC will transform the way you approach dialysisreimbursement and care management of kidney disease.

Contact us today to learn how we canContact us today to learn how we canContact us today to learn how we canContact us today to learn how we canContact us today to learn how we canhelp you improve your bottom line.help you improve your bottom line.help you improve your bottom line.help you improve your bottom line.help you improve your bottom line.

• Innovative solutions• Proven results• Customized options• Proactive care management of CKD• Industry leader• Full service management

the information and either use the information or sell it to others may also be a consideration.

(iii) Whether the protected health information was actually acquired or viewed; and

This factor considers whether the impermissibly used or disclosed PhI was actually acquired or viewed or, alternatively, if only the opportunity existed for the PhI to be acquired or viewed. For example, if a laptop computer was stolen and later recovered and a forensic analysis shows that the PhI on the computer was never accessed, viewed, acquired, transferred, or otherwise compromised, the entity could determine that the information was not actually acquired by an unauthorized individual even though the opportunity existed. In contrast,

however, if a covered entity mailed information to the wrong individual who opened the envelope and called the entity to say that she received the information in error, then, in this case, the unauthorized recipient viewed and acquired the information because she opened and read the information to the extent that she recognized it was mailed to her in error.

(iv) The extent to which the risk to the protected health information has been mitigated.

This factor considers the extent to which the risk to the PhI has been mitigated (such as by obtaining the recipient’s satisfactory assurances that the information will not be further used or disclosed-throughaconfidentialityagreement or similar means - or will be destroyed), and the extent

andefficacyofthemitigation.Thisassessment, when considered in combination with the assessment regarding the unauthorized recipient of the information discussed above, may lead to different results in terms of the risk to the PhI. For example, a covered entity may be able to obtain and rely on the assurancesofanemployee,affiliatedentity, business associate, or another covered entity that the entity or person destroyed information it received in error, while such assurances from certain third partiesmaynotbesufficient.

Other factors may also be considered where necessary in evaluating the overall probability that the PhI has been compromised. generally, these risk assessments must be thorough and completed in good faith, and the conclusions reached must be


reasonable. If an evaluation of the

factors discussed above fails to

demonstrate that there is a low

probability that the PhI has been

compromised,breachnotification

is required. hhS notes, however,

that a covered entity or business

associate has the discretion to

providetherequirednotifications

following an impermissible use or

disclosure of PhI without evaluation

of the probability that the PhI has

been compromised. hhS stated

that it we will issue additional

guidance to aid in performing

risk assessments with respect to

frequently occurring scenarios.

are there any exceptions to the rule?

The Final Breach rules provide

threeexceptionstothedefinition

of “breach.”

(i) Any unintentional acquisition, access, or use of protected PHI by

a workforce member or person acting under the authority of a covered entity or a business associate, if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure in violation of the Privacy Rule.

The Final Breach rules uses the term “workforce member” instead of “employees.” A “workforce member” means “employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a covered entity, is under the direct control of such entity, whether or not they are paid by the covered entity.”11A person is acting under the “authority” of a covered entity or business associate if he or she is acting on its behalf in accordance with common law agency principles. This may include a workforce member of a covered entity, an employee of a business

associate, or a business associate of a

covered entity. Similarly, to determine

whether the access, acquisition, or

use was made “within the scope

of authority,” the covered entity or

business associate should consider

whether the person was acting on its

behalf at the time of the inadvertent

acquisition, access, or use.

In addition, while the statutory

language provides that this

exception applies where the

recipient does not further use

or disclose the information,

hhS interprets this exception as

encompassing circumstances where

the recipient does not further use

or disclose the information in a

manner not permitted under the

Privacy Rule. In circumstances where

any further use or disclosure of the

information is permissible under

the Privacy rule, there is no breach

solely because of the further use

or disclosure.

PROVIDING SERVICE TO THE INSURANCE INDUSTRY FOR OVER 35 YEARS IN OVER 30 STATES

Audits Tax Preparation, Compliance and Minimization NAIC Annual Statements, assistance and preparation Management Consultation Expert Witness Regulatory Matters Contact: William L. Shores, CPA 17 S. Magnolia Ave. Orlando, Florida 32801 (407) 872-0744 Ext. 214 [email protected]


(ii) Any inadvertent disclosure by a person who is authorized to access PHI at a covered entity or business associate to another person authorized to access PHI at the same covered entity or business associate, or organized health care arrangement in which the covered entity participates, and the information is not further used or disclosed in violation of the Privacy Rule.

As was the case before the Omnibus rule, the Final Breach rules modify the statutory language slightly to except from the definitionof“breach”inadvertentdisclosures of PhI from a person who is authorized to access PhI at a covered entity or business associate to another person authorized to access PhI at the same covered entity, business associate or organized health care arrangement in which the covered entity participates.

HHShasclarifiedthat“similarlysituated individual” as used in the statute with regard to this second exception means an individual who is authorized to access PhI, even if that individual is not authorized to access the PhI at issue. For example, a physician who has authority to use or disclose PhI at a hospital by virtue of participating in an organized health care arrangement with the hospital is similarly situated to a nurse or billing employee at the hospital. In contrast, the physician is not similarly situated to an employee at the hospital who is not authorized to access PhI.

Additionally,HHShasclarifiedthat“same facility” means the same covered entity, business associate or organized health care arrangement in which the covered entity participates, even if at a different

location. Thus, if a covered entity has a single location, then the exception will apply to disclosures between a workforce member and, for example, a physician with staff privileges at that single location. however, if a covered entity has multiple locations across the country, the same exception will apply even if the workforce member makes the disclosure to a physician with staff privileges at a facility located in another state.

(iii) A disclosure of PHI where a covered entity or business associate has a good faith belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information.

To illustrate this exception, hhS has used the following examples:

Example 1: A covered entity, due to a lack of reasonable safeguards, sends a numberofexplanationsofbenefits(EOBs)tothewrongindividuals.AfewoftheEOBsarereturnedbythepostoffice,unopened,asundeliverable.Inthesecircumstances, the covered entity can conclude that the improper addressees could not reasonably have retained the information. The eOBs that were not returned as undeliverable, however, and that the covered entity knows were sent to the wrong individuals, should be treated as potential breaches.

Example 2: A nurse mistakenly hands a patient the discharge papers belonging to another patient, but she quickly realizes her mistake and recovers the PhI from the patient. If the nurse can reasonably conclude that the patient could not have read or otherwise retained the information, then this would not constitute a breach.

HHShasclarifiedthattheapplicabilityofanyexceptionmustbejudgedatthe time a situation is judged and evaluated. Note that the Final Breach rules removed the exception, available under the prior rule, for limited data sets not containing birth dates or zip codes.

are any Changes to our Privacy Policies and Procedures required?

Yes. Covered entities and business associates are required to comply with the administrative requirements of certain provisions of the Privacy rule with respect to thebreachnotificationprovisions.12 These provisions, for example, require covered entities and business associates to develop and document policies and procedures, train workforce members on and have sanctions for failure to comply with these policiesandprocedures,permitindividualstofilecomplaintsregardingthesepoliciesand procedures or a failure to comply with them, and require covered entities to refrain from intimidating or retaliatory acts. Thus, a covered entity or business associate isrequiredtoconsiderandincorporatetherequirementsoftheBreachNotificationrules with respect to its administrative compliance and other obligations.

Who Has the Burden of Proof of Compliance?Covered entities and business associates have the burden of proof that they

havesatisfiedtheirrespectivenoticeobligationsundertheFinalBreachRules.Thus,intheeventofa“breach”,thecoveredentitymustbeabletoprovethatitnotifiedaffected individuals, the media, and hhS, as required. likewise, business associates mustbeabletoprovethattheynotifiedcoveredentitiesofanybreaches.Ifnoticeis not provided following an unauthorized use or disclosure, then the covered entity or business associate must be able to prove that the unauthorized use or disclosure was not a breach. Accordingly, when a covered entity or business associate knows


of an impermissible use or disclosure of PhI, it should maintain documentation that allrequirednotificationsweremade,or,alternatively,ofitsriskassessmentortheapplicationofanyexceptionstothedefinitionof“breach,”todemonstratethatnotificationwasnotrequired.

