Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

Similar documents
HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

ARE YOU HIP WITH HIPAA?

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

HIPAA & The Medical Practice

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

The wait is over HHS releases final omnibus HIPAA privacy and security regulations

What Does The New Omnibus HIPAA/HITECH Final Rule Really Mean For Employers And Their Service Providers?

Determining Whether You Are a Business Associate

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

Safeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker

503 SURVIVING A HIPAA BREACH INVESTIGATION

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.

AFTER THE OMNIBUS RULE

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

Compliance Steps for the Final HIPAA Rule

LEGAL ISSUES IN HEALTH IT SECURITY

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

HEALTHCARE BREACH TRIAGE

Getting a Grip on HIPAA

Management Alert Final HIPAA Regulations Issued

Continuous Compliance: An Operational Approach Must Address HIPAA

Highlights of the Omnibus HIPAA/HITECH Final Rule

To: Our Clients and Friends January 25, 2013

2016 Business Associate Workforce Member HIPAA Training Handbook

HIPAA The Health Insurance Portability and Accountability Act of 1996

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

HIPAA Privacy Overview

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

"HIPAA FOR LAW FIRMS" WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300

HIPAA Privacy Compliance Checklist

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA: Impact on Corporate Compliance

Compliance Steps for the Final HIPAA Rule

Be Careful What You Wish For: The Final Rule Is Out

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know?

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP

HIPAA Compliance Under the Magnifying Glass

HIPAA Omnibus Rule. Employer Alert

Business Associate Agreement

HIPAA and Lawyers: Your stakes have just been raised

Negotiating Business Associate Agreements

Palmetto Paralegal Association

Privacy Rule - Complaint Investigations

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

ACC Compliance and Ethics Committee Presentation February 19, 2013

HIPAA Compliance Guide

Effective Date: 4/3/17

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

HIPAA, Privacy, and Security Oh My!

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

Business Associate Risk

"HIPAA RULES AND COMPLIANCE"

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.

HIPAA COMPLIANCE. for Small & Mid-Size Practices

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school

The HIPAA Omnibus Rule

ALERT. November 20, 2009

HIPAA Privacy & Security. Transportation Providers 2017

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

HIPAA Background and History

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

HIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules

SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE

HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities

HIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional)

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group

OMNIBUS RULE ARRIVES

GUIDE TO PATIENT PRIVACY AND SECURITY RULES

Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule

March 29, 2018 Key Principles in HIPAA Compliance

H E A L T H C A R E L A W U P D A T E

HIPAA Redux 2013 Kim Cavitt, AuD Audiology Resources, Inc. Expert e-seminar 4/29/2013. HIPAA Redux Presented by: Kim Cavitt, AuD

New HIPAA Breach Rules NAHU presents the WHAT and WHYs. Agenda

HIPAA Basic Training for Health & Welfare Plan Administrators

Containing the Outbreak: HIPAA Implications of a Data Breach. Jason S. Rimes. Orlando, Florida

New. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below.

GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

Transcription:

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss, APC One Embarcadero Center, 12th Floor, San Francisco, California 94111 Telephone: 415-788-3111 Facsimile: 415-421-2017

Agenda HIPAA Enforcement Final Omnibus HIPAA Rules Issued 2013 Health Care Reform To-Do List 2

HIPAA Enforcement HIPAA Complaints HIPAA Compliance Reviews HIPAA Audits 3

Complaint Process HHS delegated to OCR authority to administer and enforce compliance with the HIPAA privacy and security rules Individual may file complaint with OCR for alleged violations of the privacy and/or security rule OCR website describes process for filing a complaint 4

Number of HIPAA Related Complaints to OCR 5

Complaints Typically Received by OCR Top 5 Complaints Impermissible uses and disclosure of PHI Lack of safeguards of PHI Lack of patient access to their PHI Uses or disclosures of more than the minimum necessary PHI Lack of administrative safeguards of ephi Top 5 Covered Entities Private Practices General Hospitals Outpatient Facilities Health Plans (group health plans and health insurance issuers) Pharmacies 6

