Phia Group Media


Phia Group Media

HIPAA Compliance Audits – Good News and Bad News

On February 1, 2021

By: Andrew Silverio, Esq.

In December 2020, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) released the findings of an extensive audit of Covered Entities and Business Associates, performed in 2016 and 2017 for compliance with various HIPAA requirements.  This data, available at, provides valuable insight into what Covered Entities are doing right, and what they’re doing wrong, when it comes to HIPAA compliance (of the Covered Entities audited, 90% were health care providers, 9% were health plans, and 1% were health care clearinghouses).

Rather than a general audit for compliance with all of HIPAA’s requirements, the audit focused on seven provisions.  It looked at compliance with the notice of privacy practices and content requirements, provision of notice – electronic notice (website posting), and right of access requirements (from the Privacy Rule), the timeliness of notification and content of notification requirements (from the Breach Notification Rule), and the security management process – risk analysis and risk management requirements (from the Security Rule).  For Business Associates, the scope of the audit was more narrow, focusing only on the notification by a business associate requirements (from the Breach Notification Rule), and the security management process – risk analysis and risk management requirements (from the Security Rule).

Overall, the audit found that compliance with requirements that come into play after a security issue or breach occur, such as breach notification requirements, is generally good.  Compliance with the requirement to make the applicable Notice of Privacy Practices online was also good.  However, the results were less positive in regard to other requirements which represent more of the “groundwork” in setting up proper safeguards and procedures.  For example, “… OCR also found that most covered entities failed to meet the requirements for other selected provisions in the audit, such as adequately safeguarding protected health information (PHI), ensuring the individual right of access, and providing appropriate content in their NPP. OCR also found that most covered entities and business associates failed to implement the HIPAA Security Rule requirements for risk analysis and risk management.”

These findings make sense from an intuitive standpoint – it’s easy to simply not think about HIPAA’s requirements until a problem arises.  However, this audit underscores the importance of creating proper safeguards proactively – doing so can result in less damage when and if a breach occurs, both financially and when it comes to preserving client and participant good will.

IP Law vs. Drug Prices – Round Two, Fight!

On June 24, 2019

By: Nicholas Bonds, Esq.

Health and Human Services (HHS) Secretary Alex Azar’s recent rule requiring drug manufacturers to include the list prices of their drugs in their television ads is being received by big voices in the industry with about as much enthusiasm as you might expect. Although the rule will not take effect until July 9, big-name manufacturers Merck, Eli Lilly, and Amgen, with the Association of National Advertisers in their corner, are suing HHS and Secretary Azar to block the policy on a combination of likelihood of confusion and First Amendment grounds. Lawsuit aside, the HHS rule drew heavy inspiration from trademark law for its design, and the Federal Government continues to look towards the intellectual property framework for ideas to drag drug prices out of the stratosphere.

Representative Elijah Cummings, Chairman of the Committee on Oversight and Reform, has been among those in Congress leading the charge in this battle over drug prices. Representative Cummings and Senator Debbie Stabenow have joined forces to enlist the Government Accountability Office (GAO) to review HHS’s system for managing patent licenses, with a special focus on Gilead Science’s HIV pill. The drug manufacturer relied, to an extent, on taxpayer-funded research to invent this drug, and are now charging rates that puts it out of reach for many desperate patients. Lawmakers like Cummings and Stabenow believe HHS could better enforce the government’s rights to royalties and licenses, and should take pricing into account when granting such valuable licenses.  

Meanwhile, Senators John Cornyn and Richard Blumenthal have introduced the Affordable Prescriptions for Patients (APP) Act, which is designed to empower the Federal Trade Commission to challenge the anti-competitive nature of patent thickets using its antitrust authority. These thickets encircle drugs like Humira and Lantus with dozens of overlapping patents, effectively foreclosing the possibility of generics or biosimilars from giving consumers cheaper alternatives. The bill also takes aim at the practice of pharmaceutical “product hopping,” a practice similarly designed with an eye toward keeping generics out of the market. By tweaking the absorption rate or dosage level of a drug, manufacturers can take advantage of state substitution laws that prohibit pharmacists from offering a generic if the drug is not bioequivalent or therapeutically equivalent. The AAP would deem both patent thicketing and product hopping to be anticompetitive behavior, and could have sweeping implications for patent prosecution and enforcement.