When Is a Breach “discovered?”Abreachistreatedasdiscoveredbyacoveredentityasofthefirstdayon

which such breach is known to the covered entity, or, by exercising reasonable diligence, would have been known to the covered entity. A covered entity is deemed to have knowledge of a breach if the breach is known (or by exercising reasonable diligence would have been known) to any person, other than the person committing the breach, who is a workforce member or agent of the covered entity. Thus, a breach is deemed to be discovered at any point any workforce member or agent of the covered entity knows, or should have known, of its existence.

What are the Next steps for Plan sponsors and Business associates?

Establish or Update Breach Identifi cation Procedures. Covered entities and businessassociatesshouldalreadyhavebreachidentificationprocedures,butitisimportant to make sure that they are compliant with the Final Breach rules.

•Determine whether there has been an impermissible use or disclosure of PhI under the Privacy rule.

•undertake a risk assessment and document the results.

•Determine whether the incident falls under one of the three exceptions to thebreachdefinition.

Establish or Update Breach Notifi cation Procedures. Covered entities and business associates should determinewhichbreachnotificationmust be sent (i.e., individual notices13, substitute notices, immediate notices to hhS, media notices14, notice from business associate to covered entity) and who will be responsible for gathering the necessary information for suchnotification,preparingthenotices,and sending the notices.

Document Breaches for HHS Reporting. For breaches of unsecured PhI involving 500 or more individuals, entities must notify the Secretary contemporaneously with the individuals. For breaches of unsecured PhI involving fewer than 500 individuals, a covered entity must maintain a log or other documentation of such breaches and notify hhS not later than 60 days after the end of each calendar year about breaches discovered during the previous calendar year.

Amend Business Associate Agreements. Covered entities and business associates should coordinate theirbreachnotificationeffortsinorder to avoid duplicate notices and toensureefficiencywithregardtoinformation gathering and time frames. Covered entities whose business associates act as agents of the covered entity should consider requiring business associates to notify the covered entity of a breach discovery well in advance of the 60-day deadline provided in the Final Breach rules, as the breach discovery date of an agent is treated as the breach discovery date of the covered entity for purposes of providing timely notices to individuals and, if required, hhS and the media.

Workforce Training. The clock for sendingbreachnotificationsbegins

www.wspactuaries.com | Email: [email protected]


Call us to discuss our

Disease Management model. Paul Lavin, President & CEO 215-280-5986

Navigating through the Disease Management Maze

Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the Navigating through the

American Health understands that evaluating Disease Management programs can be complex. Below are recommended questions to consider during the buying and decision-making process, and we have included our answers for you to compare in the marketplace.

How do participants rate your program?96% of participants feel that American Health’s Disease Management program staff are a helpful resource to manage their chronic conditions. We regularly receive member feedback, and welcome the opportunity to share our results.

Is your program flexible?Certainly. You pay only for the pieces that you use. From custom scripts and private labeling, to integration with Case Management and other programs, our model is flexible to meet your needs. American Health’s Wellness and Disease Management Consultant will help develop a solution tailored to your population. Our program is delivered by American Health employeesusing our proprietary software system, providing maximum flexibility.

How do you define member engagement?American Health believes the only model for success is when a member directly engages with a Nurse Coach. While other companies may send a mailer and consider the member engaged, we know where those mailers usually end up.

Will your program meet the health needs of my population? Yes. Many companies support only a few conditions. American Health focuses on eight conditions that have the highest prevalence in many populations. We address asthma, chronic pain, chronic obstructive pulmonary disease, congestive heart failure, coronary artery disease, diabetes, hyperlipidemia, hypertension and any comorbidities. In addition, we will have a chronic kidney program available in fall 2013.

1

2

3

4

5

The introduction of our Disease Management program has been demonstrated to reduce claims costs by an average of $4,480 per managed member per year. We’ve partnered with SCIO Health Analytics to develop an actuarially sound program measurement methodology that builds on the existing approach of the Care Continuum Alliance (CCA). Few programs will commit to a transparent cost savings methodology and calculation.

How do you measure Disease Management outcomes?


to tick as soon as a breach is known (or, by exercising reasonable diligence, would have been known) to any workforce member or agent (other than the person committing the breach) of the covered entity. Covered entities and business associates will want to enhance training so that their employees are aware of the importance of timely reporting of privacy and security incidents, and of the consequences of failing to do so.

Administrative Requirements – Revise Policies and Procedures, Training, Sanctions, Complaint Process. Covered entities must incorporate the requirements of the Final Breach rules into their policies and procedures, and workforce training sanctions for failure to comply must be developed, as well as a complaint process for failures to comply with these new policies and procedures.

Covered entities and business associates should consult legal counsel to work throughthesestepstoensurethatbreachnotificationisprovidedwhenrequired.n

Attorneys John R. Hickman, Ashley Gillihan, Johann Lee, and Carolyn Smith provide the answers in this column. Mr. Hickman is partner in charge of the Health Benefits Practice with Alston & Bird, LLP, an Atlanta, New York, Los Angeles, Charlotte and Washington, D.C. law firm. Ashley Gillihan, Carolyn Smith and Johann Lee are members of the Health Benefits Practice. Answers are provided as general guidance on the subjects covered in the question and are not provided as legal advice to the questioner’s situation. Any legal issues should be reviewed by your legal counsel to apply the law to the particular facts of your situation. Readers are encouraged to send questions by E-MAIL to Mr. Hickman at [email protected].

1Department of Health and Human Services, “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule,” 78 Fed. Reg. 5566 (Jan. 25, 2013).2Department of Health and Human Services, “Breach Notification for Unsecured Protected Health Information,” 74 Fed. Reg. 42740 (August 24, 2009). 3Generally, the privacy rules include subparts A and E of 45 CFR § 160 and 164; the Final Breach RuleFinal Breach Rules apply only to impermissible uses or disclosures under subpart E of 45 CFR § 164.474 Federal Register 42740 (August 24, 2009). See www.hhs.gov/ocr/privacy/hipaa/faq/securityrule/2021.html (as of May 4, 2013).545 C.F.R. § 164.514(b).645 C.F.R. § 160.103.745 CFR § 160.103.845 CFR § 160.103.974 Federal Register 42740 (August 24, 2009). See www.hhs.gov/ocr/privacy/hipaa/faq/securityrule/2021.html (as of May 4, 2013).10In addition, HHS has stated that, based on the circumstances of the impermissible use or disclosure, additional factors may need to be considered to appropriately assess the risk that the protected health information has been compromised.1145 CFR 160.103.1245 C.F.R. § 164.530(b), (d), (e), (g), (h), (i), and (j).13HHS has set forth specific content requirements (45 C.F.R. § 164.404(c)) and methods of notifying individuals (45 C.F.R. § 164.404(d)). 14HHS has clarified that media notification is required if there are more than 500 affected individuals in one state or jurisdiction. A press release on the entity’s website is not sufficient to satisfy this requirement. However, entities are not required to incur any cost in notifying the media, and the media outlet is not required to run any information about the breach.


Call Us: (888) [email protected]


Worksite Clinics- The Next generation

by Jonathan Spero, M.D, CEO, InHouse Physicians


A recent survey from Mercer found that work site clinics are becoming an increasingly popular way to

control health care spending and even enhance employee productivity.

until recently, work site clinics were largely popular only at Fortune 500 companies, however the trend is now spreading to local governments and mid-size companies of 250 or more employees.

generally, the care received at the clinic is free to the member and there is an added convenience factor for employees. Work site clinics to date have primarily experienced their return on investment for the employer byprovidingmoreefficientcareatthe worksite clinic rather than paying claims from community physicians. however, the next generation of clinics are in the process of being rolled out and offers a more compelling value proposition and much greater associated healthcare savings.