Enforcement Results 7

Compliance Review OCR has authority to conduct agency-initiated cases > Determine whether entities subject to privacy and security rules are complying Initiated at discretion of OCR > For example, may initiate compliance review based on media reports that a violation has occurred Covered entity is required to cooperate with OCR > Must keep records and submit compliance reports > Permit access to facilities and records 8

HIPAA Audit Program HITECH Act requires HHS to provide for periodic audits to ensure that Covered Entities and Business Associates are complying with the HIPAA privacy and security rules and the HITECH breach notification requirements OCR launched pilot program in 2011 > 115 random audits (20 initial, and then 95 completed in 3 waves) > Conducted by KPMG from November 2011 through December 2012 9

Timing of Audit Pilot Program 10

Purpose of HIPAA Audit Pilot Program Examine mechanisms for compliance Identify best practices Discover risks and vulnerabilities OCR will share best practices gleaned through audit process via its website 11

Understanding HIPAA Audits Audits are random > An audit does NOT indicate that a complaint has been filed An audit is not an investigation Audits are not intended to be confrontational 12

Who Will be Audited in the Future? Every covered entity and business associate is eligible for audit Selections in initial round designed to provide broad assessment Covered providers of health services Health plans of all sizes and functions Health care clearinghouses Business Associates were not included in pilot program but may be subject to audits in the future 13

How Does the Audit Program Work? OCR engaged KPMG to conduct audits Will notify entities in writing of their section for audit > Notification letter will include a request for documents Every audit in pilot program included a site visit Following site visit, auditors will prepare a draft report and share it with entity Entity has an opportunity to discuss concerns and describe corrective actions it has taken to address issues identified in audit Auditor s final report to OCR will incorporate entity s corrective steps and best practices 14

What is the General Timeline for an Audit? OCR will notify the entity in writing when it is selected for audit OCR expects to notify selected entities between 30 and 90 days prior to anticipated onsite visit Notification letter will contain details regarding audit process OCR expects entities to provide requested information within 10 business days of the request for information 15

What is the General Timeline for an Audit? Onsite visits may take between 3 and 10 business days depending on organization After fieldwork is completed, auditor will provide entity with a draft final report Entity will have 10 business days to review and provide written comments to auditor Auditor will complete final audit report within 30 business days after the covered entity s response and submit it to OCR 16

What is the General Timeline for an Audit? 17

What Happens After an Audit? OCR will review final reports and use them to determine the types of technical assistance that should be developed OCR will determine what type of corrective actions are most effective At this time, audits are primarily a compliance improvement activity > An auditor s discovery of an error will most likely lead to a simple recommendation for corrective action Should the audit report indicate a serious compliance issue OCR may initiate a compliance review to address the problem 18

Current Audit Findings Smaller entities had more HIPAA related issues than larger entities For all entities, Security Rule compliance problems were more of an issue than Privacy Rule compliance problems 19

Preparing for a HIPAA Audit Use the Audit Protocol to review your HIPAA privacy and security program 20

Preparing for a HIPAA Audit Audit Protocol On June 25, 2012, OCR published the audit protocol that is being used in the current round of privacy and security audits Available at http>//www.hhs.gov/ocr/privacy/hipaa/enforcement /audit/protocol.html Protocol includes 165 key activities (77 related to the security rule, 10 related to breach notification, and 78 related to privacy rule) 21

Preparing for a HIPAA Audit Audit Protocol Provides questions auditors will be asking with respect to HIPAA compliance Use the audit protocol for purposes of improving HIPAA compliance programs 22

Preparing for a HIPAA Audit Regularly conduct self-audits (at least annually) Review policies, procedures, etc. Ensure that properly train workforce > Not only Privacy and Security officers > OCR will interview management to confirm that all levels of the organization are focused on compliance 23

Preparing for a HIPAA Audit Document, document, document > Retain copies of all Business Associate Agreements > Notice of Privacy Practices > HIPAA Policies and Procedures > HIPAA training programs, attendance records for the programs, training materials used > Document HIPAA security compliance For example, document decision NOT to implement a certain addressable security measure Ensure documentation is organized and accessible 24

