Dental and Vision Coverage Under the Affordable Care Act

MUCHblue

 

Many employers are unaware of how dental and vision insurance coverage fit within the Affordable Care Act (ACA). This article unravels these rules.

ACA does not mandate dental and vision insurance for adults. For children under age 19, the rules are different. In the exchanges and the individual and small-employer markets, dental and vision insurance are generally required for children under age 19. This requirement does not apply to large employers with 50 or more employees.

Individuals and Small Employers

Effective January 1, 2014, for the small employer and individual market, ACA requires non-grandfathered health plans to cover a specific group of health benefits known as“essential health benefits.” There are ten benefit categories, of which one is pediatric services. Pediatric services include dental and vision care for children under age 19.

Children in this age group are entitled to teeth cleaning twice a year, x-rays, fillings and orthodontia if medically necessary. (It should be noted that there is not a single definition of “medically necessary.”) In addition, children under age 19 can annually get an eye exam and one pair of glasses or contact lenses. There is no requirement under ACA that health plans provide dental and/or vision coverage to individuals age 19 and over.

The Exchanges

Except as provided below, health insurance plans offered within an exchange must include pediatric dental and vision benefits. If the exchange has a stand-alone dental plan providing pediatric dental benefits, the health insurance plan does not need to offer this benefit. The exchanges do not have stand-alone plans for pediatric vision benefits.

Under the federal exchanges, when the dental insurance is a stand-alone plan, employers and individuals are not required to purchase it. State exchanges may provide otherwise. There are no subsidies for stand-alone pediatric dental plans.

Planning tips:  

  1. It may be more cost effective to purchase a stand-alone dental policy. When the health plan includes dental coverage, certain dental expenses may not be covered until the medical deductible is satisfied.
  2. If dental and vision coverage is desired for adults, the health plan should be carefully examined because the law only requires pediatric dental and vision coverage. If dental and vision insurance for adults are not covered in the health plan, the adults must purchase a stand-alone policy.

Employers With 50 or More Employees

Currently, health plans for large employers with 50 or more employees are not required to provide essential health benefits. Instead, health plans for large employers must offer “minimum essential coverage.” If this coverage is not affordable and meaningful, beginning in 2015, the employer may be subject to a monetary penalty.

The term minimum essential coverage is defined very broadly under ACA. Virtually any health plan offered within a state that is offered to at least 95% of the employer’s full-time employees and dependents constitutes minimum essential coverage. There is no requirement under ACA that dental or vision benefits must be offered in these health plans. Unlike the exchanges and the individual and small employer markets, dental and vision care for children under age 19 are not required.  Although not required, most large employers offer dental and vision coverage to their employees.

Article By:

William N. Anspach, Jr.

Of:

Much Shelist, P.C.

IRS Announces Modification to “Use-It-Or-Lose-It” Rule for Health Care Flexible Spending Accounts

Dickinson Wright Logo

On October 31, 2013, the Internal Revenue Service (“IRS”) announced a modification to the “use-it-or-lose-it” rule that applies to health care Flexible Spending Arrangements (“FSAs”) under a cafeteria plan. Under the use-it-or-lose-it rule, unused amounts in a participant’s health care FSA for a plan year not used to pay eligible medical expenses incurred during the plan year were required to be forfeited to the employer, unless the employer adopted the 2 1/2 month grace period. The grace period rules permit participants to use amounts remaining from the prior year to pay eligible medical expenses incurred during the first two months and 15 days immediately following the end of the plan year (March 15 for a calendar year plan).

The New Carryover Provision

Under the new rule, an employer, at its option, may permit a participant to carryover to the immediately following plan year up to $500 in unused amounts from a health care FSA. This carryover may be used to pay or reimburse medical expenses under a health care FSA incurred during the entire plan year to which it is carried over. The rule also provides that:

  • The carryover does not count against or otherwise affect the maximum payroll reduction limit for the plan year ($2,500 for 2014).
  • Although the maximum unused amount allowed to be carried over to any plan year is $500, the plan may specify a lower amount.
  • If a plan permits a carryover, the same dollar limit must apply to all plan participants.
  • A plan that adopts the carryover provision is not permitted to provide the FSA grace period.
  • The use of the carryover option does not affect the plan’s ability to provide for the payment of expenses incurred in one plan year during a permitted “run-out” period at the beginning of the following year.
  • A plan is not permitted to allow unused amounts related to an FSA to be cashed out to the participant or used for any other taxable or non-taxable benefit.
  • A plan is permitted to treat reimbursements of all claims that are incurred in the current plan year as reimbursed first from unused amounts credited for the current plan year and, only after exhausting these amounts, as then reimbursed from unused amounts carried over from the previous year.
  • Any carryover amount used to pay for eligible medical expenses in the current plan year will reduce the amounts available to pay claims during the run-out period from the prior plan year.

For example, Jane Smith participates in her employer’s FSA with a calendar plan year, a run-out period from January 1 to March 31, an open enrollment in November for making salary reductions for the following year and the $500 carryover.

In November 2014, Jane elects a salary reduction of $2,500 for 2015. By December 31, 2014, she has $800 remaining from 2014. The plan may treat $500 of the unused $800 as available to pay 2015 expenses. Jane now has a total of $3,000 to spend in 2015. She is reimbursed for a $2,700 claim incurred in July 2015. The plan treats the first $2,500 as reimbursed with 2015 contributions, and the remaining $200 of the claim as reimbursed with unused 2014 contributions (leaving $300 for any further 2015 expenses). If she submits no further claims in 2015, the remaining $300 is carried over to 2016.

Assume these same facts, except that Jane’s $2,700 expense is incurred and submitted in January 2015 (during the 2014 run-out period). Jane is reimbursed for the claim first from 2015 contributions ($2,500) and then from 2014 contributions ($200). Since this claim was incurred during the run-out period, the 2014 run-out amount is reduced to $600 ($800-$200). If on February 1, 2015 Jane receives a medical bill from 2014 for $700 and submits the expense, the plan may only reimburse her for $600 of the total $700 claim. Jane continues to have $300 available for any 2015 expense, which may be carried over to 2016.

Next Steps

An employer that wants to implement the new carryover option must amend its cafeteria plan on or before the last day of the plan year from which amounts may be carried over and the amendment can be made effective retroactively to the first day of that plan year. For example, an employer can amend a calendar year plan on or before December 31, 2013 and have the carryover rule apply for 2013. The employer must notify participants of the new rule.

This increased flexibility will reduce a key barrier for many potential FSA users and may increase enrollment in FSA programs. Participants will no longer have to perfectly predict normally unpredictable health expenses a year in advance. Even though the carryover is limited to $500, the majority of forfeitures under the use-it-or-lose-it rule were less than $500.

Employers should carefully consider whether their employees would benefit from adopting the carryover rule instead of the grace period rule. The carryover rule is limited to $500 but permits the $500 to be used to pay for eligible expenses during the entire year into which it was carried over. In contrast, the grace period rule permits the entire amount of unused dollars in a health care FSA to be used but only to pay expenses incurred during the first 2 1/2 months of the next year.

