Data privacy and security legislation and enforcement saw significant activity in 2018 and early 2019. McDermott’s 2018 Digital Health Year in Review: Focus on Data report – the first in a four-part series – highlights notable developments and guidance that health care providers, digital health companies and other health care industry stakeholders should navigate in 2019. Here, we summarize four key issues that stakeholders should watch in the coming year. For more in-depth discussion of these and other notable issues, access the full report.

  1. EU General Data Protection Regulation (GDPR) enhances protections for certain personal data on an international scale. US-based digital health providers and vendors that either (a) offer health care or other services or monitor the behavior of individuals residing in the EU, or (b) process personal data on behalf of entities conducting such activities should be mindful of the GDPR’s potential applicability to their operations and take heed of any GDPR obligations, including, but not limited to, enhanced notice and consent requirements and data subject rights, as well as obligations to execute GDPR-compliant contracts with vendors processing personal data on their behalf.
  2. California passes groundbreaking data privacy law. The California Consumer Privacy Act (CCPA), which takes effect on January 1, 2020, will regulate the collection, use and disclosure of personal information pertaining to California residents by for-profit businesses – even those that are not based in California – that meet one or more revenue or volume thresholds. Similar in substance to the GDPR, the CCPA gives California consumers more visibility and control over their personal information. The CCPA will affect clinical and other scientific research activities of academic medical centers and other research organizations in the United States if the research involves information about California consumers.
  3. US Department of Health and Human Services (HHS) Office of Civil Rights (OCR) continues aggressive HIPAA enforcement. OCR announced 10 enforcement actions and collected approximately $25.68 million in settlements and civil money penalties from HIPAA-regulated entities in 2018. OCR also published two pieces of guidance and one tool for organizations navigating HIPAA compliance challenges in the digital health space.
  4. Interoperability and the flow of information in the health care ecosystem continues to be a priority. The Office of the National Coordinator for Health Information Technology (ONC) submitted its proposed rule to implement various provisions of the 21st Century Cures Act to the Office of Management and Budget (OMB) in September 2018; this is one of the final steps before a proposed rule is published in the Federal Register and public comment period opens. The Centers for Medicare & Medicaid Services (CMS) released its own interoperability proposed rule and finalized changes to the Promoting Interoperability (PI) programs to reduce burden and emphasize interoperability of inpatient prospective payment systems and long-term care hospital prospective payment systems.

A recent Eighth Circuit decision regarding “cross-plan offsetting” serves as an important reminder of how ERISA’s fiduciary duties impact both employers and fiduciaries who handle claims.

The case involved the common practice of cross-plan offsetting, which occurs when a claims administrator resolves an overpayment to a provider by refusing to pay that provider for a future claim (or reducing the amount paid for that future claim)—even if the latter claim was made by a participant in an unrelated plan. Cross-plan offsetting allows claims administrators to quickly recover overpaid benefits without the time and expense associated with one-off recovery actions against providers. Defendant UnitedHealth Group (UnitedHealth) initially applied this practice among its in-network providers, but then expanded cross-plan offsetting to non-network providers beginning in 2007. This practice was challenged by two out-of-network doctors in the case at issue, Peterson v. UnitedHealth Group, Inc.

Access the full article.

When California’s Dynamex decision rolled out the “ABC test”, it placed the burden on the employer to prove independent contractor (IC) status. In a presentation at the Employment and Employee Benefits Forum in California, McDermott’s lawyers discussed the implications of Dynamex, as it applies to various types of employers as well as those using staffing companies. Additionally, they cover Dynamex’s impact on worker classification and employee benefits plans, particularly under ERISA.

Lastly, they provide best practices that employers can do now to prevent litigation.

View the full presentation.

Join us this Friday, February 8, for an interactive discussion on minimizing liabilities when terminating employees. Rachel Cowen and Brian Mead will talk about workplace investigations, releases and severance agreements.

Our lively 45-minute discussion will tackle the following topics:

  • 5 Best Practices for Termination
  • Tips for Preparing Releases
  • Dos and Don’ts With Benefits

Friday, February 8, 2019
10:00 – 10:45 am PST
11:00 – 11:45 am MST
12:00 – 12:45 pm CST
1:00 – 1:45 pm EST

Register Now.

Recently, the US District Court for the District of Columbia dismissed a proposed class action lawsuit brought by former Georgetown employees under the Employee Retirement Income Security Act of 1974 (ERISA) over fees and investments in its two retirement plans. Plaintiffs alleged that Georgetown breached its fiduciary duty of prudence under ERISA by selecting and retaining investment options with excessive administrative fees and expenses charged to the plans, and unnecessarily retained three recordkeepers rather than one.

The court dismissed most of the claims on the grounds that plaintiffs had not plead sufficient facts showing that they had individually suffered an injury. Because they challenged defined contribution plans (as opposed to defined benefit plans), the plaintiffs had to plead facts showing how their individual plan accounts were harmed. In this case, the named plaintiffs had not invested in the challenged funds, or the challenged fund had actually outperformed other funds, or, in the case of the early withdrawal penalty from the annuity fund, the penalty had been properly disclosed and neither plaintiff had attempted to withdrawal funds – thereby suffering no injury. Moreover, in dismissing the allegations that the Plans included annuities that limited participants’ access to their contributed funds, the court rejoined, “[i]f a cat were a dog, it could bark. If a retirement plan were not based on long-term investments in annuities, its assets would be more immediately accessed by plan participants.” As to another fund, the court rejected the claim that the fiduciaries should be liable for the mere alleged underperformance of the fund, noting that “ERISA does not provide a cause of action for ‘underperforming funds.” Nor is a fiduciary required to select the best performing fund. A fiduciary must only discharge their duties with care, skill, prudence and diligence under the circumstances, when they make their decisions.