Some lawmakers, however, have jumped in the trenches alongside the pharmaceutical industry and are actively fighting to loosen requirements for securing patents. Senators Thom Tillis and Chris Coons have written a bill, to big pharma’s delight, that would amend Section 101 of the Patent Act to allow patents on products and laws of nature, abstract ides, and other areas of general knowledge – all areas the Supreme Court has previously ruled ineligible for patent protection under the current wording of the Patent Act.

Most on Capitol Hill agree: the drug prices are too damn high. IP law is indelibly embroiled in the battle to bring these prices down, and combatants on both sides are turning to the IP well for any tactical advantage they can find.

We Have a New Secretary of HHS

On February 10, 2017
By: Brady Bizarro, Esq.

In a rare overnight session, the Senate voted 52-47 (along party lines) to confirm Tom Price (R-GA) as Secretary of HHS. He will be managing a department with a $1 trillion budget and have the authority to rewrite ACA rules. Price is the author of perhaps the most extensive replacement healthcare bill; the Empowering Patient Frist Act, which provides age-adjusted tax credits for the purchase of health insurance. It’s a good bet that whatever congressional Republicans come up with in the near future, Price’s proposal will serve as the infrastructure.

HHS nominee Dr. Tom Price’s 2nd confirmation hearing: 5 things to know

On January 25, 2017
By Emily Rappleye

Rep. Tom Price, MD, R-Ga., faced another four hours of cross-examination Tuesday, this time with the Senate finance committee.

Grilled by Democrats and lauded by Republicans, Rep. Price’s second hearing comes ahead of a vote that will determine his nomination. The committee recessed and will reconvene to vote “promptly,” according to Sen. Orrin Hatch, R-Utah.

Here are five things to know about the second hearing.

Read more…

GOP on ACA replacement: Who wants what?

On January 23, 2017
By Emily Rappleye

Republicans in Congress have already laid the foundation for an ACA repeal through the reconciliation process, but what will replace the law still remains uncertain.

And while Republicans agree the ACA needs to go, they have not coalesced around a single plan yet. To provide some clarity around the replacement ideas out there right now, we pulled highlights from statements and plans put forth by President Donald Trump and several Republican leaders.

Read more…

Health Secretary Pick Tom Price Faces Questions on Stock Trades, Obamacare Plans at Confirmation Hearing

On January 18, 2017
By Stephanie Armour & Louise Radnofsky

Tom Price, president-elect Donald Trump’s pick to run the Department of Health and Human Services, vowed at a Senate hearing Wednesday to fight government regulations he said burden doctors and patients while Democrats voiced alarm his policies would gut federal health insurance programs.

Read more…

Federal regulators may try to kill critical illness insurance

On June 10, 2016
Jun 09, 2016 | By Allison Bell
Obama administration officials want to limit use of short-term health insurance in the United States to periods of three months or less.
Officials are also thinking about the possibility of banning the sale of critical illness policies and other policies that cover two or more specific diseases.
The so-called “tri agency” team — the Internal Revenue Service, the Employee Benefits Security Administration and the U.S. Department of Health and Human Services — has included those proposals in a new batch of draft regulations.
The agencies developed the draft regulations to implement the Expatriate Health Coverage Clarification Act of 2014, and to adjust the requirements for health insurance products other than major medical coverage.
With Americans living longer, it might be a good idea to take another look at critical illness insurance.
The three agencies are preparing to publish the regulations in the Federal Register Friday. Members of the public can send in comments up until 60 days after the official publication date.
The Centers for Medicare & Medicaid Services (CMS), part of HHS, announced the release of the draft in a statement about what HHS doing to help the Patient Protection and Affordable Care Act (PPACA) public exchange system.
CMS said it and HHS want to:
• Improve the PPACA risk-adjustment program, which is used to use cash from health plans with low-risk enrollees to compensate competitors that end up with high-risk enrollees. CMS wants to create an adjustment mechanism for part-year enrollees and let plans include enrollees’ prescription information when calculating health risk scores, according to a new batch of risk-adjustment program guidance.
• Forge ahead with previously announced efforts to increase documentation requirements for consumers who seek coverage outside the usual open enrollment period window. Officials say they hope getting tough on special enrollment period applicants will keep healthy people from waiting until they get sick to pay for health insurance.
• Limit use of products that some consumers might see as an alternative to buying major medical coverage. The three agencies described the limits in the draft regulations.

