UBP blog

02/23/2010

To prevent identity theft at work you need to know where the thieves will go

Identity thieves can steal personal information from you at work, in public, online or even from your home (a place that so many of us think is a safe haven). The first step to protecting your information in all these places is knowing where the thieves will go to get their hands on it.

Let’s start off by looking at the workplace.

Personal information in any given workplace is vulnerable to the prying eyes and hands of permanent staff, temporary and contract workers or even the after-hours custodial staff that comes in and cleans the building every night.

If there’s an identity thief lurking in and around your workplace, chances are they’ll go for one of the following.

  • Unattended Personal Belongings: This includes both unattended purses and wallets as well as easily accessible personal documents employees may either keep at work of bring with them to work.
  • Employee personnel files: Any employee with access to the personnel files that are kept in HR has easy access to employees’ Social Security Numbers and DOB’s as well as a host of other data ID thieves may use to commit fraud. 

Data in personnel files is especially vulnerable to threats from within an organization. A disgruntled employee or even a temp worker could steal employee personal information, sell it to an identity thief or use it themselves to commit fraud.

Effective monitoring is the key:

The information above goes to show that employers should carefully monitor access to all employee personal information. Certain vital details such as who has access to this information, how long they have access to it and what precise business or compliance need their access to this information will fulfill should be spelled out clearly in your Written Information Security Plan required by Massachusetts law 201 CMR 17.00 (which is enforceable the first of next month).

On top of this, employers should communicate to employees the importance of consistently monitoring all accounts they have in their name, checking for any unauthorized activity or the presence of any new accounts that they didn’t open themselves.  

Individuals who steal your identity or credit card numbers depend on you not to look too closely at your bills and ensure that every charge on them was actually yours. “Small” charges of under $100 are often less scrutinized than larger amounts and thieves know this. That’s why you should never just “excuse away” unfamiliar and unauthorized charges, just because they appear small.

Deadline for Massachusetts Identity theft law 201 CMR 17.00 is just a week away:

One week from today, all businesses that “own, license, store or maintain” personal information on any Massachusetts residents must be fully compliant with the Commonwealth’s identity theft law 201 CMR 17.00. Is your company compliance-ready, and can you prove it to the auditor who may come knocking at your door?

To help Massachusetts businesses get compliance-ready, Universal Benefit Plans has partnered with local employment law firm Foley and Foley to offer a complimentary 30 minute compliance review for qualifying companies. Call us at 617-859-1777 to learn more and see if your company qualifies.

Advertisements

02/11/2010

Do you know what the five costliest health conditions are?

As an employer, when asked what the five costliest health conditions are what do you think would top your list, cancer and heart disease, correct? It depends on what factors you look at to determine cost.

The Journal of Occupational and Environmental Medicine (JOEM) recently published a study revealing that employers who focus solely on employees’ direct medical and pharmacy costs in creating cost-containment strategies are missing a major component of the picture. These findings were based on data from over 51,000 employees and 1.13 million medical and pharmacy claims.

Where employers could be missing the point:

Employers who just consider direct medical costs are missing out on “presenteeism” costs. These costs are incurred when workers have health conditions that aren’t severe enough to keep them home. They come into work, cannot perform their jobs at full tilt and cause a drain on company productivity. 

In fact, for every dollar spent on employees’ direct medical and pharmacy costs, employers can expect roughly $2.30 in productivity related costs.

The  JOEM study found that when considering direct medical and drug costs alone, the top 5 conditions driving health care costs up are:

  • Cancer (other than skin cancer)
  • Back/neck pain
  • Coronary heart disease
  • Chronic pain
  • High cholesterol

This means that those of you who guessed cancer and heart disease got numbers 1 and 3 on this list.

But, when they factor health-related productivity costs, the top 5 conditions driving health care costs are:

  • Depression
  • Obesity
  • Arthritis
  • Back/neck pain
  • Anxiety

In light of these findings, what’s one major step employers can take to improve productivity and bottom-line results?

When developing your overall employee health strategies and disease management programs, make certain to first recognize and prioritize these conditions. That way you can create targeted solutions that address them head on and save health care dollars in the long run.

These solutions are just a small component of Benefit Plan Optimization (BPO™). So many employers out there are paying too much for their benefits and getting far too little in return. They’re definitely not getting the most out of their benefits and our 13 point diagnostic test could be just what the doctor ordered.

Call us now at 617-859-1777 to schedule yours or visit our website www.universalbenefitplans.com and fill out one of our contact forms letting us know your biggest benefits problem. We’ll certainly get in touch with you ASAP to discuss possible solutions.

01/28/2010

One very costly ERISA mistake most 100+ employee companies are making

Most U.S. employers with 100 or more workers don’t comply with ERISA regulations, which can result in some very steep federal fines that add up fast.

