RIMS 2015

Anticipating ACA Risks

Speakers identify key compliance risks presented by the ACA and how to head off vulnerabilities.
By: | April 23, 2015

As implementation of the Affordable Care Act rolls onward, many employers are still lagging in compliance due to the law’s complexity, according to a presentation at the annual RIMS conference held this week in New Orleans, La.

One reason could be is that the act itself is about 10,000 pages in length.

“People tell me they’ve read the whole thing. I don’t believe them,” said James Anelli, partner at LeClairRyan, a law firm that also provides business counsel.

The primary area of confusion, especially for smaller employers, is determining whether or not they are in fact covered by the ACA. Employers must offer “minimum-value” health care coverage if they have at least 50 full time – or “full time equivalent” – employees.

Full time equivalency is calculated by adding all part-timers’ service hours per month and dividing by 120. An average of 30 hours per week qualifies as full time. Employers with many part-time employees often get tripped up here, as “service hours” include actual work time, paid time off and vacation days.

Wellness plans present another challenge. Encouraged by the ACA as a method to create a healthier workforce and reduce costs long-term, wellness initiatives have come under heavy fire by the Equal Employment Opportunity Commission for violations of the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA).

The EEOC filed three lawsuits against employers in 2014, alleging that their wellness plans were not effectively “voluntary” due to severe penalties or withdrawal of incentives levied against employees who did not participate.

“If your company has not had a conversation with your D&O carrier, you’re a little behind on the times,” said Randy Jouben, director of risk management for Five Guy Enterprises, Inc.

“We know there will be claims,” and employers should know who will cover their defense costs.

“If there’s a section that plaintiff’s attorneys will latch onto, it’s the retaliation provision.” —  Randy Jouben, director, risk management, Five Guys Enterprises, Inc.

The ACA’s non-discrimination provision with respect to benefits also makes employers vulnerable to litigation. Employers can’t offer advantages like free coverage or shorter waiting periods to highly compensated employees.

The penalty for doing so is an excise tax of $100 per day for each individual negatively affected. But the real penalty will be in the cost to defend against claims by employees that claim they were treated unfairly.

“If there’s a section that plaintiff’s attorneys will latch onto, it’s the retaliation provision,” Jouben said.

An employee who is terminated could potentially claim they were targeted for objecting to an action or practice by their employer that does not comply with the ACA.

“The standard of proof is incredibly low,” Anelli said. An employee would simply have to show that their objection was a contributing factor to their termination; then the burden of proof falls on the employer to show it was non-discriminatory.

The speakers reiterated that “litigation will occur because of the sheer complexity and uncertainty surrounding numerous issues relating to ACA implementation.” With a lack of regulatory guidance in place, court decisions will fill in the gaps, and are likely to vary widely from state to state. In essence, ACA mandates will be enforced by plaintiff’s attorneys, more so than the federal government.

“Litigation will occur because of the sheer complexity and uncertainty surrounding numerous issues relating to ACA implementation.”

In addition to lack of guidance, many companies lack the resources to update their systems and policies quickly and effectively.

According to Jouben, risk management, human resources, IT and legal departments all need to work together to identify compliance issues, because “no one group will fully understand it.”

“This screams for ERM,” he said.

“This is an opportunity for risk managers to be the heroes. They have to let people know who’s on the hook.”

New reporting requirements also present additional risks. Beginning in 2015, employers must report certifications for penalty exemptions and other details of the coverage they offer to the IRS.

“Many HR systems are not set up to capture this information,” Jouben said. Many may not distinguish, for example, between stand-alone dental and vision plans – which may not be covered by the ACA – and those that are rolled into full health care plans, which would be subject to ACA provisions.

Collecting and reporting more detailed health plan information also introduces greater cyber risk.

Employers should adopt “clean desk” policies, ensuring that physical documents are scanned into systems that can encrypt their information and are then shredded.

Thirty states so far have enacted laws to destroy personal identifiable information or otherwise render it undecipherable through encryption. Forty six states have legislation requiring notification of a breach to all affected parties.

Jouben and Anelli also addressed concerns that ACA implementation will drive up health care costs. Jouben pointed out that hospitals and health care providers have been a driving force in stabilizing rate increases, and Medicare reimbursement rates have actually decreased. However, it’s unclear if this trend will continue.

Regardless of its effectiveness in reducing health care costs thus far, the reality is that the ACA is here to stay for the foreseeable future, and employers must face its complexity head-on, utilizing resources from every department to find gaps in compliance.

Katie Dwyer is a freelance editor and writer based out of Philadelphia. She can be reached at [email protected].

More from Risk & Insurance