Preparing for a HIPAA Audit Focus on Mobile Technology Recent OCR enforcement trends have focused on mobile technology Entities have faced penalties for lack of policies and procedures that directly address mobile technology OCR has established a new initiative addressing mobile technology OCR suggests the following measures > Use passwords > Install encryption > Install remote wiping > Use adequate controls when using wi-fi 25

Why Comply with HIPAA? If a HIPAA violation is discovered > Substantial Penalties > Burdensome Corrective Action Plans 26

Why Comply with HIPAA HIPAA Enforcement Actions 2012 Massachusetts Ear and Eye Infirmary Theft of an unencrypted personal laptop containing ephi of patients and research subjects > Investigation followed breach report submitted by MEEI > Lack of safeguards, $1.5 million resolution amount and corrective action plan Alaska DHSS Settlement Portable electronic storage device (USB hard drive) possibly containing ephi was stolen from vehicle of DHSS employee > Investigation followed breach report submitted by Alaska DHSS > Lack of safeguards, $1.7M resolution amount and corrective action plan 27

Why Comply with HIPAA HIPAA Enforcement Actions 2012 Blue Cross Blue Shield of Tennessee Settlement 57 unencrypted computer hard drives were stolen from a leased facility in Tennessee. Hard drives included PHI of over 1 million individuals, including names, SSNs, diagnosis codes, etc. > Investigation followed notice sent by BCBS > Lack of safeguards, $1.5M resolution amount and corrective action plan Phoenix Cardiac Surgery Settlement Physician practice was posting clinical and surgical appointments for patients on an internet based calendar that was publicly accessible > Investigation based on complaint > Lack of Safeguards, $100,000 resolution amount and corrective action plan 28

Why Comply with HIPAA? Civil penalties for violations based on level of culpability > From $100/violation (not to exceed $25,000/year for the same violation) to $50,000/violation (not to exceed $1.5 million/year for the same violation) 29

Why Comply with HIPAA? Criminal penalties can also be imposed > If convicted of wrongful disclosure of health information, a fine of up to $50,000 and a one-year term of imprisonment can be imposed > If the offense is under false pretenses, a fine of up to $100,000 and a 5-year term of imprisonment can be imposed 30

Why Comply with HIPAA? If convicted with the intent to sell, transfer or use health information for commercial or personal gain or malicious harm, a fine of up to $250,000 and a jail term of 10 years can be imposed 31

Complying with the New Omnibus HIPAA Rule Department of Health and Human Service has released Omnibus HIPAA Rules > Omnibus HIPAA rules effective March 26, 2013 > Covered entities and Business Associates must generally comply on September 23, 2013 (with a few exceptions) Omnibus HIPAA Rules implement changes to HIPAA Privacy, Security, Enforcement, and Breach Notification requirements 32

Breach Notification New Standard Old Rule: If information relating to the health plan is used or disclosed in violation of HIPAA, a notification obligation may be triggered if the use or disclosure compromises the security or privacy of such information and poses a significant risk of financial, reputational or other harm to the affected individual(s) Under Omnibus HIPAA Rules: HHS has eliminated the risk of harm standard 33

Breach Notification New Standard HHS clarifies that the presumption is that a breach requires notification to the affected individuals UNLESS > Covered entity demonstrates that there is a low probability that the PHI has been compromised based on a risk assessment Risk assessment consists of four factors > The nature and extent of the PHI involved > The unauthorized person who used the PHI or to whom the disclosure was made > Whether the PHI was actually acquired or viewed > The extent to which the risk to the PHI has been mitigated Where employer determines notice to individual is not required, it must document its risk assessment 34

Breach Notification New Standard New lower standard may lead to increased Breach Notifications, which may in turn lead to increased risk of enforcement action Note: Most of OCR s settlements with covered entities originated in a security breach 35

Breach Notification New Standard Employers should take steps to reduce risk of breach > Encrypt email containing PHI > Implement policies that generally prohibit storage of unencrypted PHI on portable electronic devices > Develop plan of action that will permit employer to document that erroneous recipients of unencrypted PHI never actually viewed the PHI (e.g., have IT department recall email or delete email) 36

Revised HIPAA Privacy Notices Must be Issued Background: Covered entities are required to provide Notice of Privacy Practices Notice must describe > The uses and disclosures of PHI that may be made by the covered entity > The individual s rights > The covered entity s legal duties with respect to the PHI 37

