UBP blog


4 Items Employers Need to Know About the HIPAA Breach Notification Rules Effective 9/23

Filed under: HR compliance — ubpblogger @ 8:26 am
Tags: ,

Effective September 23, health care providers, clearinghouses and health plans that are “covered entities” under HIPAA must notify affected individuals in an event of a breach of their individually identifiable personal health information (PHI).

 This HIPAA Breach Notification Rule is essential for you to understand but it can be a pretty big pain for busy HR and IT professionals to digest and make sense of. To help you all out, we’ve put together a short list of things you need to know.

We’ve eliminated some of the “government-ese” from this blog entry to save you time (and help you avoid any headaches from all the confusion). However, since it is the law we’re talking about, we couldn’t quite get rid of it entirely (our apologies for that).

 Here are 4 items to know about the HIPAA Breach Notification Rule:

Item#1: If a breach involves data that is encrypted or de-identified, no one needs to be notified.

The new HIPAA Breach Notification Rule only applies to Personal Health Information (PHI) that is “unsecured”. They define “unsecured” as:

“not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by The Department of Health and Human Services [HHS].”

In order for data to no longer be “unsecured” it will need to be:

  • Digitally encrypted in accordance with National Institute Standards and Technology (NIST) standards (These standards can be found at http://www.csrc.nist.gov.)
  • In the case of electronic media, destroyed in accordance with National Institute Standards and Technology (NIST) standards
  • In the case of physical records containing PHI, shredded

De-identified personal health information is not actually PHI and therefore a breach of it would not need to be reported.

Item #2: If a breach falls under the following exceptions, no one needs to be notified.

  • Unintentional acquisition, access to or use of PHI by an employee acting under the authority of a HIPAA Covered Entity or Business Associate (provided that it was done in good faith and is not further used and/or disclosed in violation of the privacy rule).
  • Inadvertent Disclosure of PHI from a person authorized to access it at a Covered Entity or Business Associate  to another person at the same organization who is authorized to access the PHI (provided that the PHI is not further used and/or disclosed in violation of the privacy rule).
  • Instances of unauthorized disclosure where the Covered Entity or Business Associate has a good faith reason to believe that the person the information was disclosed to was not reasonably able to retain the information.

Item #3: If a breach does not pose a risk to an individual, no one needs to be notified.

To determine if a breach poses a significant financial, reputational, or other risk to affected individuals, HIPAA covered entities will need to go through a risk assessment.

Item #4: For a reportable breach ( i.e. one that doesn’t fall under the 3 conditions mentioned above), the following entities must be notified:

  •  Department of Health and Human Services (HHS)
  • All individuals whose PHI was affected by the breach (Individuals must be notified in writing and on their company’s website.)
  • If the breach compromised the PHI of 500+ individuals (or if you cannot find the affected individuals you’ll need to contact), the media must be notified.

Although this new rule goes into effect this month, sanctions will not be imposed on it until after February 22, 2010. In the meantime, employers and HR teams should:

  • Update HIPAA privacy policies and procedures as required by the new rules
  • Have a plan in place for the event that a breach of PHI does occur
  • Make sure everyone is trained on it


New mandate on dependent eligibility, Michelle’s Law, goes into effect October 9, 2009

Filed under: HR compliance — ubpblogger @ 9:09 am
Tags: , ,

On October 9, 2008, then-President George W. Bush signed Michelle’s Law ensuring full-time students who take a medically-necessary leave of absence do not lose their health insurance coverage as a result. This new law is effective for plan years beginning on or after October 9, 2009.

Brief History of the Law:

Michelle’s Law was named after Michelle Morse, a full-time college student at the University of New Hampshire who had colon cancer. Despite her doctor’s orders, Michelle remained a full-time student while she underwent chemotherapy. She did this so that her chemotherapy would be covered under her parents’ health insurance plan.   

What the Law does:

Starting October 9th of this year, Michelle’s Law will provide that group health plans may not terminate coverage for a dependent child that is a full-time student if he or she:

  • Takes a medically-necessary leave of absence
  • Drops to part-time student status due to a medically-related condition

The leave of absence (or drop from full-time to part-time student status) must:

  • Be medically necessary
  • Start when the child is suffering from a serious illness or injury
  • Cause the child to otherwise lose coverage under his or her parent’s health insurance plan

In order to maintain health insurance coverage under Michelle’s Law:

–          The dependent child must have been a full-time student immediately prior to his or her leave of absence.

–          The child’s physician must give verification in writing that the leave of absence is medically-necessary.

