Starting July 1, 1997, employers and plan administrators were required to provide Certificates of Insurance Coverage under the Health Insurance Portability and Accountability Act (HIPAA), for employees and their dependents.1 As explained below, these Certificates are part of HIPAA's mechanism for resolving the thorny problem of employees losing their health insurance coverage due to preexisting medical condition exclusions when they join a new group health plan.
For example, previously when employees obtained new employment , they often encountered preexisting medical condition exclusions in their new employer's plan requiring them and their dependents to wait until the expiration of an "exclusion period" before becoming eligible for coverage and claim reimbursement. In more extreme situations, exclusions prevented employees and their dependents from obtaining health coverage for the preexisting condition. HIPAA attempts to resolve this problem by promoting the availability and portability of health insurance coverage by:
offsetting the preexisting condition exclusion period by providing a credit for prior health coverage; ú limiting exclusions for preexisting medical conditions;
prohibiting discrimination in enrollment and premiums based on "health status"; and
providing individuals with a "special enrollment" period when they lose other health coverage or have a new dependent.
While these provisions make healthcare more accessible to employees, they also increase the administrative burdens placed on employers, plan administrators and insurers and create the potential for substantial civil penalties and damage claims against employers if appropriate mechanisms are not established adhering to HIPAA's requirements.
Portability of Health Coverage Provisions
HIPAA's most important provisions involve the portability of health insurance benefits. These provisions allow employees and their dependents to reduce and even eliminate their new plan's exclusion period for preexisting medical conditions. This is accomplished by the issuance of a Certificate, which identifies the number of days of "creditable coverage" that an employee has as of the enrollment date. Creditable coverage simply means the number of days of group health coverage that an employee had in his or her former plan prior to enrolling in the new plan. This total is then used by the current plan to offset the preexisting condition exclusion period.
For example, if an employee had 100 days of creditable coverage, then the exclusion period under the new plan would be reduced by 100 days; if the exclusion period is 90 days, then the employee will have no break in coverage. However, an exception exists for all coverage occurring prior to a significant break in coverage, which is defined as 63 consecutive days or longer. All coverage occurring before a break in coverage of 63 days or longer is not creditable coverage and cannot be used to offset the exclusion period.
HIPAA also contains an alternative method for calculating creditable coverage for five specific categories of benefits. These categories are: mental health, substance abuse treatment, prescription drugs, dental care and vision care. Under the alternative method, a plan may elect to determine creditable coverage separately, for each of these categories, based on the length of actual prior coverage for each specific benefit, as opposed to merely using the period of creditable coverage for group health insurance generally. This, of course, assumes that the amount of creditable coverage for these benefits will be different (presumably less) than the amount of creditable coverage for group health coverage. If this method is chosen, the prior plan must provide such category specific information to the new plan and the prior plan may then obtain reimbursement from the new plan for the cost of assembling this information.
When Does A Certificate Have To Be Provided And What Is Required To Be Included On The Certificate?
Certificates must be provided automatically when an employee's or dependent's coverage ends under the plan. When the loss of coverage is a COBRA qualifying event, the Certificate must be provided to the employee and dependent no later than the time COBRA notice is required as well as after COBRA coverage ends.
Additionally, Certificates must be provided upon the request of an employee, a former employee, or a dependent, if the Certificate is requested within 24 months after loss of plan coverage; e.g. within 24 months of the employee's leaving the company or the cessation of COBRA coverage.
The following information must be included in the Certificate: (a) the issuance date of the Certificate; (b) the name of the plan that provided the coverage; (c) the name of the employee and dependent to whom the Certificate relates and any other information necessary for the plan to identify the employee and dependent; (d) the name, address and telephone number of the plan administrator; and (e) either a statement that the employee and/or dependent have at least 18 months of creditable coverage disregarding the period of coverage before a 63-day break in coverage2, or a statement identifying (1) the date any waiting period began, ( generally the first day of employment), (2) the date coverage began and (3) the date coverage ended.