Revised Notice of Privacy Practices Must be Issued Omnibus HIPAA Rules require that employers make three additions to the Privacy Notice > Privacy Notice must state that the plan must obtain plan participant s authorization to use or disclose psychotherapy notes, to use PHI for marketing purposes, to sell PHI, or to use or disclose PHI for any purpose not described in the notice, as well as a statement explaining how plan participants may revoke an authorization > Privacy Notice must state that the plan is prohibited from using PHI that is genetic information for underwriting purposes > Privacy Notice must inform plan participants of their right to receive a notice when there is a breach of their unsecured PHI 38

Distribution of Revised Notice of Privacy Practices Must post revised Notice of Privacy Practices on benefits website by September 23, 2013 Distribute the revised Notice of Privacy Practices at next annual mailing to plan participants If employer does not maintain a benefits website, it must distribute the revised Notice of Privacy Practices within 60 days of revising the Notice If employer has already issued a Notice of Privacy Practices that complies with the Omnibus HIPAA Final Rules, it is not required to re-issue Notice 39

Re-Negotiate Business Associate Agreements Background: Covered Entities (e.g., health plans, healthcare providers) must enter into BAA with > Business Associates (e.g., TPAs, claims processors, billing companies, legal counsel, actuaries, accountants) > in order to disclose PHI to a Business Associate or allow a Business Associate to create, receive, maintain or transmit PHI on a Covered Entity s behalf 40

Re-Negotiate Business Associate Agreements New rules provide for broader definition of Business Associate > Subcontractors of Business Associates are also considered Business Associates Covered Entity may be held liable for improper acts of Business Associates > Omnibus HIPAA Rules eliminate prior exemption (if Covered Entity did not know of improper acts and had a BAA in place not liable) > Now Covered Entity can be held vicariously liable for violations of its Business Associate as long as Business Associate is agent of Covered Entity 41

Re-Negotiate Business Associate Agreements Must amend BAAs to include additional provisions: > Business Associates will comply with HIPAA Security Rule with regard to ephi > Business Associate will report breaches of unsecured PHI to Covered Entity > Business Associate will ensure that any subcontractors that create or receive PHI on behalf of the Business Associate will agree to same restrictions/conditions that apply to the Business Associate > To extent Business Associate is to carry out a Covered Entity s obligations, the Business Associate must comply with the requirements of the Privacy Rule in the performance of such obligation 42

Re-Negotiate Business Associate Agreements Timing > If had BAA in place prior to January 25, 2013 have until September 22, 2014 to amend BAA > Otherwise- will need BAA that complies with Omnibus HIPAA Rules by September 23, 2013 Model BAA provisions available on OCR website http://www.hhs.gov/ocr/privacy/hipaa/understandin g/coveredentities/contractprov.html 43

Complying with Omnibus HIPAA rules Update policies and procedures Re-train workforce 44

2013 To Do List for Health Care Reform Compliance Budget for new fees > Patient Centered Outcomes Research ( PCOR fee) Fees will fund the Patient-Centered Outcomes Research Institute Plans that are subject to the PCOR fee include Applicable self-insured health plans Specified health insurance policies Plans that cover employees, former employees and retirees 45

PCOR Fees (cont d) Plans exempt from PCOR fees > Health FSAs that are excepted benefits > Stand-alone dental and vision plans > Employee assistance programs, disease management programs, and wellness programs IF the program does not provide significant benefits in the nature of medical care or treatment > Plans designed specifically to cover employees who are working and residing outside of the United States > Stop-loss and indemnity policies 46

PCOR Fees (cont d) The PCOR fee is a temporary fee and will be imposed for plan/policy years ending on or after October 1, 2012 and before October 1, 2019 For plan/policy years ending on or after October 1, 2012, and before October 1, 2013, the applicable dollar amount is $1 (multiplied by average number of covered lives under plan/policy) For plan/policy years ending on or after October 1, 2013, and before October 1, 2014, the applicable dollar amount is $2 47

