web
You’re offline. This is a read only version of the page.
close
Go tothe  Vita Companies Home Page
  • Solutions
    • Employee Benefits
    • COBRA
    • Pre-Tax Administration
    • Retirement
  • Resources
    • Coronavirus Resources
    • Help Center
    • Blog
    • Webinars
    • Compliance Calendar
    • Pre-Tax Resources
  • About
    • About Vita
    • Leadership Team
    • Vita Culture
    • Giving Back
    • Careers
  • Login
  • Contact Us
  • Your Employee Benefits Partner
  • Blogs
  • Archive
  • March 2023

Blogs March 2023

  1. 2022 San Francisco HCSO Reporting Due May 1

    System Administrator – Wed, 22 Mar 2023 15:00:00 GMT – 0

    The San Francisco Health Care Security Ordinance (SF HCSO) requires covered employers to make a minimum healthcare expenditure on a quarterly basis on behalf of all covered employees. While the ordinance has been in place for many years (since 2008), it has taken on a new dynamic due to the increased popularity of remote work. The annual reporting requirement is due next month (May 1 since April 30 falls on a Sunday), so now is a good time to be reminded of the requirements under the SF HCSO.
     

    Covered Employers

    Generally, employers are subject if they have 20+ employees with one or more working in the geographic boundary of San Francisco. In addition, employers are required to obtain a San Francisco business registration certificate. The threshold for non-profits is 50+ employees. Small employers with 0-19 employees (0-49 for non-profits) are exempt.

    Tip: The headcount for determining your company size under HCSO – both for determining applicability and expenditure rate – includes ALL employees, regardless of status, classification, or contract status. That means even temp or contract employees that are 1099 or through an agency still count!
     

    Covered Employees

    Employees working an average of eight (8) or more hours per week within the San Francisco city limits and entitled to be paid minimum wage. There is a waiting period of 90 days.

    Tip: Look at the exemption criteria closely. The manager/supervisor exemption is coupled with the salary exemption amount, meaning the two are not separate. An employee needs to make more than the salary exemption (2023: $114,141 annually) AND be considered a manager/supervisor/confidential employee per HCSO.

    Reminder: Remember that the definition of a covered employee under HCSO hinges on where work is performed. Given the move to remote work, you will need to count and confirm expenditures for employees who live/work in San Francisco.
     

    Calculating Expenditure Rate (Updated for 2022-2023)

    Rates are based on employer size and are calculated based on the per hour rate payable to covered employees.

    Medium Employer

    • Size Threshold: 20-99 (50-99 for non-profits)
    • 2022 HCSO Rate: $2.20 per hour
    • 2023 HCSO Rate: $2.27 per hour


    Large Employer

    • Size Threshold: 100+
    • 2022 HCSO Rate: $3.30 per hour
    • 2023 HCSO Rate: $3.40 per hour


    The reporting due on May 1 is for the 2022 plan year.

    Tip: Hours worked include both paid hours and entitled hours. Specifically, PTO hours that an employee is entitled to must be included in the hours worked calculation. Maximum hours for the calculation are capped at 172 per month.
     

    Making Expenditures

    For full-time, benefit-eligible employees, average costs for medical, dental, and vision can be used in determining the employer's contribution to health care. Most employers will easily reach the minimum expenditure for employees who are provided health insurance benefits. A large employer would need to spend approximately $568 per month in 2022 or $585 per month in 2023 for an exempt or 40-hour non-exempt employee. Most medical, dental, and vision premiums, when combined, exceed that amount. Remember that employee contributions cannot be included in the calculation (only the employer contribution may be counted).

    For non-benefit-eligible employees, the expenditure must be made quarterly. The simplest method for making an expenditure is via the San Francisco City Option, and most employers use this option for non-benefited employees.

    Tip: Being benefit eligible does not immediately mean that HCSO requirements are met, and expenditures do not need to be made. If a benefit-eligible employee waives the employer-sponsored health plan, the employer is still required to make a minimum expenditure on behalf of that employee. That means employers must pay into the City Option for employees that have waived (similar to non-benefit eligible employees) UNLESS the employee voluntarily signs an HCSO Waiver Form. Employers are prohibited from coercing employees to sign the form and the form language dissuades individuals from signing it. Due diligence would mean sending the Waiver Form to any employees who waived coverage, and. if the employee chooses not to sign, make the required quarterly expenditure.
     