With the passage of Michelle’s Law, students suffering from acute illness and injury will no longer be forced to balance the suffering of their conditions with the pressures of being a full-time college student.  Instead, they will be given medical coverage for one full year from the declared dates of their leaves of absence.


What employers need to know about the “Balancing Act”, a paid-FMLA bill with a good chance of passing.

Filed under: FMLA,HR compliance — ubpblogger @ 12:10 pm
Tags: , , , ,

There’s been a good amount of talk recently about the “Balancing Act of 2009”, a bill proposed by  Democrat Lynn Woolsey that seems to have a strong chance of passing.

 This bill incorporates portions of the Family Leave Insurance Act allowing eligible employees 12 weeks of paid leave over a 12 month period for the following purposes among others:

  • To care for their own illness
  • To care for a sick family member or new child
  • To place a child up for adoption or foster care
  • To address a “qualifying exigency” arising from a family member’s call to active duty
  • To care for a relative who is a wounded veteran

 If the “Balancing Act” becomes a law, employers in all 50 states would need to know about quite a few significant FMLA-related changes.

A few noteworthy ones are as follows:

  •  The terms of FMLA coverage for “family wellness” related leave (as outlined in the Family and Medical Leave Enhancement Act) would be extended to employers with 25+ employees from the original 50+ employees.


  • Borrowing from the Healthy Families Act eligible employees at companies with 15 or more employees will earn one hour of paid six leave per-30 hours worked (not to exceed 56 hours, or 7 days, per-year).


  • Eligibility for the paid leave covered under the Balancing Act would be extended to certain part-time and temporary employees not previously included. It would be extended to include employees working 1,050 hours or more in a given calendar year (up from employees working 1,250 hours or more in a given calendar year).

How will employees’ 12 week paid leaves be funded? 

Under the Family and Medical Leave Act (FMLA), The U.S. Department of Labor would manage a joint fund between employer and employee and 0.2% of employee earnings would be put towards the fund


Does your company have a severance pay policy?

In these tough times especially, it is highly recommended that employers have set guidelines in place to govern severance pay.

For employers and HR professionals that may not have a severance policy in place, we’ve answered a few questions for you on what you should know about severance. Specifically, we’ll touch on when you need to pay it, to whom you need to pay it, and when you need to spell out your policy in writing.

Are we required to pay severance?

Unless you have a contractual obligation (i.e. a collective bargaining agreement or an explicitly written promise to pay severance in employee handbooks or policy documents), you are generally not required by law to pay severance.

Who should be eligible for severance?

Generally speaking, severance packages should be given to employees as assistance to help them cover expenses while they are searching for a new position after being involuntarily terminated for reasons beyond their control. Examples are employees who were laid off as a result of a plant closure or whose jobs were eliminated entirely.

Limiting eligibility for severance pay to full-time, permanent employees who meet length of service requirements (such as a one year of service minimum) is common in many organizations.

Severance should not generally be offered to employees terminated for performance reasons or in most cases, for violating work rules. Also, it should not be offered to employees who voluntarily terminate employment (or refuse a transfer) for reasons other than a major pay cut or significant negative changes in working conditions.

Do we need a written severance policy?

Since most severance plans are covered by the Employee Retirement Income Security Act (ERISA), they should generally be in writing. Plans are subject to ERISA when they involve a significant amount of discretion on the part of the employer to determine employee eligibility and the amount of severance benefits payable to employees for different triggering events. This type of plan is contrasted to one that is applicable to a single large-scale event (i.e. a major plant closure).

In terms of what goes in the employee handbook, some employers keep their written severance policies short and sweet, leaving the detailed benefits-related information to the benefit plan material. They then include a reference to the benefit plan material in the handbook and a call to action for employees to direct any inquiries they might have to the HR department.

In any and all handbook references to severance pay, it’s vital that you make it clear that not all employees will meet the eligibility requirements necessary for automatic entitlement to severance pay. You should also make sure you have an attorney review your severance policy to make sure it complies with federal and state laws.

What is the number one thing employers can do to prevent sexual harassment lawsuits from ever happening?

Filed under: company policies,HR compliance — ubpblogger @ 9:51 am

How about training supervisors to listen to employees’ initial complaints and take them seriously?

This is a nearly surefire way to keep your company out of trouble because when employees don’t think their supervisors are taking their sexual harassment complaints seriously, they are likely to complain to someone outside of the company. The majority of the sexual harassment claims filed with the EEOC in 2008 were based on supervisors not responding to initial complaints.

Here are a few other important things to remember about sexual harassment in the workplace.