The rest of this article will focus on the key concepts of this next generation of worksite clinics and how theywilldrivesignificantreductionsinhealthcare costs for employers.

Concept #1at risk Model

Worksite vendors are more increasingly willing to deliver these services with some portion of the compensation being at risk. The greater the savings to the employer, the greater the potential bonus for the vendor. In this model both the client and vendor have incentives that are congruent.

how these vendors are measuring savings or return on investment varies. The most accurate way to determine the saving generated from the on-site clinic is to compare the annual cost of health care (pmpy) for members eligible to use the clinic (“study group”)

visit attunelife.com to learn more

WE CAN!

Can you measure the results ofyour wellnessservices?

Call: 866-756-5434E-mail: [email protected]

Attune Health Management, Inc.3608 Preston Rd, Suite 220

Plano, Texas 75093

Let us show you how

Can you measure Can you measure the results ofyour wellness

E-mail: [email protected]

SIIA-DisplayAd-2013-v4.indd 1 3/1/2013 3:36:34 PM

vs. members who are not eligible to use the clinic (“control group”). This provides the employer with a direct comparison of the two groups’ costs and a direct measurement of the savings.

Concept #2Gaps In Care analysis

Beforetheclinicevenislaunched,theemployerbenefitsfrompowerfulanalyticsoftwaretoolsthatcanfilterthroughthepreviousyear’sclaimsdatatodeterminegaps in care for individuals and identify “high risk” members that require additional intervention. These high-risk members can be invited to visit the clinic and enroll in on-site programs designed to ensure quality care and improved outcomes.

Concept #3Patient Centered Medical Home

The clinicians at the worksite clinic can build a medical home model program. The medical home model understands that chronic diseases require input from multipleprovidersandspecialistsandareoftendifficulttomanageforprovidersaswell as the patient. The worksite clinician can act as a coordinator of care ensuring quality, cost effective, evidence based medicine is delivered. In addition to educating the patient on their condition, the “coordinator” communicates to all physicians involved in the care of the patient. This program acts as a very effective disease management program with member engagement levels routinely above 80%. The worksite clinic enrolls members who are at high risk based on the analysis of gaps in care mentioned above. Common diseases that are coordinated include diabetes, heart disease, asthma, arthritis, and chronic pain.


Concept #4 Clinical engineering

Traditionally employers have relied

solely on the carriers to negotiate

agreements with providers. however,

these agreements are not necessarily

in the best interest of the employer

or the patient. Not only can more

favorable pricing be negotiated

from quality providers but also, the

agreements have no quality guarantees

associated with them. Worksite

vendors have a unique opportunity

to identify high cost procedures

and hospitalizations and negotiate

case rates directly with providers

and hospitals with built in quality

performanceguarantees.Significant

savings for employers and members as

well as improved patient outcomes are

the results of these arrangements.

Concept #5 Price transparency and Patient advocacy

Worksite clinicians, now armed

with comprehensive pricing and quality

metrics, can effectively act as patient

advocates assisting members with

making informed medial decisions.

Patients, with the assistance of the

worksite clinic, can comfortably

choose a cost saving option for

a diagnostic or clinical procedure

knowing that they are receiving quality

healthcare for the right price.

Concept #6Predictive Modeling

Worksite clinics have the ability to

attach current member health risks

to future costs allowing the clinics to

develop targeted wellness programs

that zero in on future cost drivers. In

addition, the clinic can provide useful

healthcare budget estimates to the

employer’sbenefitsdepartmentwhen

planning for next year.

Siobhan Sullivan Director of Business Development

[email protected] 786-457-2781

We offer a fully integrated claim management solution combining medical expertise and health insurance knowledge.

Medical Underwriting/Risk Assessments

Utilization Management Case Management

Disease Management Claim Management

PPACA Compliance Support Specialty Medical Reviews


Concept #7telemedicine

The worksite clinic is often not available for remote employees and dependents. Telemedicine, quickly becoming a mainstream method of care delivery, can address this issue. Telemedicine, via telephonic and 2 way video communication, can allow patients to receive medical evaluation and treatment. Not only can this be offered to members that do not have access to the on-site clinic, but also members with access to the clinic have a resource for after hours care.

Concept #8Wellness

The clinic offers year round, on-site, integrated wellness programs that cannot only drive participation, but are very effective in modifying healthy

upcoming eVeNts

33rd annual National educational Conference & expoOctober 21-23, 2013 • Sheraton Chicago Hotel & Towers • Chicago, IL

SIIA’s National educational Conference & expo is the world’s largest event dedicated exclusively to the self-insurance/alternative risk transfer industry. registrants will enjoy a cutting-edge educational program combined with unique networking opportunities, and a world-class tradeshow of industry product and service providers guaranteed to provide exceptional value in four fastpaced, activity-packed days.

lifestyle behaviors amongst members. Clinicians are being cross-trained as certifiedhealthcoachesandupto15% of the visits to the clinic are being utilized as purely health coaching sessions.

In summary, employers are looking for employee health solutions that offer a one-stop shop for effective healthcare cost containment. The next generation of worksite clinics promises to offer just this. The on-site clinic builds trust and relationships with members, which facilitates engagement in wellness, disease management, and patient advocacy programs driving improved outcomes and lower costs. n

Jonathan Spero, MD, is CEO of InHouse Physicians and board certified in Internal Medicine. Dr. Spero is an expert in the field of targeted employee wellness programs with measureable ROIs. InHouse Physicians is a global employee health and wellness provider delivering innovative cost containment solutions to corporations around the world. InHouse. To learn more about InHouse Physicians visit their website at www.inhousephysicians.com or Dr. Spero can be reached at [email protected].


Inreviewingthereportedfinancialresults of risk retention groups (rrgs), one gets the impression that this is a group of insurers

withagreatdealoffinancialstability.

Based on year-end 2012 reported

financialinformation,RRGscontinue

to collectively provide specialized

coverage to their insureds. Over the

pastfiveyears,RRGshaveremained

committed to maintaining adequate

capital to handle losses. It is important

to note that ownership of an rrg is

restricted to the policyholders of the

rrg. This unique ownership structure

required of rrgs may be a driving

force in the strengthened capital

position exhibited by rrgs.

Since rrgs are restricted to liability

coverage, they tend to insure medical

providers, product manufacturers, law

enforcementofficialsandcontractors,

as well as other professional industries.

While rrgs reported direct premium

written in eleven lines of business in

2012, more than 50 percent of this

premium was contained in the medical

professional liability lines.

Balance sheet analysisComparingthelastfiveyearsof

results, cash and invested assets, total

admitted assets and policyholders’

surplus have all continued to increase at

afasterratethantotalliabilities(figure

1). The level of policyholders’ surplus

becomes increasingly important in

timesofdifficulteconomicconditions,

as properly capitalized insurers can

remain solvent while facing uncertain

economic conditions.

Since 2008, cash and invested

assets increased 40.5 percent and

total admitted assets increased 33.9

percent. More importantly, over a

fiveyearperiodfrom2008through

2012, rrgs collectively increased

policyholders’ surplus 71.5 percent.

