New ACA Regulations Address Minimum Essential Coverage and Exemptions

by Anne W. Hance and Amy M. Gordon

The U.S. Department of Health and Human Services (HHS) and the Internal Revenue Service (IRS) released on January 30, 2013, two proposed rules and a final rule relating to the Affordable Care Act’s (ACA) requirement that individuals maintain “minimum essential coverage” (MEC) or be subject to a “shared responsibility” payment.

  • IRS Final Rule: The IRS issued final regulations in May 2012 addressing eligibility for the health insurance premium tax credit, which is available to certain low-income individuals purchasing a qualified health plan on a health insurance exchange.  The January 30, 2013 final rule supplements these regulations by finalizing the requirement that “affordability” of coverage available for the employee under an employer-sponsored group health plan is determined based on self-only coverage (and not family coverage).
  • IRS Proposed Rule: The proposed rule addresses (1) the obligation each taxpayer has to make a “shared responsibility payment” for himself, herself and any dependents who, for a calendar month, do not have MEC, and (2) exemptions to this payment obligation.  The limited exceptions for this payment obligation include individuals who lack access to affordable MEC.  The proposed rule addresses the difference in determining affordable MEC for an employee eligible for coverage under a group health plan (as described above) versus affordability for a “related individual.”  A “related individual” is one for whom an Internal Revenue Code Section 151 deduction can be claimed.
  • HHS Proposed Rule: The HHS proposed rule sets forth standards and processes by which a health insurance exchange will make eligibility determinations and grant exemptions from the shared responsibility payment.  This proposed rule also (1) identifies certain types of coverage deemed to be MEC , and (2) sets forth standards by which HHS may designate certain health benefits coverage as MEC. 

    For example, self-funded student health insurance coverage and Medicare Advantage Plans are proposed to be designated as MEC.  Additionally, sponsors of other types of coverage that meet designated criteria, such as providing consumer protections required by the Affordable Care Act, may apply to HHS for recognition as MEC.

Next Steps

Health insurance issuers will want to consider whether the various products they offer or administer will meet the MEC requirements set forth in HHS’s proposed rule, in order to respond to inquiries from customers, to meet notice requirements (including inserting model statements into existing plan documents, as applicable), and potentially to respond to exchanges making eligibility determinations.  If a product does not constitute MEC, issuers may want to consider whether to continue to offer the product in its current form or revise the coverage to meet the MEC requirements.

Sponsors of group health plans will need to consider the separate affordability standards for employees and for related individuals and the implications for group health plan participants, and either modify coverage to meet the MEC standards, or consider the consequences of the shared responsibility payment.

Early Retiree Reinsurance Program Application is Now Available

Today the Early Retiree Reinsurance Program (ERRP) Application was posted on the Health and Human Services (HHS) website.  Applications are being accepted as of today, June 29, 2010. The ERRP will stop accepting applications once it appears that the $5 billion appropriated for the program will be exhausted; therefore, it is imperative that employers interested in participating in the ERRP submit their application as soon as possible.  The link to the application and instructions are as follows:

In addition, HHS published some Dos and Don’ts with respect to your submission of the application, the link is as follows:

For more details, please click here

House and Senate Bills Call for Medical Loss Ratios for Insurers

The Facts

Both the Senate and House health reform bills would impose Medical Loss Ratio (MLR) requirements on insurers. MLR measures the percentage of an insurer’s premium revenue spent on health care services. In the House bill, the Secretary of HHS would have to establish the MLR at or above 85 percent. Any issuer with a lower MLR would have to provide “rebates to enrollees of the amount by which the issuer’s medical loss ratio is less than the level so specified.” The House bill also would impose MLR requirements on Managed Care Organizations (MCOs) and Medicare Advantage Plans (MA Plans). The Senate bill is less onerous for insurers because the MLR is currently set at 80 percent and state taxes would be excluded from the MLR determination. Note, however, that potential revisions to the Senate bill reportedly include a 90 percent MLR. In the House bill, the MLR provision would expire January 1, 2013 (excepting the MA Plan and MCO requirements), while the Senate’s would remain in effect until December 31, 2013. 

What’s at Stake

Health insurance issuers could potentially be forced to provide significant rebates. The cost of these rebates will greatly depend on which costs are excluded from the MLR determination. Also, the MLR provisions in the House bill applicable to MA Plans and MCOs have no sunset provisions, thus increasing their potential long-term impact.

Steps to Consider

  • Follow the legislation closely because it is a very fluid process, and assess its impact.
  • Understand the impact of the proposed MLR requirements and be prepared to adapt quickly to their requirements.
  • Closely analyze which details are left to the Secretary of HHS to define by regulation. The rulemaking process will provide an opportunity for advocacy, should MLR provisions be enacted.

Security Breach Notifications

The Facts

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) includes significant investment in health information technology to facilitate the adoption of a U.S.-wide health information network and requires HIPAA covered entities, business associates, vendors of personal health records and related entities to notify individuals when their personal health information is subject to a breach of security.  The U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) recently issued rules relating to these security breach notification requirements.  Compliance with these regulations will require the expenditure of significant time and expense, and, therefore, health care and related industries should begin immediately familiarizing themselves with the rulemakings and updating their processes and procedures to comply accordingly. 

What’s at Stake

HIPAA covered entities, business associates, vendors of personal health records and related entities could be subject to penalties for not properly notifying patients or customers, as applicable, of security breaches involving the patients’ or customers’ individually identifiable health information.  Note that while the HHS rule is effective September 23, 2009, HHS will delay enforcement for six months.  This means that HHS will not impose sanctions for failure to provide the required notification for breaches discovered before February 22, 2010.  Similarly, while the FTC rule is effective September 24, 2009, the FTC will delay enforcement for six months.  This means that the FTC will not impose sanctions for failure to provide the required notification for breaches discovered before February 22, 2010.

Steps to Consider

  • If your organization is a HIPAA covered entity, business associate, vendor of personal health records or related entity, review the HHS and FTC regulations, which can be viewed here and here, respectively. 
  • Affected entities should immediately begin to develop a compliance plan, because the effective date of the HHS rule is September 23, 2009, and the effective date of the FTC rule is September 24, 2009.
  • Consider filing comments on the HHS rule on or before the October 23, 2009, deadline. 
  • For a summary of these regulations, review McDermott’s White Paper entitled “Regulatory Update: HITECH’s HHS and FTC Security Breach Notification Requirements.”