Sexual Harassment is more than just “asking another employee for sex”:

In order to effectively respond to sexual harassment complaints and avoid costly “misunderstandings”, employers need to have a broader understanding of what constitutes sexual harassment.

Many supervisors believe that sexual harassment only occurs in the context of an employee explicitly “asking another employee for sex”. Although these are serious issues that must be addressed immediately, they represent only the tip of the iceberg. The EEOC states that sexual harassment includes:

“unwelcome sexual advances, requests for sexual favors, and other verbal or physical conduct of a sexual nature…when this conduct explicitly or implicitly affects an individual’s employment, unreasonably interferes with an individual’s work performance, or creates an intimidating, hostile, or offensive work environment”

Good employees can do not so good things:

Employers should not be reluctant to reprimand a high-performing and well-liked employee if an investigation of a sexual harassment complaint about them finds some level of truth for the complainant. Some employers might fear that the top employee’s performance or retention might be adversely affected by delivering a reprimand or other consequence for their prohibited actions.

Despite any concerns that they might have, employers should not allow an employee to victimize anyone else in the workplace for reasons of business convenience. No matter how much revenue a top performer generates for a company, that can all be paid out in the legal costs and settlement of a serious sexual harassment case.

It doesn’t just happen to women:

In 2008, the EEOC received 13,867 sexual harassment charges, 15.9% of which were filed by males. When creating and enforcing a sexual harassment policy, employers should take this statistic into account.

The Victim does not necessarily have to be the person harassed:

According to the EEOC, a victim of sexual harassment could be “anyone affected by the offensive conduct”.

The best remedy is prevention:

The best remedy for sexual harassment related issues is prevention and prevention starts with good communication. Clearly communicate to employees what constitutes sexual harassment in your workplace and that none of it will be tolerated.

Some things that employers can do to be proactive about sexual harassment in the workplace is to clearly communicate their company’s sexual harassment policy, and make it easily accessible to all employees. They should also provide employee training and establish a complaint procedure that provides as much confidentiality as possible to the employee that complains, yet addresses the issue immediately.

The Family Caregivers Act: How to walk the “slippery slope” when considering employment candidates you know have caregiver responsibilities

Filed under: HR compliance — ubpblogger @ 9:37 am

According to the Family Caregiving Alliance, at least 7 million Americans are caring for a parent at any given time. Between one-third to one-half of all caregivers are also employed outside the home and 12 percent eventually quit their jobs to care for a loved one full-time. Negative effects of working caregivers include taking time off from work to provide care to a loved one, decreased productivity and absenteeism due to stress-related illnesses to which they are more susceptible.

However, when hiring an employee you know has caregiver responsibilities, HR Managers should be careful not to assume that such responsibilities will get in the way of their ability to fulfill workplace responsibilities. If you clearly articulate the job duties and ask the candidate if he or she is able to perform them, and the candidate says “yes”, then it is not your responsibility to find out how. Most candidates will not take a job that they know they may be unable to perform. In other words, they won’t set themselves up to fail and get fired.

The Equal Employment Opportunity Commission (EEOC) has had an increase in the number of lawsuits and complaints against family caregivers, especially when such caregivers are female. In light of this, HR Managers should avoid:

  • assuming that female workers’ caretaking responsibilities will interfere with their ability to succeed in a fast-paced environment
  • assuming that female workers who work part-time or take advantage of flexible work arrangements are less committed to their jobs than full-time employees
  • assuming that male workers do not, or should not, have significant caregiving responsibilities
  • assuming that female workers prefer, or should prefer, to spend time with their families rather than time at work
  • assuming that female workers who are caregivers are less capable than other workers
  • treating female workers without caregiving responsibilities more favorably than female caregivers
  • steering women with caregiving responsibilities to less prestigious or lower-paid positions
  • treating male workers with caregiving responsibilities more, or less, favorably than female workers with caregiving responsibilities
  • denying male workers’ requests for leave related to caregiving responsibilities while routinely approving female workers’ requests

The above mentioned instances have show up frequently in lawsuits and have been offered by the EEOC as best practices when considering individuals with caregiver responsibilities for employment.

Have any of these (or similar) scenarios been acted out in your company? If so, how did your HR team handle them?

Should you pay employees overtime for job-related online training?

Filed under: HR compliance — ubpblogger @ 9:33 am
Tags: ,

Companies throughout the U.S. are offering convenient online training and many employees are opting to complete their assigned online training sessions after work hours away from home. If you—the employer—make online training mandatory, and your employees opt to do the training after work, when do you need to pay them overtime and when do you not?