The Employee Retirement Income Security Act (ERISA) has strict requirements for employers that sponsor 401(k), group life, medical, dental and disability plans to report certain financial information on these plans to the Department of Labor (DOL) using Form 5500.

However, public records reveal that of the approximately 110,000 businesses that employ 100+ individuals, roughly 60,000 (or 55%) have not filed Form 5500.  These findings are according to a study done by Atlanta-based ERISA Pros.

What this means for employers:

If your company is one of the many that fails to file Form 5500 on time, the DOL can fine you up to $1,100 for every day that it’s late. This $1,100 applies separately for each of your benefit plans, is not subject to the statute of limitations and is not tax deductible. In other words, you could end up owing a lot of money.

For instance, an employer that sponsors a 401(k), medical plan, dental plan, group life and disability plan could owe the DOL over $100,000 for filing Form 5500 just 30 days late.

Also, beginning in 2010, employers are required to file all Plan Year 2009 and subsequent Form 5500s electronically using the Department of Labor’s EFAST2 system. This will make it a lot easier for the DOL to ensure compliance and enforce penalties.

Summary Plan Descriptions:

Last but not least, as many employers know, ERISA requires all employers sponsoring any of the benefit plans mentioned above to disclose benefit-related information to Plan participants via Summary Plan Descriptions.  Many ERISA specialists believe that the rate of employer compliance for this requirement is even lower than that of filing Form 5500.

The Department of Labor is slated to hire 1,000 new employees for 2010, 678 of whom will be investigators. So employers, start taking all the necessary steps for ERISA compliance now before the DOL comes knocking at your door.

01/26/2010

Could the encryption law go nationwide?

As many employers know, Massachusetts Regulation 201 CMR 17.00—enforceable as of March 1, 2010 requires all businesses that “own, license, store or maintain” personal information on Massachusetts residents to:

  1. Digitally encrypt all records containing personal information
  2. Create and implement a Written Information Security Plan (WISP) outlining administrative, technical and physical safeguards for personal information protection
  3. Update all firewalls and system security measures on all computers that store and process personal information

Although Massachusetts’ identity theft law is the strictest in our nation to date, there could soon be a Federal law not too unlike 201 CMR 17.00—although the details of this law haven’t quite been ironed out yet.

The Personal Data Privacy and Security Act of 2009:

Senator Patrick Leahy, a Vermont Democrat, is sponsoring a bill called the Personal Data Privacy and Security Act of 2009.

The bill contains the following provisions:

  • New Data Protection Standards: Private and government entities that keep personal data would be required to establish effective programs for ensuring that it’s kept confidential. These requirements include risk assessment and vulnerability testing as well as measures for controlling access to sensitive information, detecting and logging unauthorized personal information access, and protecting personal data both in transit and at rest.
  • New Federal Breach-Notification Standard: If a breach were to happen, companies would not only need to notify all individuals whose data was compromised, but in some cases, credit reporting agencies and the United States Secret Service as well.
  • An Office of Federal Identity Protection would be established as part of the Federal Trade Commission (FTC) to monitor data breaches and enforce identity theft law.
  • Breach notification exemptions: The law would provide private and government entities that have taken adequate measures to protect sensitive data (i.e. encryption) some exemptions from data breach notification requirements. Also, companies would not be required to immediately make a data breach notification if it gets in the way of a criminal investigation. However, both of these exemptions will need to be vetted by the US Secret Service.
  • Criminal penalties for executives that willfully conceal a data breach: Executives of companies that experience a data breach and willfully avoid notifying affected parties would be subject to criminal penalties under this new law.

Federal ID theft law will likely pre-empt state laws:

One major point to note about this bill is that if passed, it would pre-empt (i.e. nullify) state identity theft and data breach notification laws. This means that the rules of data security could change quite a lot for Massachusetts employers, although it hasn’t been established quite how much they’d change.

The Personal Data Privacy and Security Act of 2009 was approved November 2009 by the Senate Judiciary Committee and is currently under consideration by the full Senate.

We will keep very close tabs on Congress’ progress with this law and keep you posted on any major changes that occur.

01/11/2010

Starting January 1, there’s a new penalty for failing to report payments to Medicare beneficiaries

Starting January 1, 2010, any Responsible Reporting Entity (RRE) that fails to comply with a new requirement for reporting Medicare payments to Medicare-eligible individuals for resolution of medical expense claims could face a steep penalty–$1,000 per-day the expenses go unreported.

Background on Medicare and reporting requirements:

As many of us know, Medicare is a government-funded health insurance program for individuals ages 65 and up but is not intended to be their primary health insurance (i.e. Medicare should be a “secondary payer”).  In December of 2007, then President Bush signed into law the “Medicare, Medicaid and SCHIP Extension Act of 2007” (MMSEA) to determine when Medicare beneficiaries had received reimbursements for medical expenses which Medicare could recoup.

The act requires an RRE to register with the Centers for Medicare and Medicaid Services (CMS) Coordination of Benefits Contractor (COBC) and electronically file the following information on third-party claims involving payments to Medicare-eligible claimants:

  • Identifying information about the individual (i.e. Social Security Number)
  • The amount paid to the individual to resolve all or part of the claim

The RRE’s payment is called the Total Payment Obligation to Claimant (TPOC).

Why employers need to know about this:

On or after January 1, any employer that is self-insured for all or part of any claim for medical expenses becomes an RRE and is subject to the new reporting requirements. This includes personal injury claims and can include claims for discrimination or harassment.

Employers, if the above applies to you and you employ any Medicare-eligible individuals, take the following 4 steps to help you ensure your compliance and avoid costly fines.

  1. Consult with your insurance carriers and attorneys that handle your insured liability claims. The purpose of this is to make sure everything is in place for you to report all necessary information for TPOC claims made on or after 1/1/2010.
  2. Examine your claims history to see if any demands could be made against your company for personal injury. If there have been, you should register with COBC and begin the process of filing claims information. If there have not been any such claims, you should still keep a watchful eye out for any that come in the future.
  3. If there are any claims pending against you for which you may be required to make a payment, you’ll need to determine whether or not the individual making the claim is a Medicare beneficiary.
  4. Whenever you make a payment to a Medicare-eligible individual settling a claim for personal injury or medical expenses, you’ll need to report all necessary information to COBC promptly.

01/07/2010

Identity theft in the workplace is more common than you think

And it can come from many different people, from a dishonest co-worker, to a temp working in HR, even a visitor to your office building.  If you’re not careful, any of these people can have access to your personal information—and who knows what they’ll do if they get their hands on it.

To keep sensitive information from falling into the wrong hands, here are 3 steps employers and employees both should take:

  1. Keep your personal property in a safe place: Don’t leave your personal belongings such as purses, wallets and laptops unattended. Either have them on your person at all times or keep them in a locked place to which  only you have the key. Also, make sure all documents you have containing personal  information are either on an encrypted computer or stored in a locked file cabinet. When you’re away from your desk, make sure you never leave one of these files open on your computer or one of these cabinet drawers open.
  2. Always assume your work computer is being monitored:  That’s because many employers will routinely scan the content of employees’ email and monitor their Internet use. Because of this, employees should never use their work computers to access password-protected personal accounts, do online banking, send non work-related emails containing personal information or store documents with personally identifying information.
  3. Maintain strict information security policies at your workplace: Among many other things, employers should restrict access of employee personnel data to authorized individuals only and make sure all files containing personal information are stored on encrypted computers, locked file cabinets or secure offsite facilities.

They should also educate employees on all information security measures they’re taking, train employees on their data security responsibilities and require them (as part of their jobs) to obey the data security policy.

12/28/2009

IRS dollar limits for 2010, what changes and what remains the same

The new year is fast approaching and it will bring on many new changes for employers and employees both. However, the following are two things you can count on to stay the same.

  1. Maximum contribution levels for 401(k) and other defined contribution plans: Due to the falling cost-of-living index, maximum retirement plan contribution rates will be the same in 2010 as they were in 2009. This means that plan participants will be able to contribute up to $16,500 to the plans in 2010. Also, the dollar limitation for catch-up contributions to an employer defined contribution plan for individuals ages 50 and older will stay the same at $5,500. 
  2. Annual dollar limits to employer-provided transportation plans: As was the case in 2010, the IRS has set $120 per-month as the maximum value of excludable benefits under a qualified commuter benefits plan and $230 as the monthly limit for qualified parking benefits.

These two mentioned above, and virtually all of the IRS’ other annually indexed limits, will remain unchanged for 2010 with a few exceptions.

  • The 2010 out-of-pocket maximum limit for HSA (Heath Savings Account) qualifying high deductible health plans will be $5,950 for individuals (up $150 from 2009 limits) and $11,900 for families (up $300 from 2009 limits)
  • The 2010 maximum excludable amount on an employer-provided adoption assistance program will go up slightly as well to $12,170 (up $20 from last year).

We all know that as employers, you have a lot of minimums, maximums and rules to keep track of to make sure all the benefits you offer comply with all state and Federal regulations. You can count on us to keep you posted if anything changes for the upcoming year.

Share this with your employees:

Employers, feel free to copy and customize this blog for distribution to your employees. You may want to add additional financial information that’s specific to your company, such as the amount or timing of your retirement plan contributions.