This increase represents the addition of

more than $1.4 billion to policyholders’

surplus. During this same time period,

liabilities increased only 13.7 percent,

slightly more than $500 million. These

reported results indicate that rrgs

rrGs report Financially stable results at year-end 2012by Douglas A Powell, Senior Financial Analyst, Demotech. Inc.This article originally appeared in “Analysis of Risk Retention Groups – Year-End 2012”


collectively are adequately capitalized and able to remain solvent if faced with adverse economic conditions or increased losses.

liquidity, as measured by liabilities to cash and invested assets, for year-end 2012 was approximately 65.4 percent. A value less than 100 percent is considered favorable as it indicates that there was more than $1 of net liquid assets for each $1 of total liabilities. This also indicates an improvement for rrgs collectively as liquidity was reported at 69.5 percent at year-end 2011. Moreover, this ratio has improved steadilyeachofthelastfiveyears.

loss and loss adjustment expense (lAe) reserves represent the total reserves for unpaid losses and unpaid lAe. This includes reserves for any incurred but not reported losses as well as supplemental reserves established by the company. The cash and invested assets to loss and lAe reserves ratio measures liquidity in terms of the carried reserves. The cash and invested assets to loss and lAe reserves ratio for year-end 2012 was 236.9 percent and indicates an improvement over 2011, as this ratio was 214 percent. These results indicate that rrgs remain conservative in terms of liquidity.

In evaluating individual rrgs, Demotech, Inc. prefers companies to report leverage of less than 300 percent. leverage for all rrgs, as measured by total liabilities to policyholders’ surplus, for year-end 2012 was 123.3 percent. This indicates an improvement for rrgs collectively as leverage was reported at 138.4 percent at year-end 2011.

The loss and lAe reserves to policyholders’ surplus ratio for year-end 2012 was 79.7 percent and indicates an improvement over 2011, as this ratio was 93 percent. The higher the ratio of loss reserves to surplus, the more an

insurer’s stability is dependent on having and maintaining reserve adequacy.

In regards to rrgs collectively, the ratios pertaining to the balance sheet appear to be appropriate.

Premium Written analysisrrgs collectively reported $2.6 of billion direct premium written (DPW) at

year-end 2012, an increase of nearly 5 percent over 2011. rrgs reported $1.3 billion of net premium written (NPW) at year-end 2012, an increase of 3.7 percent over 2011. These increases are favorable and reasonable.

The DPW to policyholders’ surplus ratio for rrgs collectively for year-end 2012 was 74.3 percent and indicates an improvement over 2011, as this ratio was 78.1 percent. The NPW to policyholders’ surplus ratio for rrgs for year-end 2012 was 36.6 percent and indicates an improvement over 2011, as this ratio was 38.9 percent.

An insurer’s DPW to surplus ratio is indicative of its policyholders’ surplus leverage on a direct basis, without consideration for the effect of reinsurance. An insurer’s NPW to surplus ratio is indicative of its policyholders’ surplus leverage on a net basis. An insurer relying heavily on reinsurance will have a large disparity in these two ratios.

A DPW to surplus ratio in excess of 600 percent would subject an individual RRGtogreaterscrutinyduringthefinancialreviewprocess.Likewise,aNPWtosurplus ratio greater than 300 percent would subject an individual rrg to greater scrutiny. In certain cases, premium to surplus ratios in excess of those listed would be deemed appropriate if the rrg had demonstrated that a contributing factor to the higher ratio is relative improvement in rate adequacy.

In regards to rrgs collectively, the ratios pertaining to premium written appear to be conservative.

Income statement analysisTheprofitabilityofRRGoperationsremainspositive(figure2).RRGsreported

an aggregate underwriting gain for 2012 of nearly $181 million, an increase of 19.7

Figure 1 Ð RRG Balance Sheet Metrics (In Billions)

Figure 2 Ð RRG Income (In Millions)

Figure 1 – RRG Balance Sheet Metrics (In Billions)


percent over the prior year, and a net investment gain of nearly $221 million, an increase of 6.7 percent over the prior year. rrgs collectively reported net income of over $324 million, an increase of 8.6 percent over the prior year. looking further back, rrgs have collectively reported an underwriting gain since 2004 and positive net income at each year-end since 1996.

The loss ratio for rrgs collectively, as measured by losses and loss adjustment expenses incurred to net premiums earned, for year-end 2012 was approximately 55.7 percent and indicates an improvement over 2011, as the loss ratio was 59.6 percent. This ratio is a measure an insurer’s underlying profitabilityonitsbookofbusiness.

The expense ratio, as measured by other underwriting expenses incurred to net premiums written, for year-end 2012 was 28.8 percent and was comparable to 2011, as the expense ratio was reported at 28 percent. This ratio measurers an insurer’s operationalefficiencyinunderwritingits book of business.

The combined ratio, loss ratio plus expense ratio, for year-end 2012 was 84.5 percent and indicates an improvement over 2011, as the combined ratio was reported at 87.6 percent. This ratio measures an insurer’s overallunderwritingprofitability.A combined ratio of less than 100 percentindicatesanunderwritingprofit.

regarding rrgs collectively, the ratios pertaining to income statement analysis appear to be appropriate. Moreover, these ratios have remained fairlystableeachofthelastfiveyearsandwellwithinaprofitablerange(figure3).

Loss and Loss adjustment expense reserve analysis

A key indicator of management’s commitmenttofinancialstability,

Figure 3 Ð RRG Ratios - Total

Figure 4 Ð Key Ratios and Metrics Ð 12/31/12

Figure 2 – RRG Income (In Millions)

©2013 BenefitMall. All rights reserved. BenefitMall, the circle “b” logo and the corporate logo are registered trademarks of

Centerstone Insurance and Financial Services, Inc. California license #063979.

www.benefitmall.com

Contact us today at

888-248-8952

AssistAnce for stop Loss coverAge

At BenefitMall, we know that some employer groups benefit most from treating their medical plan as an investment rather than an expense.

Our self funded team of experts represents numerous direct writers of medical stop-loss. We pride ourselves on our buying power, services provided, and partnerships with our brokers and carriers.

We can help you succeed by offering you the following services:• Marketing• Billing & Premium Collection• Licensing, Commission & Bonus Programs• Claims Expedition• Compliance Services

Benefit from our experience as the leader in stop-loss and reinsurance markets.


Figure 3 – RRG Ratios – Total

Figure 4 – Key Ratios and Metrics – 12/31/12

Figure 3 Ð RRG Ratios - Total

Figure 4 Ð Key Ratios and Metrics Ð 12/31/12

solvency and capital adequacy is their desire and ability to record adequate loss and loss adjustment expense reserves (loss reserves) on a consistent basis. Adequate loss reserves meet a higher standard than reasonable loss reserves. Demotech views adverse loss reserve development as an impediment to the acceptance of the reported value of current, and future, surplus and that any amount of adverse loss reserve development on a consistent basis is unacceptable. Consistent adverse loss development may be indicative of management’s inability or unwillingness to properly estimate ultimate incurred losses.

rrgs collectively have reported adequate loss reserves at year-end 2012 as exhibited by the one-year and two-year loss development results. The loss development to policyholders’ surplus ratio measures reserve deficiencyorredundancyinrelationtopolicyholder surplus and the degree to which surplus was either overstated, exhibited by a percentage greater than zero, or understated, exhibited by a percentage less than zero.

The one-year loss development to prior year’s policyholders’ surplus for 2012 was -7.2 percent and indicates an improvement over 2011, as this ratio was reported at -6 percent. The two-year loss development to second prior year-end policyholders’ surplus for 2012 was -12.2 percent and indicates a diminishment over 2011, as this ratio was reported at -14.1 percent.

In regards to rrgs collectively, the ratios pertaining to loss reserve analysis appear to be favorable.

Figure 5 Ð Direct Premium Written by Lines of Business (000Õ s omitted)

“Right Rate”Medicare Pricing

ACCREDITED INDEPENDENT REVIEW

ORGANIZATION

• All Medicare Covered Claims* • All Out-of-Network

Medicare Covered Claims• Specialty Claims

(e.g. ESRD Dialysis)And we’ll negotiate/ reprice your clients’ claims for services not covered by Medicare.