For more details about what the tri agencies said about health insurance products other than major medical insurance in the draft regulations, read on:
Expat coverage
The three agencies want to distinguish travel insurance that happens to cover travel-related health problems from “expatriate health plans,” or coverage aimed at U.S. citizens or U.S. residents who live outside of the United States on a long-term basis, according to the introduction to the draft regulations.
The three agencies want to require an issuer of expat coverage to be a substantial issuer of expat coverage. An issuer would, for example, have to maintain call centers in three or more countries, accept calls from customers in eight or more languages, and process at least $1 million in claims per year in foreign currency equivalents.
An expat plan would be exempt from some requirements that apply to ordinary major medical plans. In the United States, individuals usually need to show they have “minimum essential coverage” to escape from the penalty PPACA imposes on the uninsured, or underinsured. A minimum essential coverage plan cannot impose lifetime or annual limits on the amount of medical benefits a patient can get.
The tri agencies say they would exempt expat plans from some of the PPACA requirements that apply to minimum essential coverage, such as the ban on annual and lifetime benefits limits. But, to qualify as minimum essential coverage, an expat plan would have to cover inpatient services, outpatient facility services, physician services and emergency services.
An employer that sponsored a group health expat plan, and wanted to get credit for offering minimum essential coverage, would have to “reasonably believe” that the expat plan met the usual minimum essential coverage minimum value standards.
Critical illness insurance
PPACA exempts indemnity insurance from the PPACA major medical requirements.
The tri agencies have given their blessing in the past to indemnity products that pay a set, time-based benefit. The agencies have said, for example, that an insurer can pay $100 per day to a policyholder who enters the hospital. Insurers have asked the agencies to allow the sale of traditional supplemental policies that pay benefits to consumers who have certain kinds of conditions or get certain kinds of medical service.
The tri agencies say they are not sure whether a policy that covers multiple specified diseases or illnesses should qualify for excepted benefits status.
The agencies “are concerned that individuals who purchase a specified disease policy covering multiple diseases or illnesses (including policies that cover one overarching medical condition such as ‘mental illness’ as opposed to a specific condition such as depression) may incorrectly believe they are purchasing comprehensive medical coverage when, in fact, these polices may not include many of the important consumer protections,” officials say.
The tri agencies “solicit comments on this issue and on whether, if such policies are permitted to be considered excepted benefits, protections are needed to ensure such policies are not mistaken for comprehensive medical coverage,” officials say.
If the agencies let insurers continue to sell the policies, the agencies might limit the number of conditions that a policy could cover, officials say.
Short-term health insurance
The three agencies have been letting consumers continue to buy traditional short-term health insurance coverage outside the PPACA framework.
A short-term health insurance issuer usually requires applicants to go through a simple medical underwriting process. The issuer may decline to cover pre-existing conditions, and it may leave out benefits for mental health care, maternity care and other types of care that a PPACA-compliant major medical plan would cover. An issuer may also impose annual benefits limits of $100,000 or less.
For qualified applicants, short-term health insurance is often cheaper than major medical coverage, marketers say.
Issuers of short-term health insurance can sell the coverage all year round. Issuers of individual major medical coverage require consumers to show they have a legal excuse to get a special enrollment period before selling them outside the annual open enrollment coverage. The open enrollment period now lasts from Nov. 1 through Jan. 31. The rules mean that, for much of the year, short-term health insurance may be the only health insurance some consumers can buy, marketers say.
In most states, issuers can offer short-term health insurance available for periods of up to one year.
The three agencies want to keep consumers from using short-term health insurance as a convenient major medical alternative by limiting use of a policy to three months. The three-month time limit would include the period of any policy renewals as well as the original policy duration, officials say.
Indemnity insurance
In the past, the three agencies have let insurers continue to sell hospital indemnity insurance plans, which pay benefits to insureds who enter the hospital, or to cancer insurance policies and critical illness insurance policies, which pay benefits when insureds suffer from the covered diseases. The three agencies have said those products would be “excepted benefits.”
Excepted benefits are products free from the federal benefit design rules that usually apply to major medical policies.
In the past, federal agencies have said that excepted benefits policies should be used to fill in the gaps in the major medical policies that comply with PPACA, not as an alternative.
The tri agencies now say they are hearing about group health plan operators telling workers in employer-sponsored group health plans that indemnity policies and other supplemental products count as minimum essential coverage.
The agencies “are concerned that some individuals may incorrectly understand these policies to be comprehensive major medical coverage that would be considered minimum essential coverage,” officials say.
The agencies want issuers of the supplemental products to include prominent notices, in large type, stating that the products are supplemental products, not minimum essential coverage.