Employees will find this useful at the beginning of the year as they review their past finances for tax purposes, plan for the upcoming year and set New Year’s resolutions about money.

12/22/2009

New defense bill extends COBRA subsidy and subsidy eligibility

Inside the new $626 billion dollar defense bill that Congress just passed (and the President is expected to sign) is a provision extending the American Recovery and Reinvestment Act (ARRA) COBRA subsidy.

For assistance eligible individuals (AEIs), the new legislation will:

  • Extend the eligibility for the 65% COBRA subsidy from December 31, 2009 to February 28, 2010 (making workers whose COBRA eligibility begins on or before 2/28/2010 now eligible for the subsidy)
  • Adds 6 months to the 9 month period during which the federal government would pay the 65% subsidy to Assistance Eligible Individuals’ COBRA premiums

Also, the legislation will give beneficiaries whose subsidy ran out and who did not pay the full COBRA premium, a second chance to opt for coverage. For example, if an AEI’s subsidy eligibility ran out on November 30, 2009 and they did not pay the regular, unsubsidized COBRA premium for December, they could opt to pay their 35% share of the premium in January and get coverage for December.

What employers need to do:

Provided that President Obama signs this bill into law, employers will need to do the following:

  • Notify current and future COBRA beneficiaries of the new 15 month subsidy
  • Notify current and future COBRA beneficiaries of the subsidy’s new deadline of February 28, 2010

 The ARRA Act COBRA subsidy has greatly increased the number of terminated employees who take COBRA.

As employers, you should expect a high percentage of those who elected COBRA under the subsidy plan and have not found employment yet to continue COBRA under this extension. So don’t be guilty of failure to notify them about this benefit.

12/10/2009

DOL ‘s new COBRA subsidy guidelines and what they mean for workers laid-off in December 2009

The American Recovery and Reinvestment Act (ARRA) COBRA subsidy President Obama signed back in February will soon come to an end for those who aren’t already qualified.  To clear up any confusion that may arise from this, the Department of Labor (DOL) released two FAQs  to guide employers on determining eligibility.  

The first FAQ states that in order for employees to be eligible for the 65% COBRA subsidy, they must satisfy two conditions:

  1. They must have been involuntarily terminated between September 1, 2008 and December 31, 2009
  2. They must have been eligible to receive COBRA during that period

The second condition is where the confusion lies.

Many employers allow laid-off employees to remain on the company’s health insurance up until the end of the month in which they were terminated. As a result, they don’t become eligible for COBRA coverage until the first day of the month after their termination. 

So, an otherwise Assistance Eligible Individual (AEI) who is laid-off on any day in December 2009 would not be eligible for the 65% COBRA subsidy—that is, if his or her company allows employees to stay on their health plan through the 31st.

The second FAQ states that AEI’s whose COBRA eligibility begins in December 2009 or earlier are eligible to receive the subsidy for up to nine months as long as they remain qualified. So, an employee who’s laid-off in November may be eligible to receive the COBRA subsidy all the way up through August 2010 as long as they’re qualified.

Although bills have been proposed in Congress to lengthen the COBRA subsidy for AEIs, lengthen the time period for COBRA eligibility, and up the amount of the subsidy from 65 to 75 percent; no changes to the COBRA law have been made to date. However, as soon as any new laws are passed, you can count on us to keep you posted.

12/08/2009

New genetic non-discrimination law GINA took effect December 7, 2009

Title II, the employment-related provision of the Genetic Information Non-Discrimination Act of 2008 (GINA) took effect yesterday, December 7, 2009.

This provision prohibits employers from:

  • Using genetic information to make decisions in “hiring, promotion, discharge, pay, fringe benefits, job training, classification, referral, and other aspects of employment” for all employees and/or job applicants
  • Requesting or requiring employees and/or job applicants to undergo genetic testing

 According to the EEOC, genetic information includes the following:

  • Information about an individual’s genetic tests
  • Genetic tests of an individual’s family member
  • Family medical history (Do any of your insurers ask if you are aware of employees whose family history includes certain diseases?)

Genetic information does not include:

  • Information about the age and gender of an individual and his or her family members
  • Information that an individual currently has a disease or disorder
  • Tests for alcohol or drug use

In addition to prohibiting genetic testing requirements, GINA also comes with confidentiality requirements for any genetic information that an employer possesses.

To comply with GINA, employers must do the following two things:

  1. Post a notice with GINA information: The EEOC has released a poster to help employers comply with the new GINA requirements.
  2. Update their nondiscrimination policies to include GINA’s employer provisions.

 

Next Page »

Create a free website or blog at WordPress.com.