Continue Reading Georgetown University Defeats Retirement Plan Fee Litigation and “If a Cat Were a Dog, It Would Bark”

On January 14, 2019, US District Judge Wendy Beetlestone in the US District Court for the Eastern District of Pennsylvania issued a nationwide preliminary injunction blocking the Trump administration’s carveouts to the Affordable Care Act’s (ACA) contraceptive coverage mandate. One day prior, US District Judge Haywood Gilliam in the US District Court for the Northern District of California issued a more limited injunction blocking the same carve outs from taking effect in 13 states plus the District of Columbia.

On October 6, 2017, the Trump administration issued rules that are the subject of these two decisions. The rules would have allowed employers to raise religious and moral objections to avoid the ACA’s requirement that contraceptive coverage be provided without cost sharing under their group health plans. Under the ACA, certain contraceptive products and services are included in the list of preventive services that must be covered by most group health plans without cost sharing. The available exemptions to this rule were limited.

Judge Beetlestone reasoned that the loss of contraceptive coverage would have resulted in “significant” and “proprietary harm” to the states by causing increased use of state-funded contraceptive services, along with increased costs associated with unintended pregnancies. Without the preliminary injunction, the Trump administration’s rules would have gone into effect on January 14, 2019. The preliminary injunction does not permanently block the rules, but rather it stops the rules from going into effect while legal challenges are being pursued. Judge Beetlestone indicated that she is likely to invalidate the rules, stating that the US Departments of Health and Human Services, Labor and Treasury exceeded the scope of their authority under the ACA by issuing the carve outs.

Charnae Supplee, a law clerk in the Firm’s Washington, DC office, also contributed to this post. 

The US District Court for the District of Columbia recently held that the Centers for Medicare and Medicaid Services (CMS) exceeded its authority by reducing Medicare payment rates for 340B drugs, but, because of the budget-neutral nature of the cuts, the court left implementation details of its order temporarily unresolved to avoid disrupting administration of the Medicare Hospital Outpatient Prospective Payment System. It remains to be seen what remedies the court will ultimately order and whether CMS will appeal the decision.

Access the full article.

In late December, US Senator Ron Wyden introduced the Retirement Parity for Student Loans Act (Student Loan Act), which would allow employers to make matching contributions under 401(k), 403(b) and SIMPLE plans with respect to student loan repayments made by employees. If enacted, this legislation would provide powerful new guidance for employers looking to offer student-loan-repayment-related benefits to their employees.

Last year, the Internal Revenue Service (IRS) released a groundbreaking private letter ruling (PLR) that helped to clear the way for employers to begin providing student loan repayment benefits as part of their 401(k) plans. More specifically, the PLR confirmed that, under certain circumstances, employers might be able to link the amount of employer contributions made on an employee’s behalf under a 401(k) plan to the amount of student loan repayments made by the employee outside the plan. However, the PLR only applied to the plan sponsor requesting the ruling and only addressed the specific issue and facts presented by the plan sponsor. As a result, although the PLR provided helpful guidance to employers, it also left many questions unanswered.

In response, many employers and industry groups have pushed for legislation that provides comprehensive guidance on how employers can and should structure student loan repayment benefits under their retirement plans. The Student Loan Act would address a number of the questions raised in response to the PLR and would provide employers more flexibility to offer student loan repayment benefits under their plans. In particular, the Student Loan Act would open the door for student loan repayments to be treated as elective deferrals under an employer’s plan and to qualify for corresponding matching contributions (rather than the special non-elective contributions described in the PLR). In addition, the Student Loan Act would clarify nondiscrimination testing requirements for student loan repayment benefits and address how student loan repayment benefits may be provided under not only traditional 401(k) plans, but also under safe harbor 401(k) plans, 403(b) plans and SIMPLE plans.

The Student Loan Act is part of the broader Retirement Security & Savings Act, which has bipartisan backing. The prospects for enactment of the Student Loan Act and Retirement Security & Savings Act are uncertain. Nevertheless, the release of the Student Loan Act, and its inclusion as part of the Retirement Security & Savings Act, shows that legislators are responding to employer demand and industry group efforts to seek further clarification on how they can provide employees with student loan repayment benefits under their tax-qualified retirement plans.

There is significant risk and exposure facing senior leaders charged with workplace and workforce management. As we launch into 2019, it is more critical than ever for in-house counsel and HR professionals to effectively manage ongoing risks and strategically plan for what’s ahead. To learn more, join our half-day forum and reception in one of our two locations this month.

January 29 – San Francisco, CA
January 31 – Los Angeles, CA

This interactive and forward-looking program fosters open discussion that will help you see around the corner and position your business to protect its interests. Key issues of focus will include:

  • Worker Classification: Complications Beyond the Front Page
  • Employee Mobility: Local Challenges with Global Implications
  • ERISA Plan Controversy: Rising Stakes for Those Unprepared
  • Your Attention, Please: Emerging Threats Lurk in Employment and Employee Benefits
  • #MeToo Take Two: Liability Beyond Title VII

Register today.

Late last year, the Ninth Circuit held that in order to trigger ERISA’s three-year statute of limitations a defendant must demonstrate that a plaintiff has actual knowledge of the nature of an alleged breach. Accordingly, the court held that merely having access to documents describing an alleged breach of fiduciary duty is not sufficient to cause ERISA’s statute of limitations to begin to run. Instead, the court rejected the standard embraced by other courts and ruled that participants should not be charged with knowledge of documents they were provided by did not actually read. The Ninth Circuit’s decision underscores circuit split over what is sufficient to demonstrate the existence of actual knowledge for purposes of triggering ERISA’s three-year statute of limitations.

Access the full article.