If a dispute develops over the determination of the amount of creditable coverage, the employee and dependent must have an opportunity to appeal the plan's decision. HIPAA requires that a plan provide an appeals procedure for reviewing this determination.
Timetables
As of July 1, 1996, plan sponsors and administrators were required to begin gathering the information needed for Certificates since creditable coverage begins as of that date.
As of June 1, 1997, Certificates were required to be provided to current and former employees and their dependents upon request. And starting on July 1, 1997, for all new plan years, plans must prepare and accept Certificates for all other purposes required under HIPAA.
Limitations On Preexisting Medical Condition Exclusions
HIPAA also substantially limits preexisting medical condition exclusions in three important ways:
1. The Six Month "Look-Back" Rule. HIPAA provides that preexisting medical condition exclusions may relate only to a condition for which medical advice, diagnosis, care or treatment was requested or received within the six-month period prior to the date the employee became enrolled in the plan ("the look-back period"). Thus, a plan may not deny coverage for conditions for which medical advice, diagnosis, care or treatment was requested if the advice, etc. falls outside of the look-back period. In short, a plan cannot look back more than six months. However, it appears that a plan may impose an exclusion period if advice, care or treatment was received within the six-month look back period, even if the underlying condition was diagnosed more than six months prior to enrollment.
2. Maximum Length of the Exclusion Period. HIPAA establishes a 12-month limitation on the length of the preexisting medical condition exclusion period. This limitation is extended to 18 months for late enrollees. Accordingly, plans cannot limit coverage for more than 12 (or 18 months) going forward from enrollment for medical conditions occurring within the 6 month l ook-back period.
A late enrollee is defined under HIPAA as an individual who enrolls in a plan at a time other than at the first time the individual is eligible to do so or during a "special enrollment" period, as discussed below.
3. Elimination of Exclusions for Pregnancy and for Certain Children. Pregnancy may not be treated as a preexisting condition. Moreover, preexisting medical condition exclusions are eliminated entirely for newborns and adopted children under 18 as long as these individuals become insured within 30 days of birth or adoption.
Prohibiting Discrimination Based On "Health Status"
HIPAA also prevents plans from discriminating against individuals with respect to coverage or premiums based on health status. Health status is defined as: "medical condition, claims expe rience, receipt of healthcare, medical history, and evidence of insurability or disability." For example, if an individual had a history of extensive medical claims which occurred outside the six month look-back period, a plan could not penalize the employee on account of this individual's claims experience.
Accordingly, employers and plan administrators must instruct individuals who review eligibility requirements or who make coverage decisions not to base their decisions on anything that comes within HIPAA's broad definition of health status.
HIPAA also prevents employees from being excluded from coverage based on their participation in such activities as: motorcycling, snow-mobiling, all terrain vehicle riding, horseback riding, skiing and other similar activities.
Special Enrollment Periods
Special enrollment periods have been created for individuals and their dependents who lose other sources of health coverage. Under HIPAA, if: (1) the employee or dependent had been covered under another plan at the time coverage under a second plan was previously offered; (2) the employee or dependent declined enrollment in the second plan based on such other coverage; (3) the employee or dependent lost coverage under the first plan; and (4) the employee or dependent requested special enrollment in the second plan within 30-days of termination of health coverage in the first plan; then the employee and his or her dependents may enroll in the second plan within this special 30-day enrollment period.
Importantly, in implementing this section of HIPAA, plans must also provide a description of these special enrollment rights to anyone who declines coverage. Such notice should state:
If you are declining enrollment for yourself or your dependents (including your spouse) because of other health insurance coverage, you may, in the future, be able to enroll yourself or your dependents in this plan, provided that you request enrollment with 30 days after the other coverage ends. In addition, if you have a new dependent as a result of marriage, birth, adoption or placement for adoption, you may be able to enroll yourself or your dependents, provided that you request enrollment within 30 days after the marriage, birth, adoption, or placement for adoption.
Enforcement
HIPAA will be enforced by penalties assessed through the Internal Revenue Service, the Department of Labor and the Secretary of Health and Human Services. In general, the penalty for noncompliance is $100 per day, per violation. However, penalties may not be assessed in the event that the failure to comply is unintentional.
Accordingly, employers and plan administrators must track plan information carefully in order to adhere to HIPAA's requirements. Although HIPAA does not expressly create a cause of action for damages, ERISA (of which HIPAA is a part) does provide such a remedy for violation. Therefore, there is the risk that a court may recognize that former and present employees have a claim for damages, attorneys' fees, etc. under ERISA for violation of HIPAA. For example, if an employee with AIDS is unable to reduce the exclusion period because of a failure to provide the required notices under HIPAA or to prepare the required Certificate, then the employer and plan administrator may have breached their fiduciary duty under ERISA, raising the possibility of damages for the out-of-pocket medical expenses incurred by the employee or dependent as a result of such breach.
Duty to "Update" Information
Additionally, employers and plans must also make reasonable efforts to obtain updated information with respect to all dependents for use in preparing the Certificate. Employers can do this by making annual requests for updated information regarding changes in the status of employees and their dependents, including the beginning and ending dates of dependent status. Employers should also keep track of the addresses for all employees and their dependents. This is necessary since HIPAA requires that a Certificate be sent to both employees and their dependents upon termination of coverage.
Conclusion
In sum, it is important that employers and plan administrators work together with their insurers and attorneys to ensure that the proper mechanisms are in place to comply with HIPAA since failure to do so could have serious consequences. In fact, it will become apparent, in time, that this area of benefit regulation has become much more complex and, as with most new legislation, there will be many important questions where little administrative guidance exists.
_____________________
1 It is not possible to cover all of HIPAA's extensive provisions in this article. We have instead focused only on those key provisions affecting employers. However, HIPAA's coverage also extends to the following areas: portability of individual coverage, content of summary plan descriptions, HMO affiliation periods and guaranteed renewability in multi-employer plans.
2 As discussed in detail above, 18 months signifies the maximum exclusion period permitted under HIPAA.
*********************************************************************
Federal Legislation Requires "New Hire" Reporting
As of January 1, 1998, in New Jersey (and, on October 1, 1998, outside of New Jersey) all employers must report information on the hiring of all new employees within 20 days of the date of hiring to their State Directory of New Hires ("State Directory"). This requirement is part of the Personal Responsibility and Work Opportunity Reconciliation Act ("the Act") of 1996, which seeks to help states enforce child support orders and to assist them in verifying an individual's eligibility for unemployment and workers' compensation benefits. The State Directory is the agency created in all 50 states to receive such reports.
Under the Act, employers must provide a New Hire Report ("Report") identifying the employee's name, address and social security number, and the employer's name, address and federal identification number. Generally, employers may simply file a W-4 or an equivalent form with the State Directory.
The penalty for noncompliance can be between $25 to $500, per employee. The exact amount will be established by the State Directory on a state by state basis.
Employers with employees in two or more states may, if they transmit the Report either magnetically or electronically, designate only one state to receive information on all their employees. However, the employer must notify the U.S. Secretary of Labor, in writing, that it is designating one state for reporting purposes.
Upon the implementation of the Act, employers may be contacted by the State Directory or appropriate child support agencies concerning the need to withhold wages to pay child support obligations for new hires who have pending support orders against them.
Additionally, state agencies charged with enforcing unemployment and workers' compensation programs will be provided with this information for the purpose of determining whether the new hires are receiving unemployment or workers' compensation benefits. It is hoped that the Act's reporting requirements will enable states to crack down on abuses within these programs.
Lastly, each state will also provide such information to a Federal Directory of New Hires, providing the federal government with access to information on every new hire in the United States.