FAQs about Affordable Care Act Implementation (Part XXII)

On November 11, 2014
United States Department of Labor
Employee Benefits Security Administration

November 6, 2014

Set out below are additional Frequently Asked Questions (FAQs) regarding implementation of the Affordable Care Act. These FAQs have been prepared jointly by the Departments of Labor (DOL), Health and Human Services (HHS), and the Treasury (collectively, the Departments). Like previously issued FAQs (available at and, these FAQs answer questions from stakeholders to help people understand the new law and benefit from it, as intended.

Read more…

SIIA Provides Analysis on “Skinny” Health Plans in Response to WSJ Article

On May 31, 2013
 May 30, 2013 – The Wall Street Journal on May 20th ran a news story describing a strategy that an increasing number of employers are reportedly examining – especially self-insured employers – that involves offering a low-cost health plan covering only preventive health services.  As the article indicated, in essence, offering this type of low-cost – or “skinny” – plan does not violate the law.  More specifically, employers subject to the so-called employer mandate would not be subject to the punitive first prong of the employer mandate penalty tax (often referred to as the “no-coverage” penalty).  In other words, these employers would be found to be offering “minimum essential coverage,” and thus would avoid the penalty tax, provided the employer offered these low-cost, skinny plans to at least 95% of its full-time employees and their dependent children (under age 26). 

This article has generated multiple inquiries, so SIIA has prepared the following analysis to make sure its members are fully-educated on this subject matter.  Should you have additional questions, please contact SIIA Washington Counsel Chris Condeluci at 202/463-8161, or via e-mail at


So, how are “skinny” health plans permissible under the Patient Protection and Affordable Care Act (PPACA)?  To understand how offering a low-cost, skinny plan does not violate the law, thereby allowing an employer otherwise subject to the employer mandate to avoid a penalty tax, we must piece together various aspects of PPACA, starting with the definition of “minimum essential coverage,” and explain why this definition is so important.

“Minimum Essential Coverage” and the Individual Mandate

PPACA generally requires all individuals (and their dependents) to maintain “minimum essential coverage” each year.  “Minimum essential coverage” includes health insurance coverage provided under (1) a governmental program (e.g., Medicare, Medicaid, SCHIP, or TRICARE), (2) an employer-sponsored plan (i.e., a group health plan), (3) individual coverage offered by a health plan in the individual market, (4) “grandfathered” individual or group market coverage, and (5) any other coverage as specified by the Department of Health and Human Services (HHS).  If an individual (and their dependents) fails to obtain “minimum essential coverage,” the individual will be subject to a penalty tax for himself/herself (and their dependents, if any), unless a specific exemption from the penalty tax applies. 

Why Is This Important To Employers Interested In Offering Low-Cost, Skinny Plans? 

Recently proposed regulations implementing the individual mandate penalty tax indicate that an employer-sponsored plan (i.e., “minimum essential coverage”) is a “group health plan” as defined under the Public Health Services Act (PHSA).  The PHSA provides that a group health plan means an “employee welfare benefit plan” as defined under the Employee Retirement Income Security Act (ERISA).  ERISA defines an employee welfare benefit plan as “any plan, fund, or program…established or maintained by an employer…for the purpose of providing for its participants or their beneficiaries, through the purchase of insurance or otherwise, medical, surgical, or hospital care or benefits…”

A plan that covers preventive health services only would be considered a plan, fund, or program established and maintained by an employer that provides medical care or benefits through the purchase of health insurance or otherwise.  As a result, a low-cost, skinny plan would be considered a group health plan under the PHSA, and thus, “minimum essential coverage” for purposes of PPACA.  Therefore, an individual employee (and their dependents, if any) covered under this type of arrangement (i.e., a low-cost, skinny plan) would satisfy the individual mandate requirement and would not be required to pay a penalty for the year.

“Minimum Essential Coverage” and the Employer Mandate

Nothing under the PPACA requires an employer to offer health coverage to its employees.  Providing an employee benefit (i.e., health insurance coverage) is still voluntary.  But, an employer employing 50 or more “full-time equivalent employees” (FTEs) will be subject to a penalty tax if (1) it does not offer “minimum essential coverage” to at least 95% of its full-time employees and their dependent child(ren) under age 26 (known as the “first prong” of the employer mandate) or (2) the employer offers “minimum essential coverage,” but the coverage (a) is “unaffordable” (i.e., the employee contribution for the lowest cost self-only health plan exceeds 9.5% of the employee’s household income (or certain other “safe harbor” measures) or (b) does not provide “minimum value” (i.e., the plan fails to pay at least 60% of the cost of benefits under the plan) (known as the “second prong” of the employer mandate).