To learn more or to have us start repricing your clients’ claims, contact your H.H.C. Group Sales Representative or Bob Serber at 301-963-0762 ext. 163 – [email protected]

* Leveraged provider contracting available in selected markets

H.H.C. GroupHealth Insurance Consultants

We have the “Right Rate”option to fit your clients’ needs.


analysis by Primary Lines of BusinessThefinancialratioscalculatedbasedontheyear-endresultsofthevarious

primarylinesofbusinessappeartobereasonable(figure4).Also,theRRGshavecontinuedtoreportchangesinDPWwithinareasonablethreshold(figure5).Itistypicalforinsurers’financialratiostofluctuateyearoveryear.Moreover,noneofthereported results are indicative of a continuing negative trend.

Jurisdictional analysisMuch like insurers, it is typical for jurisdictions to compete for new business.

Some of the factors that may impact an insurer’s decision to do business in a certain jurisdiction include minimum policyholders’ surplus requirements and the premium tax rate. rrgs have continued to report changes in DPW, on a jurisdictional basis, within a reasonable threshold.

Conclusions Based on 2012 resultsDespitepoliticalandeconomicuncertainty,RRGsremainfinanciallystableand

continuetoprovidespecializedcoveragetotheirinsureds.Thefinancialratioscalculated based on year-end results of rrgs appear to be reasonable, keeping in mindthatitistypicalforinsurers’financialratiostofluctuateovertime.

The year-end results of rrgs indicate that these specialty insurers continue to exhibitfinancialstability.ItisimportanttonoteagainthatwhileRRGshavereportednetunderwritinggainsandnetprofits,theyhavealsocontinuedtomaintainadequate loss reserves while increasing premium written year over year. rrgs continuetoexhibitagreatdealoffinancialstability.n

Mr. Powell has nearly ten years of progressively responsible experience involving financial analysis and business consulting. Email your questions or comments to Mr. Powell at [email protected]. For more information about Demotech, Inc. visit www.demotech.com.

Figure 5 Ð Direct Premium Written by Lines of Business (000Õ s omitted)

Figure 6 Ð Direct Premium Written by State (000Õ s omitted)

Figure 5 – Direct Premium Written by Lines of Business (000’s omitted)


Stop Loss insurance products are issued by ReliaStar Life Insurance Company (Minneapolis, MN) and ReliaStar Life Insurance Company of New York (Woodbury, NY). Within the state of New York, only ReliaStar Life Insurance Company of New York is admitted, and its products issued. Both are members of the ING family of companies. Product availability and specifi c provisions may vary by state. © 2011 ING North America Insurance Corporation. LG9841 12/28/2011

Not all Stop Loss carriers are created equal. Today’s businesses have unique needs that demand expert-level

service. That’s been the foundation of our Stop Loss offering from the beginning. We know it’s not just the plan;

it’s the team behind it.

Your business is unlike any other. It’s time for a Stop Loss carrier that’s unlike any other, too.

Becoming a top tier Stop Loss carrier doesn’t just happen. For 35 years, our dedication to creative solutions has made us the top choice for our clients.

For more information, contact your local ING sales representative or call us at 866-566-2316.

EMPLOYEE BENEFITS

Your future. Made easier.®

We can’t stop misfortune.

We can stop loss.


As your specialized service partner, ECHO solves CORE compliance and more by:

Consolidating statements and funds into one

Delivering electronic statements faster and regulation compliant

Rewarding your bottom line with cost-saving services

Will you be compliant with key CORE requirements by January 2014?

ECHO Health, Inc., the leading provider of payment solutions for healthcare

Payers, can help. We have developed a unique, single consolidation and electronic

delivery payment process that not only improves processing efficiency and lowers

administrative costs, but also meets key CORE mandates.

E C H O A N S W E R S CORE Questions

Let ECHO solve your CORE concerns today

440.835.3511 | | [email protected]

www.ECHOHealthInc.com

ECHO Health, Inc. | | 868 Corporate Way | | Westlake, OH 44145


Trusted Partners, Ensuring Your Success!

Successful employee benefi t sales requires a team eff ort. As one of the nation’s l argest d irect w riters o f m edical stop-loss, IHCRS is a business partner you can count on.

IHCRS 5-13

Find us at www.ihcrisksolutions.com.Policies underwritten by Standard Security Life Insurance Company of New York .


855.301.FAIR n [email protected] n www.fairhealth.org

Get the Most Out of Your Healthcare PlansWith Price Transparency Tools From FAIR Health

Try our newMobile App

Plan Management Tools & Data Analytics

n Facilitate administration of out-of-net work claimsn Assess trends in your plan’s utilization of healthcare services over time and geographyn Compare claims experience to local and regional datan Identify network gapsn Uncover opportunities for wellness initiatives

Customized Member Tools

n Demonstrate the value of plan participation n Enable members to estimate out-of-network costs n Reduce appeals and questions to HR staffn Provide cost profiles for treatment of common conditions

FAIR Health is a national, independent not-for-profit corporation whose mission is to bring transparency to healthcare costs and insurance information.

Put FAIR Health’s claims database of over 15 billion billed procedures to work for you.



by John McCulloch, JD, CSSC

EMPLOYMENT LIABILITY

by John McCulloch, JD, CSSC

and Other Taxable Claims– how Taxes and Periodic Payments Can help get Them Settled


ever since the Supreme Court

decision in Commissioner v.

Schleier,1 the vast majority

of employment settlements

have been deemed taxable. With

few exceptions, attempts to get

employment recoveries excluded from

income have all met with failure.

Most employment risk is either

self-insured, or has a large self-insured

retention limit, making the settlement

of employment claims in a cost

effective manner an important part

of any risk managers job. By careful

use of settlement planning in order to

minimize tax loss, a self-insured can

potentially settle employment claims

for less while putting more money in a

plaintiff ’s pocket.

given the number of changes to

the tax code and cases addressing tax

issues within the last few years, and

as tax rates are projected to increase,

at some point in the settlement

process the tax consequences of the

damages should be examined. After

all, a settlement that is fully taxable to

the claimant results in fewer dollars

than a claim that is tax deferred,

partially taxable, or tax exempt. even

a simple allocation between wages

andnon-wagescanmakeasignificant

difference in how much a claim settles

for. even beyond that, the ability to

use structured settlements (periodic

payments) to lower the amount the

claimant loses to taxes can achieve a

better bottom line outcome and get

claims settled for a reasonable amount.

Section 104 of the Internal revenue

Code excludes from gross income

compensation for personal physical

injuries or sickness. under this section,

personal injury awards were not

includable in gross income. The Small

Business Job Protection Act of 1996 (the

“Act”), signed into law on August 20,

1996, was aimed at employment claims

and restricted the scope of Section 104

to physical, as opposed to personal,

injuries. The Act also singles out

emotional distress damages, providing

that they are not considered a physical

injury or sickness, even those emotional

distress injuries that result in physical

symptoms, such as headaches and ulcers,

firmlyclosingthedooronthepossibility

that purely emotional or mental injuries

that do not originate in a physical injury

be excluded from taxation.

The IrS has had occasion to rule

at least once on what constitutes a

physical injury in the context of an

employment claim since the Act was

passed. In Plr 200041022, the Service

held that in a sexual harassment case

only damages that resulted in an

“observable physical harm” would

receive tax exempt treatment under

Section104. All other damages from

the harassment claim were held to be

includable in gross income. While there

have been dozens of cases in Tax Court

trying to exclude emotional distress

or its manifestations (ulcers, migraines,

bruxism, etc.) they have all failed.

There are some exceptions. One

often overlooked provision is the

exclusion for medical expenses as

definedunderSection213(d)ofthe

Code. In the employment context, one

case in particular we worked on had

extensive psychiatric care stemming

from a sexual molestation. Psychiatric

and mental health care falls under

Section 213(d) of the Code and was

found to be excludable.

Another potential exception is

when a hostile work environment

causes an exacerbation of an

existing physical injury. In Parkinson v.

Commissioner2 a taxpayer worked long

hours under stressful conditions as the

chief supervisor of a medical center

and suffered a heart attack while at

work and had to reduce his work week

and ultimately took medical leave and

neverreturned.Hefiledsuitinfederal

district court under the Americans

With Disabilities Act, claiming the

medical center failed to accommodate

his severe coronary artery disease.