    Due Dates - Regular

    Quarterly expenditures are due 30 days following the end of the quarter. First-quarter expenditures are due April 30th. Annual Reporting to HCSO of covered employees and expenditures made are also due April 30th. Submission is completed online. The online form will be posted to the OLSE HCSO website no later than April 1.
     

    Penalties

    The penalties for non-compliance are not insignificant. The penalties are up to $100 per employee per quarter for failure to make expenditures and up to $500 per quarter if the annual reporting is not submitted. There are also other penalties as well for retaliation, failure to provide records to OLSE, and failure to post the required notice. However, while there is no guarantee, the OLSE generally does not fine an employer that has been out-of-compliance and that now comes into compliance. The bigger risk is if an employee complains, as that is generally when the OLSE would act and penalize an employer for non-compliance.
     

    More Information

    SF HCSO Resources include training slides, rules, an administrative guide, and FAQs. This site also contains instructions for the online Annual Reporting Form.

    HCSO Annual Reporting Form

    2023 HCSO Poster

    • Compliance
  2. HIPAA Annual Report to Congress

    System Administrator – Tue, 07 Mar 2023 16:00:00 GMT – 0

    The HHS Office for Civil Rights (OCR) has prepared its Annual Report to Congress on HIPAA, Privacy, Security, and Breach Notification Rule Compliance. This report reflects reporting, complaints, and actions in the 2021 calendar year. In this article, we present key highlights of the report.
     

    Complaint Statistics

    New HIPAA Complaints

    34,077

    Total complaints alleging violations of the HIPAA Rules

    25% increase over 2020

    39% increase from 2017 to 2021

    Carried Over Complaints

    2,814

    Open complaints carried over from 2020

    Breakdown by Complaint Resolution

    26,420

     Total complaints resolved

    20,611

    78% resolved before initiating an investigation. Examples of this type would include alleged violations by an entity not covered by HIPAA, conduct that did not violate HIPAA Rules, or untimely reporting.

    4,169

    16% resolved by providing technical assistance in lieu of an investigation (pre-investigational technical assistance)

    718

    3% Covered Entity or Business Associate took corrective action

    89

    1% OCR provided technical assistance after initiating an investigation (post-investigated technical assistance).

    13

    Resolved via Resolution Agreements and Corrective Action Plans and monetary settlements totaling $815,150.

    2

    Resolved with civil monetary penalties totaling $150,000.


     

    Breach Statistics

    Under 500 Breach Reports

    65,571

    4% decrease from 2020

    500+ Breach Reports

    609

    7% decrease from 2020


     

    Compliance Review Statistics

    Compliance Reviews Initiated

    674

    Reviews to investigate allegations of violations of HIPAA rules that arose from breaches (not complaints). Heavy focus (90%) on breach reports affecting 500 or more individuals.

    Compliance Reviews Resolved

    573

    The vast majority of reviews were resolved with the entity taking corrective actions due to OCR involvement during the course of the investigation to come into compliance, agreeing to a settlement with a corrective action plan, or the imposition of a Civil Monetary Penalties (CMP).


    Of the completed compliance reviews, two cases were resolved with resolution agreements, CAPs, and monetary settlements totaling $5,125,000. What did these settlements look like?

    In the most egregious case, OCR investigated the Excellus Health Plan after it filed a breach report stating that cyber-attackers had gained unauthorized access to its information technology systems. Hackers installed malware and conducted reconnaissance activities that ultimately resulted in the impermissible disclosure of the PHI of more than 9.3 million individuals. OCR’s investigation found potential violations of the HIPAA Rules, including failure to conduct an enterprise-wide risk analysis and failures to implement risk management, information system activity review, and access controls. OCR considers these elements of HIPAA compliance foundational, thus applying a $5,150,000 penalty in addition to the Corrective Action Plan.
     

    OCR Funding Constraints

    Notably, the OCR did not perform any audits in 2021 due to a lack of financial resources. In April 2019, the maximum annual cap for three of the four penalty tiers was reduced (as it was determined this reflected a better reading of the HITECH Act). In the 2021 Annual Report, OCR requested that the HITECH civil monetary penalty caps be increased for 2023, but this update is pending at this time. These factors combined to cause strains on OCR’s limited staff and resources. This lack of necessary funding currently limits OCR’s HIPAA enforcement activities, and they have argued that it is critical to regaining resources during a time of substantial growth in cybersecurity attacks on the healthcare sector.
     

