During the past 14+ years practicing employee benefits law, I’ve seen many changes, not the least of which has been the Affordable Care Act (ACA). However, with all of the recent changes flowing from the ACA, it is important not to forget some very basic and long-standing aspects of plan compliance, design, drafting and administration, particularly those rooted in significant part in a law enacted 40 years ago, the Employee Retirement Income Security Act, affectionately known as “ERISA.”

This post will discuss a basic ERISA requirement that if left unaddressed can have significant consequences under the ACA – defining who is eligible to participate in an employee benefit plan. Of course, defining who is eligible is not specific to group health plans, and is critically important for all employee benefit plans, including retirement plans, although, here, we are focusing on group health plans.

In short, plan documents that employers receive from their insurance carriers and third party administrators often do not drill down on which employees are eligible to participate. Adding to the long-standing requirement under ERISA to describe the rules for eligibility in plan documents furnished to employees, the employer shared responsibility penalties under Internal Revenue Code § 4980H, added by the ACA, and related regulations, make it critically important to ensure that eligibility provisions are carefully drafted. For many employers, a “wrap-document” may be a useful tool for addressing this and other provisions concerning the plan.

Section 101 of ERISA requires plan administrators to furnish summary plan descriptions (“SPDs”) to plan participants and beneficiaries. DOL regulations provide a laundry list of content requirements for SPDs, which include that the SPD must describe “the plan’s requirements respecting eligibility for participation.” DOL Reg. § 2520.102-3(j). To this day, many continue to believe that the insurance certificate they receive from their insurance carriers (or plan description in the case of a self-funded plan) are compliant “SPDs.” In most cases, they are not.

Does this look familiar:

You are eligible to participate in the plan if you are actively employed by the employer at least 20 or more hours per week and meet the requirements established by your employer.

This is language one might typically find in an insurance certificate for group health insurance. It is not uncommon to find that no additional requirements were specifically established by the employer, or if established, they might be found in an employee handbook, which is not the SPD or a plan document. However, many employers attempt to clarify this basic language, such as by including the following in the SPD – an employee is eligible to participate in the plan if the employee is regularly working 30 or more hours per week.

But what does this really mean? Under the ACA, a large employer (generally one with 50 or more full time equivalent employees) could incur significant penalties if it fails to offer minimum essential coverage to its full-time employees. IRS regulations provide extensive guidance concerning how to determine which employees are “full-time” employees for purposes of the employee shared responsibility penalties (in general, a full-time employee is one that on average works 30 or more hours per week). For those employers seeking to avoid the shared responsibility penalties under IRC 4980H, they must be offering the right kind of coverage to the right kind of “full-time” employees.

Offering coverage to all employees “regularly working 30 or more hours per week,” may result in the employer avoiding 4980H penalties, but it also could result in the company offering coverage to more employees than necessary to avoid the penalties, or not enough, depending on how the language is applied. For employers that have a significant part of their workforce on variable hour schedules, it can be a challenge to determine when employees are “regularly working” the minimum number of hours required for eligibility. This challenge is heightened when employees take leaves of absence, change positions or make other changes in their employment.

In addition to concerns about ACA penalties, employers should also consider that employees may be more likely to closely scrutinize plan documents for eligibility as they seek to avoid penalties of their own under the ACA individual mandate. A variable hour employee may feel she has been “regularly working” 30 hours per week after working 30 hours per week for two or three months, even though her employer is using a twelve-month initial measurement period permitted under IRS regulations to determine her full-time status. Under the terms of a plan stating the eligibility requirement as “regularly working 30 or more hours per week,” she might have a claim under ERISA, regardless of the ACA penalty issues.

The IRS regulations referenced above provide safe harbors to determine when employees are “full-time” employees for purposes of the 4980H penalty. Under one method, employers can “look back” over a period of months (as few as three, but not more than 12) to determine if an employee worked on average more than 30 hours per week, and for an employee that does, treat that employee as a full-time employee during a future period, the “stability period,” even if the employee’s hours worked in some weeks during that future period go below 30. Many employers are following those rules to determine who is eligible under their plans, believing that if they then offer the appropriate level of affordable coverage to those employees, they will avoid the penalties. However, their plan documents and SPDs may not describe these rules; that is, the rules to comply with the IRS safe harbors.