The case settled for $350,000, which

the IrS found to be taxable. The

TaxCourtdisagreed,findingthatthe

workplace environment that triggered

heart attacks resulted in half of the

settlement being tax exempt. Similarly,

in Domeny v. Commissioner,3 the Tax

Court found that an employment

settlement which compensated the

taxpayer, in part, for the worsening of

her multiple sclerosis, was excludable

from income as well.

given that employment related

recoveries are generally taxable,

the question becomes how do

thenegativetaxramificationsofa

settlement help a claims handler? The

answer in many cases is settling the

case with a structured settlement or

periodic payment plan as opposed to

a lump sum.

As a general rule it is most often

advantageous to receive and be taxed

on income in a later tax year rather

than an earlier tax year. It makes far

more sense to defer recognition of

income, than to receive large sums of

money at once and pay taxes at a higher

rate immediately. For example, the tax

consequences of a $500,000 recovery

spread into ten equal installments over

ten years is substantially less than the

tax consequences on the payment if it

is all received and taxed in one year. The

concept of deferred income recognition

has been around for decades with

deferred compensation agreements for

highly compensated executives.

By dealing with the taxation issues

through a structured settlement

consultant, the claims handler can

negotiate for periodic payments that


result in a much better outcome from an income tax perspective for the claimant.

A structured settlement consultant versed in taxable damage issues can help the

claimant avoid certain pitfalls like constructive receipt and improper allocation.

Making the claimant aware of these issues, and how deferring the taxation of all or

part of the award can be done through a structured settlement, enables the claim

to be resolved sooner.

For example, let’s say the demand to settle a harassment claim in California is

$400,000 (not including attorney fees).

Without adjusting the tax liability for

deductions and credits, the Federal tax

liability would be 35% and the state

tax liability 9.3% if the claimant were

to receive the $400,000 in a lump

sum, losing over $177,000 to taxes

immediately. Instead of a lump sum,

let’s say the defense offered to pay him

$40,000/year for 10 years, at a cost of

$360,000. By spreading payments out

over a ten-year period, the claimant

will lower their tax bracket to 25%

Federal and 6% state, all while earning

money on the 44.3% that would have

been lost to taxes. It is this deferral

that allows for higher net dollars to the

claimant than an equivalent amount

paid in cash. Plainly stated, by using

periodic payments, a defendant can pay

less but a claimant will get more.

The tax consequences of a

settlement or judgment should be


considered in every taxable case

(not just employment litigation) of

significantsize.Thetaxcharacterization

can have a dramatic effect to the

parties involved in litigation. From

a practical standpoint, the failure to

consider the tax consequences of a

damage award by counsel can result in

a legal malpractice claim.4

It is vitally important to examine

thetaxramificationsofarecovery

in the employment context and

explore viable alternatives to improve

the client’s tax situation. The use of

structured settlements for taxable

damages allows the claimant to achieve

a better bottom line outcome by taking

advantage of deferred recognition

of income and tax deferred growth.

Structured settlement consultants who

specialize in taxable settlements are a

free resource available to any claims

handler or risk manager and can help

makeasignificantfinancialdifference

when settling employment and other

taxable claims. n

John McCulloch is the vice president

of Advanced Marketing for Integrated

Financial Settlements and a settlement

consultant with EPS Settlements Group.

His expertise is in the taxation of

damages and he has obtained two rulings

from the IRS on using periodic payments to

settle claims. His offi ce is located at 36 W

Randolph St., Suite 400, Chicago, IL 60601.

He can be reached at 630-864-8420 or

by email at [email protected]

1Commissioner v. Schleier, 515 u.S. 323, 132 l. ed. 2d 294, 115 S. Ct. 2159, 95-1 u.S. Tax Cas. (CCh) ¶95-2675, 95 T.N.T. 116-8 (1995).

2T.C. Memo. 2010-142, Doc 2010-14364, 2010 TNT 124-12

3T.C. Memo. 2010-9, Doc 2010-787, 2010 TNT 9-9

4grillo v. henry, Cause No. 96-167943-97; grillo v. Pettiette, Cause No. 96-144090-92; Jalali v. root, Cal.App. 4 Dist., 2003; graham v. harlin, Parker & rudolff 664 S.W.2d 945 (Ky. Ct. App. 1983); Philips v. giles, 620 S.W. 2d 750 (Tex. Ct. Civ. App. 1981).

Would you navigateuncharted waterswithout a compass?

As a leader in Group Captives, Berkley Accident and Health can steer you in the right direction.

With EmCapSM, our innovative Group Captive solution, we can help guide midsize employers to greater stability, transparency, and control with their employee benefits.

With Berkley Accident and Health, LLC, protecting your self-funded plan can be smooth sailing.

Stop Loss | Group Captives | Managed Care | Specialty Accident Berkley Accident and Health, LLC is the U.S.-based accident and health operating entity of the W.R. Berkley Corporation Member Companies. Coverages are underwritten by StarNet Insurance Company and/or Berkley Life and Health Insurance Company, both member companies of W.R. Berkley Corporation, and both A+ rated by A.M. Best. © 2012 Berkley Accident and Health, LLC

BAH AD-20120102 www.BerkleyAH.com


EDITORIAL NOTE: Commentary offered by the authors does not necessarily represent the views of SIIA.

recent developments at the federal and state levels of government, taken together, portend changes in the

regulation of stop loss insurance, which could lead more and more small and mid-sizefirmstoself-insurethaneverbefore. Although neither state nor federalofficialskeepcomprehensivestatistics on self-insurance, it appears to be growing in popularity as a feasible option. A recent study by the employee BenefitsResearchinstituteindicatesthat nearly 60% of private sector workers were in self-insured health plans in 2011, up from approximately 40% in 1998 and 1999.

the Changing regulatory Landscape for stop Loss Insuranceby Fred E. Karlinsky, Richard J. Fidei and Erin T. Siska

BackgroundAlthough stop loss insurance is not addressed in the Patient Protection and

Affordable Care Act of 2010 (the “Affordable Care Act or “ACA”), the National

Association of Insurance Commissioners (“NAIC”) recently reviewed proposed

action with regard to the regulation of stop loss insurance. The NAIC adopted

a Stop loss Insurance Model Act (#92) (the “Model Act”) in 1995, which was

amended in 1999 to clarify that the law applied only to insurers and did not impose

obligationsonemployerbenefitplansdirectly.Inessence,theModelActprovides

certainminimumstandardsforstoplossinsurancecoverage.Specifically,itprohibits

an insurer from issuing a stop loss insurance policy that has an annual attachment

point for claims incurred per individual which is lower than $20,000; has an annual

aggregateattachmentpoint(forgroupsoffiftyorfewer)thatislowerthanthe

greater of:

1. $4,000 times the number of group members

2. 120 percent of expected claims or

3. $20,000;

hasanannualaggregateattachmentpointforgroupsoffiftyormorethatislower

than 120 percent of expected claims; or provides direct coverage of health care

expenses for an individual. These minimum standards ensure that the plan sponsor


retains some of the risk in providing healthbenefitstoitsemployees,ratherthan transferring all or most of the risk to a stop loss insurer.

The Model Act was only adopted in its entirety by three states (Minnesota, New hampshire, and vermont). Other states have adopted certain parts of the Model law only, or have chosen to regulate stop loss insurance through other ways. For example, New York and Oregon have banned stop-loss insuranceforanyfirmswithfewerthanfiftyworkers.Manyotherstateshavestandards similar to those in the Model Act, but allow attachment points below $20,000.