PCOR Fees (cont d) For a self-insured health plan, the PCOR fee must be reported and paid by the plan sponsor. For an insured health plan, the PCOR fee must be reported and paid by the insurance company. The fee is collected like a tax and is reported using an IRS Form 720 The first potential due date for filing IRS Form 720 is July 31, 2013 48

Transitional Reinsurance Fees Purpose of the Transitional Reinsurance Program is to help stabilize premiums for coverage in the individual market For 2014, HHS estimates the national per capita uniform contribution rate to be $5.25 per covered life per month for a total of $63 per covered life per year Reinsurance fee must be paid by health insurers and third party administrators on behalf of group health plans > Or by the sponsor of a self-insured, self-administered group health plan 49

Transitional Reinsurance Fees Plans that must pay fee include: > Self-insured group health plans > Insured group health plans covering employees, former employees, and retirees 50

Transitional Reinsurance Fees Certain entities are excluded (for example): > Any group health plan that does not provide major medical coverage > Coverage consisting solely of excepted benefits > Health reimbursement arrangements that are integrated with major medical coverage > Health savings accounts > Health flexible spending arrangements > Employee assistance plans, disease management programs and wellness programs, if they do not provide major medical coverage > Stop-loss and indemnity reinsurance policies, etc. 51

Transitional Reinsurance Fees HHS proposes to collect reinsurance contributions annually from all contributing entities No later than November 15, 2014, each contributing entity must submit to HHS its annual enrollment count of the number of covered lives for purposes of its reinsurance contributions for 2014 Within 15 days of that submission, HHS will notify the contributing entity of its required total contribution amount for 2014 The contributing entity must then submit the required payments to HHS within 30 days of the notification Reinsurance contributions for 2014 may be due no earlier than December 30, 2014 52

Distribute Notice of Exchange Prepare and distribute Notice of Exchange > Employers must provide all new hires and current employees with Notice of Exchange > Distribution of Notice delayed until late summer or fall of 2013 > To assist employers, DOL is considering providing model language that employers may use to satisfy this notice requirement 53

Preparing for Pay-or-Play An applicable large employer is subject to an assessable payment if either: > (1) the employer fails to offer to substantially all (at least 95%) of its full-time employees (and their dependents) the opportunity to enroll in minimum essential coverage under an eligible employer-sponsored plan and any full-time employee is certified to the employer as having received an applicable premium credit or cost sharing reduction for coverage purchased on the public exchange (section 4980H(a) liability) OR 54

Preparing for Pay-or-Play > (2) the employer offers substantially all (at least 95%) of its full-time employees (and their dependents) the opportunity to enroll in minimum essential coverage under an eligible employer-sponsored plan and one or more fulltime employees is certified to the employer as having received an applicable premium tax credit or cost sharing reduction for coverage purchased on the public exchange (section 4980H(b) liability) 55

Preparing for Pay-or-Play The 4980H(a) penalty will likely be triggered because the employer does not offer enough of its full-time employees the ability to enroll in employersponsored health coverage The 4980H(b) penalty will likely be triggered because the employer s coverage is unaffordable or does not provide minimum value 56

Preparing for Pay-or-Play Determine if Applicable Large Employer If Applicable Large Employer > Review employees that make up workforce > If have variable hour/seasonal employees, determine whether to implement tracking > Review plan document eligibility provisions > Perform cost analysis regarding what type of coverage to offer to employees and dependents 57

Contact Elizabeth Loh, Esq. Trucker Huss, APC One Embarcadero Center, 12th Floor San Francisco, CA 94111 (415) 788-3111 eloh@truckerhuss.com www.truckerhuss.com 58

Disclaimer These materials have been prepared by Trucker Huss, APC for informational purposes only and constitute neither legal nor tax advice Transmission of the information is not intended to create, and receipt does not constitute, an attorney-client relationship Anyone viewing this presentation should not act upon this information without seeking professional counsel In response to new IRS rules of practice, we hereby inform you that any federal tax advice contained in this writing, unless specifically stated otherwise, is not intended or written to be used, and cannot be used, for the purpose of (1) avoiding tax-related penalties or (2) promoting, marketing or recommending to another party any tax-related transaction(s) or matter(s) addressed herein 59

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback