Know which agencies and compliance directives put your business at risk.
In 2012, the
first wave of audits enforcing health care reform compliance directives under
the Patient Protection and Affordable
Care Act (ACA) ran its course. Just three years later, the risks have
further elevated as other government bodies that co-enforce the ACA are
introducing new audit activities of their own.
“The reality is that government entities
are now working in tandem under inter-agency ‘memorandums of understanding’ that
communicate with each other about their audit findings,” said Dennis Fiszer,
Chief Compliance Officer, Eastern Region, HUB International. “If an auditor
notices a problem outside of his or her enforcement zone, the auditor will often
pass along specific ‘tips’ about which organizations have compliance weaknesses.”
The reason for this new surge in audits
is three-fold:
- ACA Funding Gap –
As the gap grows larger, the government will become increasingly compelled to
make up the shortfall by seeking penalty enforcement recoveries.
- ACA Complexity - ACA-related
regulations are estimated to be over 25,000 pages. The scope of these
requirements and the lack of detail on how it applies to real world situations
all heighten the risk for compliance breakdown and therefore potential audits.
- Employee or Plan
Participant Complaints - Every agency now maintains an online presence soliciting
the public to communicate with them directly about workplace issues they
witness, which can trigger audits.
Employers must ramp up their
efforts to ensure compliance ahead of a potential audit. The best way to do
this is to know which government entities and laws could put your business at
risk.
Common Employee Benefits Audit Triggers
In addition to some state
exchanges, federal agencies including the Department of Labor (DOL), the Department
of Health and Human Services (HHS), the Internal Revenue Service (IRS) and the Equal Employment
Opportunity Commission (EEOC), have all increased audit activities, targeting
specific directives (see side bar for a complete list). The
following are a few common audit triggers that apply across markets.
DOL Audit Triggers
- Age 26
coverage: Health
plans must provide a sample of the written notice describing enrollment rights
for dependent children up to age 26 who have used the plan since September
23, 2010.
- Retroactive
coverage takeaways (recessions): If the plan
has rescinded coverage, it must supply a list of all affected individuals
and a copy of the written notice 30 days in advance of each
rescission. For any identified rescissions, the auditor will seek to
discern whether the ACA’s fraud standard, or an intentional
misrepresentation of a material fact, justified the rescission.
- Grandfather
status:
Employers that are retaining grandfathered plan status must provide
documentation to substantiate that status, as well as a copy of the
required annual notice distributed to participants advising of the plan’s
grandfather protections. Not surprisingly, the agencies are generally
unfriendly to grandfather protections and may scrutinize the validity
behind an employer’s attempt to assert such status.
- Waiting
periods: Plan
sponsors are precluded from using waiting periods that delay coverage beyond
90 days from hire date. The DOJ may examine whether that occurred in a
representative number of situations, but most especially if an employee
has complained of a potential violation.
IRS Audit Triggers
- ACA
reporting: The
ACA now requires a self-reporting employer mechanism to assist the IRS
with oversight of the federal mandate to offer full-time employees
“minimum value” health coverage at an “affordable” contribution. In the
future, failures associated with employer reporting (primarily the 1094-C
and 1095-C forms) can trigger penalties of $100 per incident up to $1.5
million. Employer reporting could
also reveal additional underlying employer health coverage mandate
violations. Although those penalties are triggered separately, mistakes
have the potential to produce substantial fines. And assessments exceeding
$3,000 annually may be triggered for specific people if the coverage is
not actually affordable, even if the employer has comprehensively offered
coverage to its entire full time workforce.
- Hours
tracking: Under the ACA, the standard for
eligibility has been set at 130 hours per month. An employer with a
workforce that keeps unpredictable hours - including those expected to
work fewer than 130 hours per month - will necessitate the use of
complicated “variable hour” tracking and status designations, which can
invite significant enforcement scrutiny.
Ramp Up Compliance Efforts Today
Just as audit failures can result in
significant penalties for organizations that sponsor employee benefit programs,
similarly enforcement agencies benefit greatly from this supplemental revenue,
even using it to hire more auditors (as has been seen with CMS Medicare
Secondary Payer enforcement).
“Although federal regulators have
publicly indicated that for the initial phases of ACA compliance, the agencies ‘wish
to cooperate’ with employers to help them understand the new law before
throwing the book at anyone, HUB recommends that employers ramp up compliance
efforts now to help ensure they do not bump into problems down the road,” said
Fiszer.
For any employer that is contacted by an
enforcement body, HUB suggests a comprehensive and organized response to help
push the government towards an easier target. The more prepared and organized a
plan sponsor is in advance, the more efficiently and swiftly a plan-related
compliance audit can be resolved. For more information on how to avoid these
and other penalties triggered by an audit, contact your HUB Employee Benefits
team.