So much time has passed since 1995 that the intended effect of the standards in the original Model Act has been minimized in today’s medical care environment. The obsolescence of the 1995 NAIC standards means, as a practical matter, that self-insured plans bear less relative risk, even in the few states where the Model Act was adopted. Accordingly, today, self-insured products with stop loss insurance or reinsurance that are marketed to smallfirmscloselyresemblehigh-deductible fully-insured plans, but are not subject to many state insurance regulations applicable to fully-insured plans pursuant to the federal employee retirement Income Security Act of 1974 (“erISA”). erISA states that multistate employers that offer a self-insured plan are not required to cover health care services for state-mandated benefits,asfully-insuredplansare.

Additionally, certain provisions of the Affordable Care Act are also presumably incentivizing small employers to self-insure rather than to participate in the state-based insurance exchanges.

Federal developmentsWhile it is well settled that erISA

insulatesmultistateemployeebenefit

plans from state regulation, the

AffordableCareActdoesnotdefine

what a self-insured plan is. Absent a

definition,thereisnoclearlegislative

guidance in ACA as to what a self-

insured plan is. More clear, however, is

which parts of ACA do not apply to

self-insured plans.

First and foremost, self-insured

plans are not subject to ACA’s essential

benefitrequirement,otherwiseknown

as the “employer mandate,” which

requires employers to provide certain

essential health insurance coverages

to their employees. These essential

benefitsincludehealthservicessuch

as maternity, mental health, and

prescriptiondrugbenefits.

In addition, self-insured plans are

not subject to ACA’s risk adjustment or

risk pooling requirements. Accordingly,

a self-insured plan can price its small

groupcoveragetoreflectthegroup’s

claims history or medical status or by

age, gender, or other factors. In contrast,

fully-insured plans, under ACA, can

only vary premiums by the average age

of the employees, the presence of a

wellness program, and tobacco use.

Additionally, self-insured plans are

not required to pay the annual fee that

insurers are required to pay on fully-

insured products pursuant to Section

1343 of ACA. however, self-insured

plans are required to contribute to the

transitional reinsurance program from

2014 through 2016 created by Section

1341ofACA,andconfirmedinFinal

rules promulgated by the Department

of health and human Services in

March 2013.

It bears noting that ACA only

applies to employers with 50 or more

employees. Smaller organizations, with

49 or fewer employees, do not need

to comply with these new Affordable

Care Act requirements, regardless of

whether they are self-insured or not.

developments at the state Level

In July 2012, the NAIC’s erISA (B) Working group circulated a set of draft guideline amendments to the Model Act, as amended, which would have essentially tripled the recommended stop loss insurance attachment minimums adopted in 1995. The new standards had been developed by the NAIC’s health Actuarial Task Force and were intended to update the 1995 standardstoreflecttoday’s economic realities.

Those speaking in favor of the updated standards at the NAIC’s Fall 2012 meeting argued that they wouldmaintainalevelplayingfieldandestablish reasonable expectations on stop loss insurance attachment points. They also said the updated standards would be important because they provide an alternative path for state-based regulation of health insurance, most of which is preempted by erISA. They asserted that if stop loss attachment points are unregulated, a high percentage of small groups are likely to self-insure, which would raise premiums noticeably in the small group market. On the other hand, if the recommended higher attachment points were to be adopted, that risk disappears.

Opponents argued that the Model law is largely irrelevant since it has been adopted in so few states. They also opposed the updated standards on the basis that they would close doors to options for small employers who are already facing tough choices; that the new standards were not actuarially sound; that they were unnecessary; and that an increase in self-insurance by small groups would not result in adverse selection against fully-insured plans or the insurance exchanges. rather, it was suggested that self-insured plans were meant to operate alongside fully-insured plans.


The adverse selection argument advanced by supporters of, higher self insurance attachment points is based on the projection that if the current attachment points remain at their existing levels, employers with young and healthy employees will self-insure until they encounter unexpected losses, at which time they will quickly switch to a public insurance exchange. however, others argue that even though young people do not usually have some of the health conditions that older populations have, young people still have family medical histories, pre-existing conditions, and are more prone to accidents and to take maternity leave. In addition, some advocate that there are substantial administrative costs associated with switching from one type of health plan to another, making it less likely for all but the smallest employers to switch back and forth from one plan to another.

ultimately, the NAIC’s proposed updates narrowly failed to pass at the NAIC’s November 2012 meeting. At the NAIC’s Spring 2013 meeting, the erISA Working group announced that it is working on a white paper to further explore the potential impact of regulation of small employer self-insurance on the small group market beginning in 2014.

In addition to the NAIC Model Act activity on stop loss insurance, there has beenarecentflurryofproposedstatelegislationdesignedtoregulatestop-lossinsurance.

In California, Senate Bill 161, if it passes, will lower the attachment points

currently set forth in California law for all stop loss insurance policies issued on or after January 1, 2014. It would change the individual attachment point from $95,000 to $65,000. The aggregate attachment point would need to be the greater of one of the following:

1. $13,000 times the total number of covered employees (down from $19,000 times the total number of covered employees)

2. One hundred twenty percent of expected claims; or

3. $65,000 (down from $95,000).

This bill was still making its way through the legislative process as of press time.

A bill passed in Colorado would require stop loss insurers to make


We Don’t Just Talk About Successful Teams: We Build Them

Teamwork is the foundation of any successstory. With the right partner, collaboration andsupport, you can achieve lasting results.When you team up with Meritain Health, yougain the experience of our 30 plus years inthe healthcare benefits industry, for a partnership you can rely on.

For more information, contact us today.

1.800.242.6226 www.meritain.com

© 2013. For self-funded accounts, benefits coverage is offeredby your employer, with administrative services only provided byMeritain Health, an independent subsidiary of Aetna Life Insurance Company.2013006

annualfilingswiththeColoradoCommissioner of Insurance with information including the following:

1. Total number and average group size of stop loss health insurance policies sold to employer groups with the following numbers of employees: less than 10; 11-25; 26-50; 50-100; or the number of lives covered in Colorado for eachofthesespecifiedgroupsizes.

2. The mean and median attachment points by these specifiedgroupsizes.

3. The source of prior coverage for thesespecifiedgroupsizes.

4. The smallest group size covered and insurer minimum group size requirements.

The Colorado Commissioner would collect such data for the year s2013-2018 and make the information publicly available. Stop loss insurers would alsoberequiredtofileanactuarialcertificationannually.

The bill would create an individual attachment point of $30,000 (just $10,000 more than the current Model Act standard but half of the proposed new NAIC standard). It would also impose an aggregate attachment point that is the greater of (1) $4,000 times the number of group members; (2) 120 percent of expected claims; or (3) $30,000. The Insurance Commissioner would be allowed to change these dollar amounts, by rule, based upon changes to the Consumer Price Index for the Denver metropolitan area. The

bill has passed in the Colorado house of representatives and the Colorado Senate but has not yet been signed into law by the governor.

utah’s Small employer Stop-loss Insurer Act, which was enacted earlier this year, applies only to groups with 50 or fewer employees and sets the attachment point at $10,000. It also contains a provision requiring stop-loss insurers to pay claims incurred but not reported if the plan terminates. The new legislation also prohibits lasering, thepracticeofsettinghigherspecificdeductibles for plan members with pre-existing conditions.

In rhode Island, if hB 5459 is enacted, the attachment points would be set at $20,000 for an individual or 120% of expected claims in the


aggregate. It would also require stop lossinsurerstofileanannualactuarialcertificationastotheircompliancewiththe law.

The Minnesota legislature also considered restricting the availability of stop loss insurance in their state, but decided not to take any action during this year’s legislative session. Similarly, the New Jersey Department of Banking and Insurance had also considered proposed regulations in recent years, but decided not to move forward.