Employers seeking to modify a 2013 plan that currently has a grace period should also carefully consider the ERISA implications of eliminating the availability of the grace period for 2013 contributions.

Article by:

Eric W. Gregory

Of:

Dickinson Wright PLLC

Government Shutdown Now Over – But What About Sequestration?

DrinkerBiddle

The government may be back up and running and funded under a short-term continuing resolution (CR), but the battle is far from over as Congress heads toward new deadlines to address budgetary matters.  There has been some confusion about what the current budget agreement means in terms of sequestration’s annual cuts to discretionary and mandatory programs instituted in 2012.  The law signed by the President to address the short-term continuing resolution and temporarily raise the debt ceiling does not provide federal agencies flexibility to administer new sequestration cuts at this time.  With the government spending levels remaining at FY 2013 levels for the duration of the CR, a new round of sequester cuts are not set to kick in until January 2014.

The law established a short-term budget conference committee, with a set deadline of Dec. 13, 2013 to outline recommended spending levels and program cuts.  Of note is that the committee deadline is set in advance of when the second year of the sequester will begin.  The deadline provides a window of opportunity for the new budget conferees to address how the sequester cuts are applied in FY 2014.   The conferees may contemplate making other adjustments to entitlement programs (Medicare and Medicaid) to address health care spending issues that will be negotiated during their deliberations.  In addition, Medicare payments to physicians are set to be cut by approximately 25 percent if Congress does not address the cut by December 31, 2013 and offset the cut with a payfor that would likely include cuts to other health care entities. Any of these negotiations and decisions, if ultimately accepted by Congress, could impact the size of the Medicare sequester cuts in January FY 2014.

Article By:

 of

Alleged STOLI Producers Found Guilty of Fraud and Other Criminal Charges

DrinkerBiddle

Earlier today, a jury in the United States District Court for the Southern District of New York found independent insurance producers Michael Binday, James Kergil, and Mark Resnick guilty of mail and wire fraud, and conspiracy to commit those offenses.  The jury also convicted Kergil and Resnick of conspiracy to obstruct justice.  Sentencing has been scheduled for January 15, 2014.  The convicted defendants may face up to 80 years in prison.

During the 12 day trial, federal prosecutors argued that Binday, Kergil, and Resnick lied to insurers to perpetrate the scheme and then lied again to cover it up.  Based on the testimony of insiders and insureds, along with the defendants’ own emails and other documents, prosecutors specifically argued that the defendants:

  • recruited brokers to solicit elderly clients to serve as straw-buyers for the policies, with promises of large commissions to the brokers and payments to the clients upon the sale of the policies;
  • submitted applications to insurers for more than $100 million in life insurance, which grossly misrepresented the insureds’ income and net worth and lied about the intent to sell the policies, the fact that the premium would be financed by third-parties, and that multiple policies were being applied for or had been issued in the name of the insured;
  • recruited accountants and other professionals to submit bogus inspection reports and other documents purporting to verify the insureds’ financials;
  • conspired to thwart insurers’ attempts to investigate the representations made in the policy applications and to disguise the source of premiums paid for the policies by wiring funds into insureds’ accounts; and
  • earned millions of dollars through commissions and in some cases by arranging to cash in themselves on the death benefits upon an insured’s death.

Insurance industry leaders Jim Avery, the former Vice Chairman and President of Individual Life Insurance for Prudential, and Mike Burns, a Senior Vice President at Lincoln Financial Group, also testified during the government’s case in chief.  Both testified about their companies’ anti-STOLI policies, the harm to insurers that STOLI caused, and the measures the companies took to try to screen it out.

The evidence relating to the conspiracy to obstruct justice charges against Kergil and Resnick included alleged recorded calls that a scheme insider, who testified under a plea agreement, had with Kergil and Resnick, and testimony from an employee of the Apple computer store where Resnick allegedly had taken his computer to have the hard drive wiped clean.  The alleged calls, which were recorded in cooperation with the FBI, involved discussions about Kergil’s instruction to Resnick and the insider to destroy all records with Binday’s name on them and to wipe their computer hard drives clean.

Each of the defendants was separately represented by his own counsel, and none of the defendants took the stand in his defense.  Instead, the defendants presented excerpts from approximately a dozen files for policies that the defendants submitted to the insurers and that supposedly contained STOLI red flags.  Based on these documents, the defendants argued that the insurers were not deceived by the defendants’ lies and that the scheme was profitable for all involved and not criminal activity.  On rebuttal, the prosecutors introduced additional evidence from the insurer files showing that the insurers’ attempts to investigate the STOLI red flags were met with more lies on the part of the defendants and their associates.

This criminal prosecution has already spawned at least one civil action by an insurer seeking to have a STOLI policy allegedly involving Resnick and Binday declared null and void.

Mandatory Paid Sick Leave Arrives in New York City

VedderPriceLogo

On Thursday, June 27, members of the New York City Council voted to override Mayor Michael Bloomberg’s veto of the City’s Earned Sick Time Act (the Act). New York City thus became the latest (and the most populous) of a growing number of localities – including San Francisco; Washington, DC; Seattle; Portland, ME; and the State of Connecticut – to impose mandatory sick leave obligations on employers.

The NYC Earned Sick Time Act: An Overview

Virtually all private sector employers within the geographic boundaries of New York City are covered by the Act’s provisions. Notable exceptions include a limited number of manufacturing entities, as well as employers whose workers are governed by a collective bargaining agreement that expressly waives the Act’s provisions while at the same time providing those workers with a comparable benefit.

The Act will eventually cover more than one million employees, providing each of them with up to five days of paid leave each year. In its first phase of implementation, currently scheduled to take effect on April 1, 2014, the Act will apply only to those employers that employ 20 or more workers in New York City. The second phase of implementation will begin 18 months later (currently, October 15, 2015), at which time the Act will expand to those employers with at least 15 City-based employees. The Act will require employers with fewer than 15 City-based employees to provide their employees with unpaid, rather than paid, sick time.

New York City-based employees (regardless of whether they are employed on a full- or part-time, temporary or seasonal basis) who work more than 80 hours during a calendar year will accrue paid sick time at a minimum rate of one hour for each 30 hours worked. The Act caps mandatory accrual of paid sick time at 40 hours per calendar year (the equivalent of one five-day workweek). Although the Act provides only for a statutory minimum, employers are free to provide their employees with additional paid time if they so desire. Accrual of paid leave time begins on the first day of employment, but employers may require employees to first work as many as 120 days before permitting them to make use of the time they have accrued.

The Act specifies that employees will be able to use their accrued time for absences from work that occur because of: (1) the employee’s own mental or physical illness, injury or health condition, or the need for the employee to seek preventive medical care; (2) care of a family member in need of such diagnosis, care, treatment or preventive medical care; or (3) closure of the place of business because of a public health emergency, as declared by a public health official, or the employee’s need to care for a child whose school or childcare provider has been closed because of such a declared emergency.

Although the Act allows employees to carry over accrued but unused leave time from year to year, it does not require employers to permit the use of more than 40 hours of paid leave each year. Likewise, it does not require employers to pay out accrued, but unused, sick leave upon an employee’s separation from employment.

Employers that have already implemented paid leave policies – such as policies that provide for paid time off (PTO), personal days and/or vacation – that provide employees with an amount of paid leave time sufficient to meet the Act’s accrual requirements may not be required to provide their employees with anything more once the Act takes effect. As long as an employer’s current policy or policies allow the paid leave in question to be used “for the same purposes and under the same conditions as paid sick leave,” nothing more is necessary.

The Act Requires Proper Notice to Both Employees and Employers

Once the Act is implemented, employers will be required to inform new employees of their rights when they are hired, and will have to post additional notices in the workplace (suitable notices will be made available for download on the Department of Consumer Affairs website). In addition to providing information about the Act’s substantive provisions, employees must also be informed of the Act’s provision against retaliation and how they may lodge a complaint.

Likewise, an employer may require reasonable notice from employees who plan to make use of their accrued time. The Act defines such notice as seven days in the case of a foreseeable situation, and as soon as is practicable when the need for leave could not have been foreseen.

Penalties and Enforcement

The Act will be enforced by the City’s Department of Consumer Affairs. Because the Act contains no private right of action, an employee’s only avenue for redress will be through the Consumer Affairs complaint process. Employees alleging such a violation have 270 days within which to file a complaint. Penalties for its violation are potentially steep; they include: (1) the greater of $250 or three times the wages that should have been paid for each instance of sick time taken; (2) $500 for each instance of paid sick time unlawfully denied to an employee, or for which an employee is unlawfully required to work additional hours without mutual consent; (3) full compensation, including lost wages and benefits, for each instance of unlawful retaliation other than discharge from employment, along with $500 and equitable relief; and (4) $2,500 for each instance of unlawful termination of employment, along with equitable relief (including potential reinstatement).

Employers found to have violated the Act may also face fines from the City of up to $500 for the first violation, $750 for a second violation within two years of the first, and $1,000 for any subsequent violation within two years of the one before. Additionally, employers that willfully fail to provide the required notice of the Act’s substantive provisions will be fined $50 for each employee who did not receive such notice.

The Act, meanwhile, does not prohibit employers from requiring that such an employee provide documentation from a licensed health care professional to demonstrate the necessity for the amount of sick leave taken. Employers are free under the Act to discipline employees, up to and including termination, who take sick leave for an improper purpose. They are prohibited, however, from inquiring as to the nature of an employee’s injury, illness or condition.

Countdown to HITECH Compliance: How to Redistribute Your Notice of Privacy Practices

Poyner SpruillSeptember 23, 2013 is the fast-approaching compliance deadline for the final omnibus HIPAA/HITECH rules.  Many provisions required revisions to Notices of Privacy Practices (NPPs) maintained and distributed by covered entities.  The U.S. Department of Health and Human Services (HHS) has made clear that these changes are material.  As a result, covered entities must redistribute their NPPs shortly in order to meet HITECH’s requirements.  This alert describes the manner of redistribution dictated by HIPAA.

General Requirements

When revising NPPs, keep in mind that whether paper or web-based, HHS requires them to be accessible to all individuals, including those with disabilities.  Covered providers required to comply with Section 504 of the Rehabilitation Act or the Americans with Disabilities Act must also take steps to ensure effective communication with individuals with disabilities, including making the revised NPP available in Braille, large print, or audio.  HIPAA also requires NPPs to be written in plain language.

Changes to the NPP may not be implemented prior to the NPP’s new effective date, unless otherwise required by law.  Typically, any change to the practices described within the revised NPP may only be applied to PHI created or received after the effective date of the change.  All previous versions of the NPP and any acknowledgments of its receipt must be maintained for six years from the last effective date.

If You Are a Health Care Provider

For existing patients, you must make the revised NPP available upon request on or after the effective date of the changes (for most, this date will be September 23, 2013).  If you have a physical service delivery site (such as a clinic or hospital), you must have copies of the NPP available at the site for individuals to take with them upon request.  You also must post a copy of the NPP or summary of the revisions in a clear and prominent location, where it is reasonable to expect individuals to be able to read the posting.  You must ensure all new patients receive the revised NPP at the time of first service after the effective date of the changes.  The revised NPP must be made available on your website if you have one.  If patients have agreed to receive electronic notice of the NPP, you may e-mail the revised NPP to those patients.  You do not need to obtain acknowledgment of receipt from individuals, except for the initial distribution of the NPP provided at the first time of service.

If You Are a Health Plan

You must distribute the revised NPP to current plan participants.  If you post your NPP on a website, then you must post the revised NPP, or a description of the material changes, prominently on that website by the effective date of the changes.  You also must provide in your next annual mailing to participants either the revised NPP or information regarding material changes and how to obtain a copy of the NPP.  If you do not post your NPP on a website, then you must provide participants with the revised NPP or information about the material changes and how to obtain the revised NPP within 60 days of the material changes.  Note that all health plans also must continue to notify participants of the availability of the NPP and how to obtain a copy at least once every three years.

HHS has stated that if covered entities or health plans amended and redistributed NPPs prior to issuance of the final omnibus rule then they are not required to repeat the process, so long as the current NPP that was redistributed meets all the requirements in the final rule.  For all other covered entities, the NPP must be revised and effective by September 23, 2013, and redistributed as appropriate.

Article By:

 of

U.S. Medical Oncology Practice Sentenced for Use and Medicare Billing of Cancer Drugs Intended for Foreign Markets

GT Law

In a June 28, 2013 news release by the Office of the United States Attorney for the Southern District of Californiain San Diego, it was reported that a La Jolla, California medical oncology practice pleaded guilty and was sentenced to pay a $500,000 fine, forfeit $1.2 million in gross proceeds received from the Medicare program, and make restitution to Medicare in the amount of $1.7 million for purchasing unapproved foreign cancer drugs and billing the Medicare program as if the drugs were legitimate. Although the drugs contained the same active ingredients as drugs sold in the U.S. under the brand names Abraxane®, Alimta®, Aloxi®, Boniva®, Eloxatin®, Gemzar®, Neulasta®, Rituxan®, Taxotere®, Venofer® and Zometa®), the drugs purchased by the corporation were meant for markets outside the United States, and were not drugs approved by the FDA for use in the United States. Medicare provides reimbursement only for drugs approved by the Food and Drug Administration (FDA) for use in the United States. To conceal the scheme, the oncology practice fraudulently used and billed the Medicare program using reimbursement codes for FDA approved cancer drugs.

In pleading guilty, the practice admitted that from 2007 to 2011 it had purchased $3.4 million of foreign cancer drugs, knowing they had not been approved by the U.S. Food and Drug Administration for use in the United States. The practice admitted that it was aware that the drugs were intended for markets other than the United States and were not the drugs approved by the FDA for use in the United States because: (a) the packaging and shipping documents indicated that drugs were shipped to the office from outside the United States; (b) many of the invoices identified the origin of the drugs and intended markets for the drugs as countries other than the United States; (c) the labels did not bear the “Rx Only” language required by the FDA; (d) the labels did not bear the National Drug Code (NDC) numbers found on the versions of the drugs intended for the U.S. market; (e) many of the labels had information in foreign languages; (f) the drugs were purchased at a substantial discount; (g) the packing slips indicated that the drugs came from the United Kingdom; and (h) in October, 2008 the practice had received a notice from the FDA that a shipment of drugs had been detained because the drugs were unapproved.

In a related False Claims Act lawsuit filed by the United States, the physician and his medical practice corporation paid in excess of $2.2 million to settle allegations that they submitted false claims to the Medicare program. The corporation was allowed to apply that sum toward the amount owed in the criminal restitution to Medicare. The physician pleaded guilty to a misdemeanor charge of introducing unapproved drugs into interstate commerce, admitting that on July 8, 2010, he purchased the prescription drug MabThera (intended for market in Turkey and shipped from a source in Canada) and administered it to patients. Rituxan®, a product with the same active ingredient, is approved by the Food and Drug Administration for use in the United States.

Article By:

 of

Breach Notification Rules under Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule

DrinkerBiddle

This is the fourth in our series of bulletins on the Department of Health and Human Services’ (HHS) HIPAA Omnibus Final Rule. In our bulletins issued on February 28, 2013 and March 18, 2013, available here, we described the major provisions of this rule and explained how the provisions of the rule that strengthen the privacy and security of protected health information (PHI) impact employer sponsored group health plans, which are covered entities under the HIPAA privacy rules. In our bulletin issued on April 4, 2013, available here, we focused on changes that will need to be made to business associate agreements under the Omnibus Final Rule. In this bulletin, we discuss the modifications to the breach notification rules made by the Omnibus Final Rule and provide health plan sponsors with information regarding the actions they must take to meet their breach notification obligations in the event of a breach of unsecured PHI.

Key Considerations for Health Plan Sponsors

  • Health plan sponsors must be able to identify when a breach occurs and when breach notification is required.
  • Health plan sponsors should review their procedures for evaluating potential breaches and should revise those procedures to incorporate the new “risk assessment” required under the Omnibus Final Rule.
  • Health plan sponsors should review their procedures for notifying individuals, HHS, and the media (to the extent required) when a breach of unsecured PHI occurs.
  • Health plan sponsors should make training workforce members about the breach notification rules a priority. Workforce members should be prepared to respond to breaches and potential breaches of unsecured PHI. A breach is treated as discovered by the covered entity on the first day a breach is known, or, by exercising reasonable diligence would have been known, to the covered entity. This standard is met if even one workforce member knows of the breach or would know of it by exercising reasonable diligence, and even if the breach is not immediately reported to the privacy officer. Discovery of the breach starts the clock ticking on the notification obligation and deadlines, which are described below.
  • Health plan sponsors should review each existing business associate agreement to make sure that responsibility for breach notification is allocated between the business associate and the health plan in a manner that is appropriate based on the business associate’s role with respect to PHI and the plan sponsor’s preferences for communicating with employees.

Health plan sponsors will want to review and revise, as necessary, the following to comply with the new rules described below:

Compliance Checklist

 Business Associate Relationships and Agreements 
 Policies and Procedures 
 Security Assessment and Breach Notification Plan 
 Risk Analysis — Security 
 Plan Document and SPD 
 Notice of Privacy Practices 
 Individual Authorization for Use and Disclosure of PHI
 Workforce Training

What is a Breach?

Background

In general terms, a breach is any improper use or disclosure of PHI. While HIPAA requires mitigation of any harmful effects resulting from an improper use or disclosure of PHI, the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 added a notification requirement. HITECH requires covered entities to notify affected individuals, HHS and, in some cases, the media following a breach of unsecured PHI. HITECH defined “breach” as an acquisition, access, use, or disclosure of an individual’s PHI in violation of the HIPAA privacy rules, to the extent that the acquisition, access, use or disclosure compromised the security or privacy of the PHI. The HHS interim final regulations further specified that PHI was compromised if the improper use or disclosure posed a significant risk of financial, reputational, or other harm. The interim final regulations also contained four exceptions to the definition of breach, adding a regulatory exception to the three statutory exceptions.

General Definition of Breach under the Omnibus Final Rule

Under the Omnibus Final Rule, “breach” continues to be defined as an acquisition, access, use, or disclosure of PHI that both violates the HIPAA privacy rules and compromises the security or privacy of the PHI. However, the Omnibus Final Rule modifies the interim final regulations in two important ways:

  • The interim final regulatory exception for an unauthorized acquisition, access, use, or disclosure of PHI contained in a limited data set from which birth dates and zip codes have been removed is eliminated.
  • The risk of harm standard is eliminated and replaced with a presumption that any acquisition, access, use, or disclosure of PHI in violation of the HIPAA privacy rules constitutes a breach. However, a covered entity (such as a health plan) can overcome this presumption if it concludes following a risk assessment that there was a low risk that PHI was compromised (see “Presumption that a Breach Occurred” below).

Statutory Exceptions to “Breach”

HITECH provided three statutory exceptions to the definition of breach that are also set forth in the Omnibus Final Rule. If an improper acquisition, access, use, or disclosure of PHI falls within one of the following three exceptions, there is no breach of PHI:

  • The acquisition, access, or use is unintentional and is made in good faith by a person acting under a covered entity’s (or business associate’s) authority, as long as the person was acting within the scope of his or her authority and the acquisition, access, or use does not result in a further impermissible use or disclosure of the PHI.
  • The disclosure of PHI is inadvertent and is made by a person who is authorized to access PHI at a covered entity (or business associate), as long as the disclosure was made to another person within the same covered entity (or business associate) who is also authorized to access PHI, and there is no further impermissible use or disclosure of the PHI.
  • The disclosure of PHI is to an unauthorized person, but the covered entity (or business associate) has a good faith belief that the unauthorized person would not reasonably have been able to retain the PHI.

The interim final regulations added a fourth exception for impermissible uses or disclosures of PHI involving only PHI in a limited data set, which is PHI from which certain identifiers are removed, provided birth dates and zip codes are also removed. The Omnibus Final Rule eliminates this exception so an impermissible use or disclosure of PHI in a limited data set will be presumed to be a breach of PHI as described below.

Presumption that a Breach Occurred

Under the Omnibus Final Rule, a breach is presumed to have occurred any time there is an acquisition, access, use, or disclosure of PHI that violates the HIPAA privacy rules (subject to the statutory exceptions outlined above).

However, a covered entity may overcome this presumption by performing a risk assessment to demonstrate that there is a low probability that the PHI has been compromised. If the covered entity chooses to conduct a risk assessment, the assessment must take into account at least the following four factors:

  • The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification.
  • The unauthorized person who used the PHI or to whom the disclosure was made.
  • Whether the PHI was actually acquired or viewed.
  • The extent to which the risk to the PHI has been mitigated.

The covered entity may consider additional factors as appropriate, depending on the facts and circumstances surrounding the improper use or disclosure. After performing its risk assessment, if the covered entity determines that there is a low probability that the PHI has been compromised, there is no breach and notice is not required. If the covered entity cannot reach this conclusion and if no statutory exception applies, then the covered entity must conclude that a breach has occurred.

The Omnibus Final Rule also makes clear that a covered entity may decide not to conduct a risk assessment and may instead treat every impermissible acquisition, access, use, or disclosure of PHI as a breach.

Drinker Biddle Note: Covered entities have the burden of proof to demonstrate either that an impermissible acquisition, access, use, or disclosure of PHI did not constitute a breach, or that all required notifications (as discussed below) were provided. Covered entities should review and update their internal HIPAA privacy and security policies to include procedures for performing risk assessments, as well as procedures for documenting all risk assessments and determinations regarding whether a breach has occurred and whether notification is required.

Providing Breach Notification

Covered entities are required to notify all affected individuals when a breach of unsecured PHI is discovered (unless an exception applies or it is demonstrated through a risk assessment that there is a low probability that the PHI has been or will be compromised). Notification to HHS is also required, but the time limits for providing this notification vary depending on the number of individuals affected by the breach. In addition, covered entities may be required to report the breach to local media outlets. The Omnibus Final Rule describes in detail the specific content that is required to be included in notifications to affected individuals, HHS, and the media.

Drinker Biddle Note: Although the Omnibus Final Rule defines when a “breach” has occurred, notification is required only when the breach involves unsecured PHI. PHI is considered “unsecured” when it has not been rendered unusable, unreadable, or indecipherable to unauthorized persons. HHS has issued extensive guidance on steps that can be taken to render PHI unusable, unreadable, and indecipherable.

Notification to Affected Individuals

Covered entities must notify affected individuals in writing without unreasonable delay, but in no event later than 60 calendar days, after discovery of a breach of unsecured PHI. The notice may be sent by mail or email (if the affected individual has consented to receive notices electronically). The Omnibus Final Rule also provides additional delivery methods that apply when an affected individual is deceased, and when a covered entity does not have up-to-date contact information for an affected individual.

Drinker Biddle Note: Again, a breach is deemed discovered on the first day such breach is known or by exercising reasonable diligence would have been known by any person who is a workforce member or agent of a covered entity or business associate.

Drinker Biddle Note: Please note that 60 days is an outer limit for providing the notice and is not a safe harbor. The operative standard is that the notice must be provided without unreasonable delay. Thus, based on the circumstances, a notice may be unreasonably delayed even though provided within the 60-day period.

Notification to HHS

Covered entities must notify HHS of breaches of unsecured PHI by electronically submitting a breach report form through the HHS website. If a breach of unsecured PHI affects 500 or more individuals, HHS must be notified at the same time that notice is provided to the affected individuals. For breaches of unsecured PHI that affect fewer than 500 individuals, the covered entity may keep a log of all such breaches that occur in a given year and submit a breach report form through the HHS website on annual basis, but not later than 60 days after the end of each calendar year.

Notification to the Media

When there is a breach of unsecured PHI involving more than 500 residents of a state or jurisdiction, a covered entity must notify prominent media outlets serving the state or jurisdiction. This media notification must be provided without unreasonable delay, and in no case later than 60 days after the breach is discovered.

State Law Requirements

Separate breach notification requirements may apply to a covered entity under state law. HIPAA’s breach notification laws preempt “contrary” state laws. “Contrary” in this context generally means that it is impossible to comply with both federal and state laws. As state breach notification laws are not typically contrary to the HIPAA breach notification rules, covered entities may have to comply with both laws.

Drinker Biddle Note: Covered entities should review applicable state breach notification laws and consider to what extent those laws should be incorporated into their HIPAA privacy policies and procedures.

Implications for Business Associate Agreements

If a covered entity’s business associate discovers that a breach of unsecured PHI has occurred, the Omnibus Final Rule requires the business associate to notify the covered entity without unreasonable delay, but in no event later than 60 days following the discovery of the breach. The notice must include, to the extent possible, the identification of each affected individual as well as any other information the covered entity is required to provide in its notice to individuals.

Although a covered entity is ultimately responsible for notifying affected individuals, HHS and the media (as applicable) when a breach of unsecured PHI occurs, the covered entity may want to delegate some or all of the notification responsibilities to its business associate. If a covered entity and its business associate agree that the business associate will be responsible for certain breach notification obligations, the scope of the arrangement should be clearly memorialized in the business associate agreement. In negotiating its business associate agreements, a covered entity should consider provisions such as:

  • Which party determines whether a breach occurred?
  • Who is responsible for sending required notices, and the related cost?
  • Indemnification in the event a business associate incorrectly determines that a breach did not occur, or a business associate otherwise fails to act appropriately.

Drinker Biddle Note: Covered entities that choose to delegate breach notification responsibilities to business associates should pay close attention to how such delegation provisions are drafted to minimize the possibility that the business associate will be considered an “agent” of the covered entity. Under the Omnibus Final Rule, when a business associate acts as an agent of the covered entity, the business associate’s discovery of a breach is imputed to the covered entity, and, therefore, a covered entity could be liable for civil monetary penalties related to the business associate’s act or omission. More information about issues related to drafting business associate agreements can be found in our bulletin issued on April 4, 2013, available here.

Compliance Deadline

Group health plans have until September 23, 2013 to comply with the new requirements of the Omnibus Final Rule. During the period before compliance is required, group health plans are still required to comply with the breach notification requirements of the HITECH Act and the interim final regulations.

Of course, the best course of action is to maintain adequate safeguards to prevent any breach. A recent settlement of HIPAA violations resulting in a $1.7 million payment to HHS is discussed in a separate publication, available here.

Article By:

of

Centers for Medicare and Medicaid Services (CMS) Spells Out Requirements in New Rule for Consumer Helpers in Insurance Exchanges

Barnes & Thornburg

Amid ongoing political debate about implementation of the Affordable Care Act and the ability of average Americans to understand the complexities of the health reform law, the Centers for Medicare and Medicaid Services on July 12, 2013 released a final rule that sets forth requirements for different types of entities and individuals who will aide consumers in learning about and enrolling in health coverage plans on insurance marketplaces created by the law, called exchanges.