    What is Relevant for Employers Today?

    While the focus continues to be large health systems and commercial health plans, it is important that employers not rest on their laurels with regard to HIPAA Privacy and Security compliance. Despite acknowledged funding constraints, OCR has stated its intention to continue enforcement efforts in its mission to make sure that participant PHI is secure in the environment of heightened security risks.

    Employers should confirm the following elements are in place for their group health plan:

    • Written HIPAA Privacy and Security policies and procedures in place
    • Training for all employees with access to PHI
    • Processes, procedures, and security systems are in place to protect participants' PHI
    • Business Associate Agreements are in place for all vendors with whom PHI is shared
     

    Reference

    The full 25-page HIPAA Annual Report to Congress can be found here.
     

    Need Help Getting HIPAA Compliance in Order?

    Vita will be hosting a webinar titled “HIPAA Privacy and Security Compliance: Your 20-Year Checkup” on March 15, 2023. The session will focus on the key compliance elements for employer health plans so that you can leave empowered with an action plan to get compliant. Sign-up here.

    • Compliance
  • ‹ Newer
  • Older ›

Options

Blog Home Feed

Tags

ACA 12 COBRA 3 Compliance 94 COVID-19 12 Employee Benefits 31 Pre-Tax 19 Recruiting 1 Retirement 23

Archive

March 2023 2 February 2023 7 January 2023 4 November 2022 1 October 2022 5 September 2022 3 August 2022 5 July 2022 1 June 2022 2 May 2022 4 April 2022 1 March 2022 3 February 2022 3 January 2022 2 December 2021 1 November 2021 3 October 2021 1 September 2021 1 August 2021 3 July 2021 2 June 2021 2 May 2021 5 April 2021 2 March 2021 7 February 2021 2 January 2021 1 December 2020 8 November 2020 6 October 2020 3 September 2020 2 August 2020 2 July 2020 2 June 2020 4 May 2020 2 April 2020 3 March 2020 5 February 2020 2 January 2020 1 December 2019 6 November 2019 2 October 2019 3 September 2019 1 August 2019 2 July 2019 2 June 2019 4 April 2019 1 March 2019 4 February 2019 1 January 2019 1 December 2018 2 November 2018 4 October 2018 4 August 2018 3 July 2018 1 May 2018 2 April 2018 4 March 2018 6 February 2018 8 January 2018 13
  • Vita

    • 1451 Grant Road, Suite 200
    • Mountain View, CA 94040
    • (650) 966-1492
  • Solutions

    • Employee Benefits
    • COBRA
    • Pre-Tax Administration
    • Retirement
  • Resources

    • Coronavirus Resources
    • Help Center
    • Blog
    • Webinars
    • Compliance Calendar
    • Pre-Tax Resources

Privacy Policy | Form ADV Part 2A | Insurance offered through Vita Insurance Associates, Inc. (CA Insurance License #0581175 | DBA Vita Companies)

Investment advisory services offered through Vita Planning Group LLC, a Registered Investment Advisor with the SEC.

Check the background of your financial professional on FINRA'S BROKERCHECK

This site is published for residents of the United States only. Representatives may only conduct business with residents of the states and jurisdictions in which they are properly registered. Therefore, a response to a request for information may be delayed until appropriate registration is obtained or exemption from registration is determined. Not all of services referenced on this site are available in every state and through every advisor listed. For additional information, please contact Karl Hansen at (650) 567-9300.

Vita Planning Group LLC understands and attests that they are an ERISA fiduciary as defined in the Fiduciary Rule under the Employee Retirement Income Security Act of 1974 and the Internal Revenue Code of 1986. Vita Planning Group LLC adheres to the Impartial Conduct Standards (including the “best interest” standard, reasonable compensation and no misrepresented information). This relates to all ERISA accounts including Individual Retirement Accounts (IRAs).

BrokerCheck by FINRA

Copyright © 2023 Vita Insurance Associates, Inc. All Rights Reserved. | Privacy Policy