Simply incorporating the IRS regulations into the SPD by reference may not be a practical approach, and may not comply with ERISA and the DOL regulations above. However, employers will want to consider what additional language they need in their plan documents, particularly their SPDs, to appropriately reflect how eligibility is determined for purposes of ACA and to meet the DOL’s content requirements for SPDs.

So, as employers scramble to comply with the ACA employer shared responsibility mandate for 2015, they need to remember their ERISA basics and ask themselves, “What does the plan say?”

Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Joseph J. Lazzarotti Joseph J. Lazzarotti

Joseph J. Lazzarotti is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP)…

Joseph J. Lazzarotti is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

Privacy and cybersecurity experience – Joe counsels multinational, national and regional companies in all industries on the broad array of laws, regulations, best practices, and preventive safeguards. The following are examples of areas of focus in his practice:

  • Advising health care providers, business associates, and group health plan sponsors concerning HIPAA/HITECH compliance, including risk assessments, policies and procedures, incident response plan development, vendor assessment and management programs, and training.
  • Coached hundreds of companies through the investigation, remediation, notification, and overall response to data breaches of all kinds – PHI, PII, payment card, etc.
  • Helping organizations address questions about the application, implementation, and overall compliance with European Union’s General Data Protection Regulation (GDPR) and, in particular, its implications in the U.S., together with preparing for the California Consumer Privacy Act.
  • Working with organizations to develop and implement video, audio, and data-driven monitoring and surveillance programs. For instance, in the transportation and related industries, Joe has worked with numerous clients on fleet management programs involving the use of telematics, dash-cams, event data recorders (EDR), and related technologies. He also has advised many clients in the use of biometrics including with regard to consent, data security, and retention issues under BIPA and other laws.
  • Assisting clients with growing state data security mandates to safeguard personal information, including steering clients through detailed risk assessments and converting those assessments into practical “best practice” risk management solutions, including written information security programs (WISPs). Related work includes compliance advice concerning FTC Act, Regulation S-P, GLBA, and New York Reg. 500.
  • Advising clients about best practices for electronic communications, including in social media, as well as when communicating under a “bring your own device” (BYOD) or “company owned personally enabled device” (COPE) environment.
  • Conducting various levels of privacy and data security training for executives and employees
  • Supports organizations through mergers, acquisitions, and reorganizations with regard to the handling of employee and customer data, and the safeguarding of that data during the transaction.
  • Representing organizations in matters involving inquiries into privacy and data security compliance before federal and state agencies including the HHS Office of Civil Rights, Federal Trade Commission, and various state Attorneys General.

Benefits counseling experience – Joe’s work in the benefits counseling area covers many areas of employee benefits law. Below are some examples of that work:

  • As part of the Firm’s Health Care Reform Team, he advises employers and plan sponsors regarding the establishment, administration and operation of fully insured and self-funded health and welfare plans to comply with ERISA, IRC, ACA/PPACA, HIPAA, COBRA, ADA, GINA, and other related laws.
  • Guiding clients through the selection of plan service providers, along with negotiating service agreements with vendors to address plan compliance and operations, while leveraging data security experience to ensure plan data is safeguarded.
  • Counsels plan sponsors on day-to-day compliance and administrative issues affecting plans.
  • Assists in the design and drafting of benefit plan documents, including severance and fringe benefit plans.
  • Advises plan sponsors concerning employee benefit plan operation, administration and correcting errors in operation.

Joe speaks and writes regularly on current employee benefits and data privacy and cybersecurity topics and his work has been published in leading business and legal journals and media outlets, such as The Washington Post, Inside Counsel, Bloomberg, The National Law Journal, Financial Times, Business Insurance, HR Magazine and NPR, as well as the ABA Journal, The American Lawyer, Law360, Bender’s Labor and Employment Bulletin, the Australian Privacy Law Bulletin and the Privacy, and Data Security Law Journal.

Joe served as a judicial law clerk for the Honorable Laura Denvir Stith on the Missouri Court of Appeals.