The employer mandate penalty tax is only triggered if a full-time employee purchases an individual market health plan through an Exchange created under PPACA and accesses the premium subsidy for health insurance now available under the law (provided the employee is eligible based on income).  Importantly, the amount of the penalty tax depends on whether the employer is offering “minimum essential coverage” or not.  For example, if an employer fails the first prong of the employer mandate, the penalty tax is equal to $2,000 times all of the employer’s full-time employees (minus 30).  Under the second prong, the penalty tax is equal to $3,000 for every full-time employee that accesses the premium subsidy.

Why Is This Important To Employers Interested In Offering Low-Cost, Skinny Plans?

As the first prong of the employer mandate indicates, if an employer is not offering “minimum essential coverage” to at least 95% of its full-time employees and their child dependent(s), the employer may be subject to a penalty tax equal to $2,000 times all of the employer’s full-time employees (minus 30).  For employers employing a significant number of full-time employees, this penalty tax could be substantial.  However, if an employer offers a low-cost, skinny plan to at least 95% of its full-time employees and their child dependent(s), the employer can avoid substantial penalties because – as discussed – this type of arrangement would be considered a group health plan for purposes of the PHSA, and thus, “minimum essential coverage” for purposes of PPACA, including the employer mandate.

Would an Employer Offering a Low-Cost, Skinny Plan Avoid All Penalties Under the Employer Mandate?

No.  As stated, under the second prong of the employer mandate, if an employer is offering “minimum essential coverage,” but the coverage is unaffordable or does not provide minimum value, the employer would be subject to a $3,000 penalty tax for every full-time employee that purchases an individual market health plan through an ACA-created Exchange and accesses a premium subsidy for health insurance.  In the case of a low-cost, skinny plan, this arrangement would in most, if not all cases, be affordable.  However, this type of arrangement would not satisfy the minimum value test. 

According to regulations issued by HHS and the Department of Treasury (Treasury), while a self-insured plan is not required to provide coverage for the “essential health benefit” categories, the plan’s minimum value is measured with reference to benefits covered by the employer that also are covered in any one of the “essential health benefit”-benchmark plans adopted by a State.  In other words, a plan’s anticipated spending for benefits provided under any particular “essential health benefit”-benchmark plan for any State counts towards the plan’s minimum value.  An “essential health benefit”-benchmark plan covers more than just preventive health services.  Therefore, a low-cost, skinny plan would not provide minimum value, thereby exposing the employer to a penalty tax in the event a full-time employee accesses the premium subsidy.

Will Federal Regulators Try to Restrict Skinny Health Plans Going Forward?

As the Wall Street Journal article indicates, Federal agency officials have stated that employers may offer a low-cost, skinny plan and at least avoid the first prong of the employer mandate.  But, the Federal regulators are certainly not approving of this practice.  Which begs the question, will the Federal regulators try to shut this practice down?  If they do, how can they do it? 

SIIA believes that the Federal agencies may conclude that this type of practice violates the new nondiscrimination rules that apply to fully-insured group health plans.  To date, the Federal government has not issued regulations detailing these rules.  In the case of self-insured plans, this practice may already violate the nondiscrimination rules applicable to self-insured arrangements under section 105(h) of the Internal Revenue Code (“Code”).  If not, contemporaneous with the issuance of the new nondiscrimination rules for fully-insured plans, Treasury may add to the current regulations under Code section 105(h), providing that offering low-cost, skinny plans could be discriminatory in certain instances. 

Only time will tell whether this Administration will attempt to use the nondiscrimination rules applicable to both fully-insured and self-insured group health plans to put a stop to this practice.  Until then, it appears that offering a low-cost, skinny plan is a viable strategy when it comes to an employer’s overall approach to offering health insurance benefits to its employees and complying with the new requirements under PPACA, including the employer mandate.  

That said, SIIA is not commenting on the relative merits of this approach at this time.  The purpose of this communication is simply to educate its members in order that they understand what is happening in the marketplace and potential regulatory responses.  Please watch for additional exclusive reporting as developments warrant.