Now, faced with an aging baby-boomer generation and increased costs related to disability litigation, the U.S. Department of Labor’s Employee Benefit Security Administration (DOL) has proposed new rules that would revise and strengthen the current rules for claims adjudication of disability claims under welfare and retirement plans.
The United States Supreme Court’s recent landmark rulings on same-sex marriage have significantly changed employers’ options and obligations with respect to benefit coverage for employees’ same-sex spouses and partners. Until recently, some employers voluntarily extended benefits to same-sex partners in recognition of the fact that same-sex couples had limited ability to marry. However, now that same-sex marriage is legal in all 50 states and recognized under federal law, employers must extend certain spousal benefits to same-sex spouses and can do so without additional administrative complexity. In addition, some employers are phasing out unmarried partner benefits by requiring partners to marry in order to be eligible for spousal benefit coverage.
(c)2015 by The Bureau of National Affairs, Inc., reprinted with permission.
On September 29, 2015, the U.S. Department of Health and Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to strengthen its efforts in both general enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Standards and enforcement of security breach reporting requirements. OIG commissioned both studies out of concern for the increased risk of an invasion of privacy and exposure to fraud, identity theft and other harm that patients face in an ever-expanding digital health environment.
A new obligation has been introduced requiring large commercial organisations operating in the United Kingdom to publish a “slavery and human trafficking statement” at the end of each financial year.
The requirement extends to all commercial organisations in any part of a group structure (wherever incorporated, and whether a company or a partnership) that carry on a business, or part of a business, supplying goods or services in any sector in the United Kingdom and have annual turnover of at least £36 million. This includes the turnover of any subsidiary undertakings, regardless of where those subsidiaries are based or operate.
Read the full UK Employment Alert.
On October, 30, 2015, the Equal Employment Opportunity Commission (EEOC) issued a proposed rule that would amend regulations implementing Title II of the Genetic Information Nondiscrimination Act of 2008 (GINA), as they relate to employer wellness programs. Title II of GINA protects employees from employment discrimination based on their genetic information, including the health status of workers’ families.
In its decision on October 6, 2015 (file-no. C-362/14), the European Court of Justice (ECJ) stated that the commonly used Safe Harbor Principles, which were previously deemed to be a safe way to legally transfer data to the United States, are non-binding for national data protection authorities. Thus, after this judgment, the harbor is not “safe” anymore. The court’s decision causes great difficulties for a wide range of internationally operating companies that regularly transfer personal data to their U.S. parents.
The Facebook Case
In this case, the ECJ had to decide whether the national Irish data protection authority could independently investigate and assess a complaint from an Austrian citizen who claimed that the Irish subsidiary of Facebook illegally transferred his personal data to the United States and illegally saved them on a U.S. server. The Irish data protection authority rejected the complaint on the grounds that Facebook submitted itself to abide by the Safe Harbor Principles. Based on a decision of the European Commission on July 26, 2000, data transfer to a company that submitted itself to the Safe Harbor Principles, on which the U.S. Department of Commerce elaborated, was considered under European law to be “safe” (i.e., an adequate level of data protection was guaranteed). As Facebook met these standards, the transfer to Facebook’s U.S. server should have been considered absolutely safe and thus legal, given the European Commission’s decision.
Reasoning of the Decision
This held true until October 6, when the ECJ clearly rejected the widely used and regarded as secure Safe Harbor practice, despite the European Commission’s decision in 2000. The judges criticized several aspects of the Commission’s decision.
First, the ECJ found that the European Commission lacked the authority to make a binding decision on behalf of the national data protection authorities about whether companies that submitted themselves to abide by the Safe Harbor Principles met the required standard for a legal transfer. In addition, the ECJ emphasized that the European Commission failed to properly consider in its decision that in case of a conflict of laws, U.S. law supersedes the Safe Harbor Principles. Last but not least, the European Commission did not consider the key fact that U.S. state authorities are basically granted un-restricted access to any data transferred to the United States (as has been proven by the National Security Agency (NSA) scandals that Edward Snowden exposed). The ECJ complained that state authorities were not covered, and even more importantly not bound, by the Safe Harbor Principles. Also, the court noted that the individuals concerned had no administrative or judicial means of getting informed about their saved data or enforcing the saved data to be deleted.
What Does This Ruling Mean – in the Facebook Case and in General?
For the reasons above, the ECJ required the Irish state authority to examine the Facebook complaint with due diligence and, at the conclusion of its investigations, to decide irrespective of the Safe Harbor Principles whether the transfer of the data of European Facebook users to the United States should be suspended on the grounds that the United States does not afford an adequate level of protection of personal data. This equally applied to all other EU member states and was not limited to the data transfer of Facebook. European citizens may request the national state authority for data protection to investigate whether the transfer of specific personal data to the United States complies with European standards.
General Standard Clauses
Another previously safe way to legally transfer data to third-party countries was the use of so-called general standard clauses that were enacted by the European Commission and guaranteed an adequate level of protection of personal data. However, the court’s reasons that justified the invalidity of the Safe Harbor Principles suggest that the general standard clauses would most likely share the same destiny. The general standard clauses were negotiated and enacted by the European Commission, which lacked the authority to do so. Also, the general standard clauses are risky, because the European Commission has not properly assessed that U.S. state agencies would have un-restricted and comprehensive access to any transferred data. However, the general standard clauses will enjoy a grace period until the ECJ declares them non-binding.
The ECJ’s recent decision will certainly increase the already-existing legal insecurities relative to data transfer from Europe to the United States. The newly negotiated agreement between Brussels and Washington on the transatlantic transfer of personal data will most likely have little impact on this legal un-certainty, as the judges expressly doubted the European Commission’s authority to enact binding rules for member states’ data protection authorities.
On October 23, 2015, the U.S. Departments of Labor (DOL), Health and Human Services (HHS) and Treasury issued frequently asked questions (FAQs) on the implementation of preventive care and wellness provisions of the Affordable Care Act (ACA) and mental health parity disclosure, adding to the existing list of 28 previous editions of FAQs on the implementation of ACA.
Budget legislation signed into law by President Barack Obama on November 2, 2015, the Bipartisan Budget Act of 2015, repeals the controversial automatic enrollment provision under the Affordable Care Act (ACA). Section 18A of the Fair Labor Standards Act (FLSA), added by the ACA, directed employers with more than 200 full time employees to automatically enroll new full time employees in one of the employer’s health benefits plans (subject to any waiting period authorized by law), and to continue the enrollment of current employees in a health benefits plan offered through the employer. This requirement, which had yet to take effect, was riddled with concerns and questions regarding how these employers would effectuate administration. The Budget Bill also sharply increased the amount of premiums employers pay to the Pension Benefit Guaranty Corporation, which will be detailed in a separate article.
The recently enacted Surface Transportation and Veterans Health Care Choice Improvement Act of 2015 includes provisions that will extend the deadlines for filing future Form 5500 and Form 990 series information returns. In addition, the legislation modifies rules relating to the ability of veterans to participate in health savings accounts (HSAs), allows employers to disregard employees receiving certain veterans benefits when determining whether they are subject to the shared responsibility requirements of the Affordable Care Act (ACA), and further extends the ability of employers to use excess pension assets to pay for retiree health and group-term life insurance.
The Patient-Centered Outcomes Research Institute (PCORI) fee was established under the Affordable Care Act (ACA) to advance comparative clinical effectiveness research. The PCORI fee is assessed on issuers of health insurance policies and sponsors of self-insured health plans. The fees are calculated using the average number of lives covered under the policy or plan, and the applicable dollar amount for that policy or plan year.