Conclusion The maintenance of the status

quo vis-à-vis stop loss insurance at the NAIC level, combined with new proposed state laws that either lower current attachment point levels, or establish them at nominal amounts, and the ACA incentivizing self-insurance but not regulating it, portends the trend of less regulation of stop loss insurance. Of course, we will need to wait and seewhatthefinalimpactisonthesmall group health insurance market when many of the ACA provisions become effective on January 1, 2014. n

Fred Karlinsky, a Shareholder in Colodny, Fass, Talenfeld, Karlinsky, Abate & Webb, has a national reputation representing insurers and reinsurers throughout the United States and internationally in a wide variety of business, operational, regulatory, transactional and governmental matters. Recognized as one of the top insurance lawyers by Chambers and Partners, a global attorney ranking organization, Mr. Karlinsky has an in-depth knowledge of insurance compliance matters. He has established substantial relationships with insurance commissioners and their respective staff members throughout the country. On a 50-state basis, Mr. Karlinsky advises clients on operational issues including start-up activities, structuring

and financing, vendor relationships and a complete array of regulatory issues including licensure applications, compliance, expansion, solvency, rate and form filings, and financial and market conduct examinations. He also serves as an Adjunct Professor of Law at the Florida State University College of Law, where he teaches a course he helped to create, entitled “Insurance Law & Economics: Theory & Applications.

Rich Fidei, a Shareholder in Colodny, Fass, Talenfeld, Karlinsky, Abate & Webb, leads the Firm’s Insurance Regulatory Law Division. A member of the Florida and Pennsylvania Bars, he represents insurance companies, reinsurers, health maintenance organizations, managing general agencies, brokers, premium finance companies, third-party administrators, claims companies, and other insurance-related entities in connection with regulatory, compliance, administrative, and transactional issues. An experienced legal instructor and lecturer, Mr. Fidei prepares and delivers insurance and reinsurance presentations nationwide.

Erin T. Siska, an Associate in Colodny, Fass, Talenfeld, Karlinsky, Abate & Webb’s Insurance Regulatory Law and Corporate Transaction Divisions, has significant nationwide experience in insurance company licensing, compliance and regulation issues. On a multi-state basis, she works with insurers, reinsurers, resident and non-resident agencies, managing general agencies, third-party administrators, workers’ compensation carriers, surplus lines insurers and premium finance companies, among other regulated entities, to handle a broad array of matters such as market expansion and withdrawal, Form A filings, responses to market conduct and financial examinations, and other insurance regulatory matters.


For more information, visit us online at hcc.com/life.

A subsidiary of HCC Insurance Holdings, Inc. msl2162 - 03/13

Mind over risk.The secret weapon of businesses that dare to venture.

For firms with self-funded health plans, the potential risk of a catastrophic loss can shatter an enterprise. For nearly 35 years, HCC Life has been providing medical stop loss products — allowing our clients to take on opportunity with confidence. Our experience, underwriting talent and industry-leading financial ratings prove our strength, stability and commitment to our clients. We call it Mind over risk. HCC Life Insurance Company

hcc.com/life


Les Boughner

SIIA PreSIDeNT’S MeSSAge

If you are reading this, chances are that you have received information by now about the upcoming SIIA National Conference & expo, scheduled for October 21-13, 2013 in Chicago. I will certainly be there and hope you will be, too.

With the implementation of the ACA in 2014, it is no coincidence that the conference features numerous educational sessions designed to help employers and their business employers prepare and thrive in the new regulatory environment. Our theme “Outsmarting reform” was chosen to create a challenge for participants to not only implement ACA’s requirements, but do so creatively.

Companies involved in the self-insurance/alternative risk transfer marketplace have historically been highly entrepreneurial and this trend has only accelerated in the run-up to full ACA implementation in 2014. SIIA members in particular have been in high gear rolling out new products, servicesandhealthplanmanagementandfinancialrisktransferstrategiesthatwill help the self-insurance marketplace grow in the years to come.

While there are certainly obstacles ahead, SIIA is focused on helping its members and conference attendees outsmart the challenges inherent with major change. Of course, there is no substitute for being there so make plans to be at SIIA’s National Conference if you have not already done so.

Complete event information can be accessed at www.siia.org, or by calling 800/851-7789

I look forward to seeing you in Chicago. n

Getting ready to “Outsmart” reform


Excess Employers’ Liability

Excess Capacity•$5,000,000

Provided by an A.M. Best “A” (Excellent) XIV Rated Carrier

Self Insured GroupsPreferstable&established(4ormoreyears), homogenous groups with common effective date. Claims and/or Underwriting Audit may be requiredMinimum Retention

•$100,000•Lowerretentionsmay

be considered

Preferred Business Classes:•Healthcare•ReligiousInstitutions•Utilities•Agricultural•SpecialtyArtisans•PublicEntities•Transportation

[email protected]

Jake Harris, Vice President of Marketing610.828.3847

For Single Entities, Groups & Public Entities

•Schools•Contractors•AutoDealers•Hospitality•Manufacturing•Retail/Wholesale•FinancialInstitution


SIIA New Members

regular MembersCompany Name/Voting representative

Mike harrington, Principal, Axia Strategies, Savage, MN

raul Moreno, Director of Business Dev.,FIT for WOrK, llC, Schertz, TX

John Kelly, Managing Partner, hanover Stone Partners, llC, New York, NY

raymond Ankner, President, rMC Consultants, Naples, Fl

employer Memberseric Wiant, executive Director, Adams County BOCeS Self-Insurance Pool, Westminster, CO

SIIA would like to recognize our leadership and welcome new members Full SIIA Committee listings can be found at www.siia.org

2013 Board of directors

ChAIrMAN OF The BOArD*John T. Jones, PartnerMoulton Bellingham PCBillings, MT

PreSIDeNT*les Boughnerexecutive vP & Managing DirectorWillis North American Captive + Consulting Practice Burlington, vT

vICe PreSIDeNT OPerATIONS*Donald K. Drelich, Chairman & CeOD.W. van Dyke & Co.Wilton, CT

vICe PreSIDeNT FINANCe/ChIeF FINANCIAl OFFICer/COrPOrATe SeCreTArY* Steven J. linkexecutive vice President Midwest employers Casualty CompanyChesterfield,MO

directors

ernie A. Clevenger, PresidentCarehere, llCBrentwood, TN

ronald K. DewsnupPresident & general ManagerAllegianceBenefitPlanManagement,Inc.Missoula, MT

elizabeth D. Marinerexecutive vice Presidentre-Solutions, llCWellington, Fl

Jay ritchieSenior vice PresidenthCC life Insurance CompanyKennesaw, gA

Committee Chairs

ChAIrMAN, AlTerNATIve rISK TrANSFer COMMITTee Andrew Cavenagh President Pareto Captive Services, llC Conshohocken, PA

ChAIrMAN, gOverNMeNT relATIONS COMMITTee HoraceGarfieldvice President TransamericaEmployeeBenefitslouisville, KY

ChAIrWOMAN, heAlTh CAre COMMITTeeelizabeth MidtlienSenior vice President, SalesStarline uSA, llCMinneapolis, MN

ChAIrMAN, INTerNATIONAl COMMITTeegreg ArmsCo-LeaderMercerMarshBenefitsglobal leader, employee health & BenefitsPracticeMarsh,Inc.New York, NY

ChAIrMAN, WOrKerS’ COMPeNSATION COMMITTeeDuke Niedringhaus vice President J.W. Terrill, Inc.St louis, MO



Success comes from nurturing what’s possible. It takes a balanced approach to risk management, along with con� dence to act on the guidance from trusted partners with demonstrated expertise. Your clients rely on you. And at HM Insurance Group, we help you deliver. As a national leader in Stop Loss, HM helps you achieve results through smart innovations and decades of experience in the growing � eld of self-funding. Grow with con� dence. Find out if self-funding with HM Stop Loss makes sense for your growth-focused clients at hmig.com/con� dence/7

Con� dence to thrive in ever-changing conditions

Grow with proven insights in risk management.

HM PRODUCT PORTFOLIO: STOP LOSS WORKERS’ COMPENSATION | CRITICAL ILLNESS | ACCIDENT | DISABILITY INCOME | TERM LIFE

MTG-2492 (3/13)


Documents

Self-Insurer June 2013