The rule distinguishes between three categories of consumer helpers: “navigators,” “non-navigator assistance personnel,” and “certified application counselors.” All three types, which may include community nonprofit organizations and their staffs, and other entities and individuals, will perform similar functions, such as helping consumers establish their eligibility for coverage on an exchange and enrolling them where eligible. The primary differences lie in how they are funded and in the exchanges in which they will provide assistance. Navigators will provide assistance in all exchanges—federal exchanges, state exchanges, and federal-state partnership exchanges—and will be funded by federal and state grants. Non-navigator assistance personnel will provide assistance in federal-state partnership exchanges and optionally in state exchanges, and will be funded through separate state-administered grants or contracts. Certified application counselors will provide assistance in all exchanges and will not receive exchange-related funds (although they may receive funds from other federal programs).

The rule lays out standards with which navigators and non-navigator assistance personnel must comply. These standards include conflict-of-interest standards that limit affiliations with insurance companies and standards governing certification, recertification, and training in particular subjects. The rule establishes additional standards to ensure that the services of navigators and non-navigator assistance personnel are culturally and linguistically appropriate and also accessible to the disabled.

As to certified application counselors, the rule authorizes exchanges to designate an organization to certify its staff members or volunteers as application counselors, or to directly certify these individuals, who in both cases must comply with certification standards similar to those applicable to navigators and non-navigator assistance personnel. Correspondingly, the rule requires withdrawal of an organization’s designation or a counselor’s certification in the event of noncompliance with the rule. Finally, the rule requires that certain information about certified application counselors be available to health coverage applicants, and it prohibits the imposition of any charge on applicants for application or other exchange-related assistance.

The rule takes effect on August 12, 2013.

Article By:

 of

Financial Services Legislative and Regulatory Update – July 15, 2013

Mintz Logo

Leading the Past Week

Although there were several hearings and major implementations of Dodd-Frank rules, the leading story from the past week had to be Majority Leader Harry Reid (D-NV) filing cloture on seven Administration nominees, including Richard Cordray to continue as head of the Consumer Financial Protection Bureau (CFPB).  This is the start of a process that could end up with Leader Reid going for the “nuclear option” of changing the Senate rules dealing with the filibuster of certain nominations.  Based on some reports, it appears that Reid has the votes and that Cordray may be the sticking point in the negotiations.  Interestingly,  late last week Chairman Tim Johnson (D-SD) and the eleven other Democratic Members of the Banking Committee, wrote Minority Leader Mitch McConnell (R-KY) to end the Republican filibuster of Cordray’s nomination, requesting “an up-or-down vote on the nominee’s merits.”

While it remains to be seen how the filibuster cold war will resolve itself, last week the Congressional Budget Office (CBO) announced that the government achieved a surplus of $116.5 billion in June, the largest in five years.  This surplus, due in part to $66.3 billion in dividend payments from the GSEs, only solidified that this fall will see yet another convergence of a debt ceiling / government funding fight as both the debt limit and end of the federal fiscal year appear to be aligned to come due at the same time.  

We also saw several important steps forward in the implementation of the Dodd-Frank Act, including a proposed leverage ratio rule, approval of a final rule implementing capital requirements in excess of those required by Basel III, the designation of two nonbanks as SIFIs, and the long awaited announcement of the Commodity and Futures Trade Commission’s (CFTC) cross-border derivatives rulemaking.

Legislative Branch

Senate

Senate Banking Hearing Discusses Dodd-Frank Progress, Risk Mitigation

On July 11th, the Senate Banking Committee met to discuss Dodd-Frank implementation progress and whether financial reforms have succeeded in mitigating systematic risk from large financial institutions.  Witnesses included Treasury Under Secretary for Domestic Finance Mary Miller, Fed Governor Daniel Tarullo, Federal Deposit Insurance Commission (FDIC) Chairman Martin Gruenberg, and Office of the Comptroller of the Currency (OCC) head Thomas Curry.  In their testimony, regulators said that they expect almost all remaining Dodd-Frank rules, including capital surcharges for systematically important banks, the Volcker Rule, and liquidity rules to be finalized by the end of the year.  Regulators also expressed confidence that the recently finalized Basel III rules, when combined with proposed stricter leverage requirements, will be an effective means of ensuring that banks carry enough capital.  Notwithstanding the assertion of the regulators that the implementation of Dodd-Frank was nearing a close, Ranking Member Crapo remarked in his opening statement that there is a growing bipartisan consensus that some parts of Dodd-Frank need to be reformed.  In particular, he mentioned the burden of regulations on community banks, short-term wholesale funding, debt to equity ratios for large banks, and the perceived continuation of “too big to fail” as areas that require address.   

Democratic Senators Request CFPB, DOL Look Into Prepaid Payroll Cards

Following a front page story in the New York Times, on July 11th, sixteen Senate Democrats wrote to the CFPB and Department of Labor (DOL) requesting that the agencies investigate fees and practices associated with pre-paid payroll cards.  The letter was particularly strong, including the assertion “that mandating the use of a particular payroll card, with no available alternative, seems clearly to violate federal law,” the lawmakers requested that CFPB Director Cordray clarify whether employers provide sufficient alternatives for payment. The letter was signed by Senators Richard Blumenthal (D-CT), Chuck Schumer (D-NY), Joe Manchin (D-WV), Tom Harkin (D-IA), Barbara Boxer (D-CA), Dick Durbin (D-IL),  Debbie Stabenow (D-MI), Bob Menendez (D-NJ), Ben Cardin (D-MD), Robert Casey (D-PA), Jeffrey Merkley (D-OR), Brian Schatz (D-HI), Martin Heinrich (D-NM), Elizabeth Warren (D-MA), Mark Warner (D-VA), and Al Franken (D-MN).  It is unclear whether this letter will spur the CFPB to re-engage on its broader general purpose reloadable card ANPRM that is still pending with the agency.

Bipartisan Group of Senators Introduce the 21st Century Glass-Steagall Act

On July 11th, Senators Elizabeth Warren (D-MA), John McCain (R-AZ), Maria Cantwell (D-WA), and Angus King (I-ME) introduced legislation that would reinstate the Glass-Steagall Act by separating FDIC insured depository divisions from riskier banking activities such as investment banking, insurance, swaps dealing, and hedge fund and private equity activities.  By curbing those activities at federally insured institutions, the bill aims to eliminate the concept of “too big to fail” by making institutions smaller and thus decreasing the need, either real or perceived for a government bailout if the institution were to fail.

Senate Banking Leaders to Introduce FHA Reform Bill

Last week, Senate Banking Committee Chairman and Ranking Member Tim Johnson (D-SD) and Mike Crapo (R-ID) announced they will introduce legislation this week to provide the Federal Housing Administration (FHA) with additional authority, including the ability to charge higher premiums, to “get back on stable footing.” The FHA currently has a $943 million short fall in its insurance fund and a Treasury bailout is expected without additional Congressional action. The House has already passed a measure this year which would allow the agency to make changes to the Home Equity Conversion Mortgage program.

