Offering employee benefits in addition to wages is one way to help attract and retain quality employees. However, providing benefits entails a host of dizzying rules with clever acronyms such as “ERISA,” “COBRA,” and “HIPAA.” The headaches multiply for small business owners, who are busy running the business and possibly lack HR departments to handle benefits. However, regardless of the difficulty, failure to administer benefits properly can result in severe fines and penalties. This article offers a brief overview of the applicable rules and describes the problems that can arise when employers do not comply with them. Because of the complexity, this article is not a complete survey of the law and cannot describe all the nuances that business owners may encounter. However, an employer must know the general issues to look for and seek counsel when necessary.
What is ERISA?
The Employee Retirement Income Security Act (“ERISA”) affects nearly all employee benefits. Certain types of plans are exempt, but, importantly, there is no general ERISA exemption for “small plans”: ERISA can apply with 1 participant or 1,000 participants.
ERISA requires employers to be “fair”
ERISA does not require an employer to provide any benefits. Once the employer provides benefits, ERISA and its fiduciary duties can apply. In some ways, these fiduciary duties are common sense—an employer sponsoring a plan must act solely in the plan participant’s best interests, the employer must use the diligence and care of a “prudent person” in administering the plan, the plan’s only purpose must be to provide benefits to the participants, and generally, the employer cannot discriminate in providing benefits. Stated plainly—if an employer starts an employee benefit plan, it must actually and fairly conduct and maintain that plan in a way that benefits employees. Before doing something that may be “unfair,” business owners should seek counsel for analysis and advice.
ERISA requires employees to be informed of their rights
Employers must maintain a written plan document, distribute a summary of plan terms to the employees, and inform employees of the plan’s material amendments. Any documents distributed to employees must explain, in understandable terms, their rights, benefits and responsibilities under the plan. Failure to maintain these documents can subject an employer to ERISA liability. Employers must avoid unwritten ad hoc benefit plans and watch out for casual promises that can create ERISA liability.
ERISA requires annual reporting for some plans
An often-overlooked requirement of ERISA is the duty to file an annual report—the Form 5500, which is the “tax return” for an employee benefit plan. Failure to file Form 5500 can result in U.S. Department of Labor fines from $300 to $30,000 and IRS fines of up to $15,000 for certain plans. These fines are per year, per filing. The employer, and not the plan, must pay these penalties.
Form 5500 reports general and technical information about a plan. It describes the plan’s financial condition, general operation, and coverage of employees. It also asks questions about the employer, the employees, any funding for the plan (insurance, for example), status of plan assets, and other information needed to ensure a plan is compliant with law. The deadline for filing is the end of the seventh month following the end of the plan year. In general, Form 5500 helps the government ensure that employers operate plans in accordance with law.
Many employers are unaware of these requirements and don’t file. The IRS and the Department of Labor sponsor a correction program—where employers can come forward, admit fault, correct filings, and pay a fine that is drastically less than the fines the Department of Labor and IRS can charge. Employers should ensure they meet this Form 5500 requirement and correct where they are deficient, avoiding significant fines.
What is COBRA?
The Consolidated Omnibus Budget Reconciliation Act (“COBRA”) gives employees and certain family members a right to continue group health benefits after a job loss, reduction in hours, death, divorce, and other life events. Generally, this coverage is called “continuation coverage” because COBRA extends the coverage the employee had while employed. The continuation coverage lasts for at least 18 months, and employers may charge up to 102% of the cost of the coverage to terminated employees.
Employees must be informed of their COBRA rights
When an employee suffers a specified event that causes a loss of coverage, the employer must distribute notices describing COBRA rights. An employer can be subject to a $100/day penalty for failing to distribute the notice, and lawsuits against an employer under COBRA are often added to other claims in a wrongful-termination lawsuit.
Nuances make COBRA tricky in some situations
Despite COBRA’s apparent straightforwardness, there are some complications. COBRA only applies to employers with 20 or more employees. Determining the total number of employees is governed by complicated regulations that are cumbersome and technical for small businesses. Further, employers with less than 20 employees may be subject to “continuation coverage” under state law. Also, employees fired for “gross misconduct” are not entitled to COBRA. The definition of “gross misconduct” is not well defined and requires careful analysis should an employer wish to deny COBRA coverage. If an employer has a health plan, they must administer continuation coverage correctly for employees who may be eligible for COBRA.
What is HIPAA?
The Health Insurance Portability and Accountability Act (“HIPAA”) is an exceedingly complicated law. For most employers, the most relevant parts are the coverage provisions, the security provisions, and the privacy provisions. As with ERISA and COBRA, failure to comply with HIPAA can result in significant fines.
Concerning coverage, HIPAA is the corollary to COBRA—where COBRA affects coverage when an employee would otherwise be losing coverage, HIPAA affects coverage on the front end, when an employee begins participating in the plan. HIPAA limits the plan’s ability to exclude an employee for preexisting conditions, provides additional opportunities to enroll in a group health plan, prohibits discrimination based on health factors and genetic information, and guarantees access to individual health insurance policies for certain people. For example, a plan could try to limit or deny coverage to a new employee for a preexisting medical condition. Under HIPAA, a plan may limit coverage for that preexisting condition if medical advice, diagnosis, care, or treatment relevant to the condition was recommended or received during the six months prior to enrollment date in the plan. Otherwise, denying coverage for this preexisting condition could be improper. As this example illustrates, the rules are complicated. An employer must carefully analyze any waiting periods or exclusions.
Privacy and security
HIPAA’s privacy and security provisions impose additional, complicated restrictions on the use and disclosure of protected health information by group health plans. Employers sponsoring such plans must assess whether their plans are subject to these provisions and ensure they comply. Even if a third party handles the plan’s day-to-day administration, it is the employer’s, and not the third party’s, obligation to determine whether HIPAA applies. Compliance requires adoption of a host of policies and other procedures related to security and privacy.
The regulations affecting employee benefits are numerous. Business owners must not handle these issues alone, but they must be aware of the issues to consider and seek counsel to keep benefit plans running smoothly and without trouble from the Department of Labor, IRS, or other state agencies.