The U.S. Department of Labor (DOL) recently issued a ruling in an opinion letter in response to a case where an employer required some employees to take training via the web. The company in question was a communications company that “employs technicians who install, monitor, and service voice and data communications circuits”. The company was using a networking system manufactured by an outside firm.

The outside firm offered a voluntary training on its most advanced version of the networking system during working hours and employees would be compensated for participation. However, in order to participate in the on-site training, employees needed to complete four pre-requisite online course modules estimated to take 10 hours to complete.

It was determined that, although completion of the voluntary training would enhance employee performance, employees would still be able to adequately perform job duties without taking it.

The DOL stated in their opinion letter that, the company did not have to pay OT for any type of training if ( and only if) all of the following criteria were met:

  • Attendance is outside of the employee’s regular working hours;
  • Attendance is in fact voluntary;
  • The course, lecture, or meeting is not directly related to the employee’s job; and
  • The employee does not perform any productive work during such attendance.

The company in question did not meet the third criteria (as the training was directly related to the technicians’ jobs) and therefore was not freed from the obligation to compensate them for the work performed.

What do you think about the DOL’s decision in this case?

With the increasing popularity of training online, has your company encountered a similar situation?

E-Verify Deadline Postponed to June 30

Filed under: HR compliance — ubpblogger @ 9:18 am

The US Homeland Security Department (DHS) has, for the third time, pushed back the deadline for implementing the final rule for employers to use the E-Verify employment verification system. The rule was originally scheduled to go into effect January 15, 2009, was initially pushed back to February 20, then to May 21 and now will go into effect six weeks later on June 30.

What is the E-Verify system:

The E-Verify program is jointly run by the DHS and Social Security Administration. It enables employers to quickly and easily verify the work authorization of their new hires. Using the newly-revised I9 form, employers submit Social Security numbers for new hires to the E-Verify system. If the system indicates that there is a match, the employee is deemed eligible to work, if not, procedures are set into place for further assessments.

Under the new DHS rule, if an employer fails to follow a set of “safe harbor” procedures, Immigration and Customs Enforcement (ICE) can use an employer’s receipt of a “no match” letter alone as evidence that he or she had “constructive knowledge” that the employee in question is not authorized to work in the United States.

The issue with E-Verify:

The E-Verify system is considered controversial because of its high error rates. Business and immigrant advocacy groups argue that system errors could potentially result in millions of workers being wrongly identified as not authorized to work in the United States. Also, they state that requiring the use of E-Verify before hiring would impose a cost burden on employers and open them up to possible lawsuits.

On the other end of the spectrum on this issue, as reported by USA Today in March 2009, are studies by two conservative think tanks estimating that individuals not authorized to work in the United States could take approximately “15% of the 2 million jobs that new taxpayer-financed projects are predicted to create” if E-Verify is not implemented.

As you can see, the issue surrounding E-Verify is a complicated one. Risk having millions of workers wrongfully classified as ineligible to work in the United States or risk having hundreds of thousands of jobs go to illegal immigrant workers when unemployment rates are the highest they’ve been in decades.


The HR in a Box™ HR Forums allow employers to tap into seasoned policy and compliance expertise.

No HR decisions concerning policy violations or job performance ever occur in a vacuum.  Wrongful terminations are often grounds for legal action, especially when injury, illness and disability are involved. HR Managers face complex scenarios every day, especially given the current economy where cost cuts and layoffs are occurring more frequently than ever. 

The HR in a Box™’s HR Forum allows experienced and novice HR professionals alike to make complicated judgment calls backed by the advice and support of HR experts. The Forum’s most vibrant participants make themselves available and accessible to answer your toughest questions based on prior knowledge and past experience.  Do you ever feel uncertain because the HR decisions you’re making for your company are based on zero precedent? With the HR Forum, this will no longer be the case. Many of our participants have been human resources professionals for more than a decade and can speak from multiple experiences with your most taxing situations.

HR Forum participants are employed in all 50 states so state-specific discipline, performance, termination and policy issues can be accurately addressed on a state-by-state basis. Do you know the subtleties of your state’s employment laws and regulations? If you’re unsure about these, let our Forum experts clarify the essential information for you. Think of the HR Forum like being back in school only now, when you have a question, thousands of “teachers” from across the nation will hear you ask it.

Universal Benefit Plans’ leading-edge employee benefits and HR management solution The HR in a Box™ not only strengthens your HR decision-making capabilities through expert opinion and accurate, up-to-the minute information delivery, it also eliminates manual benefits administration, empowers employees through 24/7 self-service access to clear and comprehensive benefits communication and serves as a mechanism for uniform delivery of HR communication.


« Previous Page

Blog at WordPress.com.