House of Representatives

House Approves FSOC, PCAOB Bills

On July 8th, the House passed two bills, the first to require the Financial Stability Oversight Council (FSOC) to study the effects of derivatives-related capital exemptions, and the second to bar the Public Accounting Oversight Board (PCAOB) from requiring public companies to regularly change auditors. The Financial Competitive Act of 2013 (H.R. 1341) passed the House by a 353 to 24 vote and directs the FSOC to study and report to Congress on an exemption for EU banks from the credit valuation adjustment (CVA) capital charge which was part of the Basel III agreements. The Audit Integrity and Job Protection Act (H.R. 1564) passed the House by a 321 to 62 vote and would do away with mandatory audit-form rotations currently required by the agency. Ranking Member of the House Financial Services Committee Maxine Waters (D-CA) expressed concern that the bill would result in “diminished information” and increased costs. The legislation also directs the Government Accountability Office to update a 2003 study on the Potential Effects of Mandatory Audit Firm Rotation.

House Republicans Unveil Housing Finance Reform Legislation

On July 11th, Chairman of the Financial Services Committee Jeb Hensarling (R-TX), unveiled the Protecting American Taxpayers and Homeowners (PATH) Act which would reform the US housing finance system by phasing out Fannie Mae and Freddie Mac and moving to a largely private system. The legislation would continue to wind down the GSEs’ portfolios while establishing new rules for private covered bonds and mortgage bonds. The legislation would also reign in the FHA and its ability to insure loans for only low income borrowers, reducing how much of a loan the FHA can insure. Notably, the proposal would also repeal the Dodd-Frank Act’s risk-retention rule and place a two year hold on Basel III capital rules. Also worth noting is that despite earlier hopes that Hensarling and Ranking Member Maxine Waters (D-CA) might be able to find some common ground housing reform, Ms. Waters said she was “strongly disappointed” by Hensarling’s proposal.  The Committee would hold a hearing on July 18th to examine the legislation.

House Financial Services Subcommittee Grills CFPB Over Data Collection

On July 9th, the House Financial Services Subcommittee on Financial Institutions and Consumer Credit held a hearing to examine how the CFPB collects and uses consumer data and personal information. CFPB Acting Deputy Director Steven Antonakes received heavy criticism from Committee Republicans for being unable to provide exact numbers on how many Americans the Bureau has collected information.  Republican lawmakers also criticized many of the data collection practices of the agency, citing concerns that the collection infringes on citizens’ right to privacy and attempting to draw analogies to the current NSA and IRS scandals.  Still, Antonakes and to some extent, Committee Democrats insisted that the CFPB is a data-driven agency, that the data being collected is, except when the result of a consumer contact, anonymized and that the CFPB takes very seriously its obligation to protect its data as it is vital to the Bureau’s work.                                                   

 

House Financial Services Subcommittee Explores Constitutionality of Dodd-Frank

On July 9th, the House Financial Services Subcommittee on Oversight and Investigations held a hearing to consider potential legal uncertainties in the Dodd-Frank Act.  The hearing featured testimony from three constitutional scholars, each of whom expressed concern that certain provisions of the law may be unconstitutional.  Professor Thomas Merrill, of Columbia Law School, argued that there are large constitutional concerns surrounding the orderly liquidation provision and the government’s power to seize control of an institution.  While the provision is likely legal, he said, it would undoubtedly be litigated the first time it is invoked. In addition, Boyden Gray, testified that Dodd-Frank violates separation of power by giving too much power to regulators, while Timothy McTaggart, a partner at Pepper Hamilton LLP, argued that Dodd-Frank ultimately does not violate separation of powers or the due process clause. 

House Financial Services Subcommittee Explores Small Business Capital Formation

On July 10th, the House Financial Services Subcommittee on Capital Markets and Government Sponsored Enterprises held the second in a series of hearings exploring existing barriers to capital formation.  In his opening statement, Chairman Scott Garrett (R-NJ) made it clear that the sponsors of last year’s JOBS Act are not satisfied with the bill’s implementation and are looking for new ideas to help small businesses build capital.  Additional proposals could include increasing tick sizes, creating special exchanges for the stock of small companies, and changing filing rules for small business financial statements. Witnesses expressed additional concerns; Kenneth Moch, CEO of Chimerix, noting the cost of compliance with internal controls associated with Sarbanes-Oxley, and Christopher Nagy, President of Kor Trading, calling for patent litigation reform.

House Appropriations Subcommittee Marks Up FY 2014 Financial Services Spending Bill

On July 10th, the House Appropriations Subcommittee on Financial Services and General Government met to consider the $17 billion FY2014 Financial Services and General Government spending bill, approving the legislation by voice vote. The bill funds a variety of agencies, including the Securities and Exchange Commission (SEC), Treasury, Internal Revenue Service (IRS), and others. The legislation boosts the SEC’s budget by $50 million to $1.4 billion, a figure that is still over $300 million dollars short of the President’s budget request.  In addition, the bill would bring the CFPB into the normal appropriations process beginning in 2015, something which Republicans have sought to do since the standing up of the Bureau. Despite serving as one of the main sticking points against Director Cordray’s confirmation, the bid to move the Bureau’s funding out from the control of the Federal Reserve is unlikely to be successful.

Executive Branch

CFTC

CFTC Finalizes Cross-Border Derivatives Rule, Including Effective Date Delay

Following several weeks of rampant speculation over the fate of the CFTC’s proposal to regulate cross-border swaps trades, the CFTC voted 3 to 1 on July 12th phase in guidance governing how U.S. derivatives laws apply to foreign banks. The CFTC also approved an “exemptive order” extending the effective date for the new requirements to 75 days after the guidance is published in the Federal Register. In addition, by December 21st, the Commission hopes to approve additional “substituted compliance” requests that will enable market participants to meet the requirements put out by other countries, including the EU, Japan, Hong Kong, Australia, Canada, and Switzerland.

The CFTC’s vote follows the news that the Commission reached an agreement with EU regulators on how the two regulatory zones would oversee cross-border derivatives deals. The agreement will allow uncleared transactions that are deemed to fall under certain “essentially identical” US and EU rules to be governed by just the EU. In addition, the agreement allows US market participants to directly trade on a foreign board of trade and addresses US fears over loopholes for firms engaged in high-risk overseas operations, among other things. The CFTC also released four “no-action letters” on July 11thwhich implement the agreement with the EU.

Federal Reserve

Federal Reserve Releases Minutes of June FOMC Meeting

On July 10th, the Fed released the minutes of the June 18th and 19th meeting of the Federal Open Markets Committee. Following market disruptions after Chairman Bernanke’s statements after the June meeting, the FOMC minutes shed light on how the Fed plans to proceed in winding down its quantitative easing program by stressing that continuation of the monthly billion dollar asset purchases will largely depend on continued economic growth. Regardless of the exact timing, it appears a tapering of the highly accommodative monetary policy will occur in the near- to mid-term, as the minutes state: “several members judged that a reduction in asset purchases would likely soon be warranted, in light of the cumulative decline in unemployment since the September meeting and ongoing increases in private payrolls, which had increased their confidence in the outlook for sustained improvement in labor market conditions.”

Regulators Propose Exempting Certain Mortgages from Appraisal Requirements

On June 10th, six regulatory agencies issued a proposed rule exempting certain subsets of high-priced mortgages from Dodd-Frank appraisal requirements.  The exempted mortgages include loans of $25,000 or less, certain “streamlined” refinancings, and some loans for manufactured homes. The new rule is meant to lower cost hurdles for borrowers and improve mortgage lending practices.  The proposal was released jointly by the Fed, CFPB, FDIC, OCC, Federal Housing Finance Administration (FHFA), and the National Credit Union Administration (NCUA).

FDIC

Regulators Propose Leverage Ration Rule; Finalize Rule Implementing Basel III Agreement

On July 9th, the Fed, FDIC, and OCC released a new proposal which would require federally insured banks with more than $700 billion in assets to meet a 6 percent leverage ratio, double the 3 percent ratio agreed to under the Basel III. The proposed rule would currently capture eight US banks, including: JPMorgan Chase, Bank of America, Bank of New York Mellon, State Street, Citigroup, Goldman Sachs, Wells Fargo, and Morgan Stanley. The holding companies of these institutions would be required to meet a 5 percent leverage threshold, the Basel III 3 percent minimum plus a 2 percent buffer. The same day the FDIC and OCC finalized an interim final rule to implement the Basel III international bank capital agreement, which the Federal Reserve adopted unanimously the previous week.

Treasury

FSOC Releases Final AIG, GE SIFI Designations

On July 9th, the Financial Stability Oversight Council (FSOC) voted to designate American International Group (AIG) and GE Capital as the first two nonbank financial companies required to meet additional regulatory and supervisory requirements associated with being systemically important financial institutions (SIFIs). As such, these companies will be subject to supervision by the Fed’s Board of Governors and to enhanced prudential standards. In deciding to designate these two nonbanks, the FSOC noted AIG’s “size and interconnectedness” and GE’s role as a “significant participant in the global economy and financial markets.” Remarking on the designations, Treasury Secretary Jack Lew said that they will help “protect the financial system and broader economy” and that the Council will “continue to review additional companies in the designations process.”

CFPB

Bureau Updates 2013 Rulemaking Schedule

On July 8th, the OIRA released an updated list of rulemakings and their status at the CFPB.  The list included a variety of items, at different stages of the rulemaking process. 

CFPB Warns it Will Closely Scrutinize Debt Collection

On July 0th, the CFPB announced that it will be heavily examining the practices used to collect debt from borrowers.  The CFBP also said that it will be looking into the activities of both third-party collection agencies, which are subject to regulations under the Fair Debt Collection Practices Act (FDCPA), in addition to lenders trying to collect directly from borrowers who are not covered by FDCPA. As part of this effort, the Bureau has published two bulletins outlining illegal and deceptive debt collection practices. The first bulletin outlines that any creditor subject to CFPB supervision can be held accountable for any unfair, deceptive, or abusive practices in collecting a consumer’s debts. The first bulletin also warns against threatening actions, falsely representing the debt, and failing to post payments. The second bulletin cautions companies about statements they make about how paying a debt will affect a consumer’s credit score, credit report, or creditworthiness. As part of this crackdown, the CFPB will also begin accepting debt collection complaints from consumers.

SEC

Commission Finalizes JOBS Act General Solicitation Rule

On July 10th, the SEC adopted in a 4 to 1 vote a final rule to lift the ban on general solicitation and general advertising for certain private securities offerings. Commissioner Luis Aguilar was the sole no vote, saying that the rule puts investors at risk. In remarks delivered the same day, Aguilar said that the rule does not contain sufficient investor protections as is, and it is not enough to rely on “speculative future actions to implement common sense improvements” to ensure investor safety. In conjunction with this vote, the agency proposed for comment a separate rule which will increase the amount of disclosures which issuers must provide on public offerings, such as providing the SEC with 15 days advance notice of the sale of unregistered securities, and provide for other new safeguards.  Commissioners Dan Gallagher and Troy Paredes both opposed the new disclosure requirements, citing concerns that they would “undermine the JOBS Act goal of spurring our economy and job creation.” The SEC also approved in a 5 to zero vote a rule which would prohibit felons and other “bad actors” from participating in offerings.

Lawmakers on both sides of the aisle had strong opinions about the final general solicitation rule. Democratic lawmakers, though somewhat assuaged by the additional disclosure safeguards, echoed Commissioner Aguilar’s sentiments regarding investor safety. In particular, Senator Carl Levin (D-MI) said in a statement that he was disappointed in Chairman Mary Jo White for advancing a rule with too few investor protections.  On the other hand, Representative Patrick McHenry (R-NC) accused the SEC of flaunting Congressional intent by moving forward with the additional filing and disclosure requirements, saying the requirements will “unjustifiably burden American entrepreneurs” and “neutralize congressional intent.”

SEC Delays Rules on Retail Forex Transactions

On June 11th, the SEC agreed to delay rulemaking on restrictions to retail foreign exchange (forex) trading by up to three years.  The SEC said that it would use the additional time to assess the market for off-exchange foreign currency contracts and determine if more targeted regulations are necessary.  While the vote for the extension was private, Commissioner Aguilar publically criticized the delay, saying that the transactions, while profitable, pose unnecessary risks to small investors in the economy.   

OCC

Martin Pfinsgraff to be OCC Senior Deputy Comptroller for Large-Bank Supervision

On July 11th, US Comptroller of the Currency Thomas Curry named Martin Pfinsgraff Senior Deputy Comptroller for Large-Bank Supervision.  Pfinsgraff has filled the role on an acting basis since January 30th, and has worked in the OCC since 2011.  Previously, he served as Chief Operating Officer for iJet International, a risk management company, and Treasurer for Prudential Insurance.  In this position, he will continue to supervise 19 of the nation’s biggest banks with over $8 trillion in combined assets.  

International

Basel Committee Considering Simplified Capital Regime

On July 8th, the Basel Committee on Banking Supervision released a paper positing alternative proposals to reform the international capital regime in ways which would simpler and easier to compare global capital levels. Specifically, the Committee proposed reforms such as enhanced disclosures, additional metrics, strategies to ensure effective leverage ratios, and reigning in national discretion as potential options for simplifying the framework. The paper reiterated that risk-based procedures will remain at the heart of the Basel capital framework but these will be complemented by liquidity and leverage ratio metrics.

Upcoming Hearings

  • On Tuesday, July 16th at 10am, in 538 Dirksen, the Senate Banking, Housing and Urban Affairs Committee will meet in executive session to vote on pending nominations. Immediately following votes on nominees, the Committee will hold a hearing titled “Oversight of the Defense Production Act: Issues and Opportunities for Reauthorization.”
  • On Wednesday, July 17th at 10am, in 538 Dirksen, the Financial Institutions and Consumer Protection Subcommittee of Senate Banking, Housing and Urban Affairs Committee will hold a hearing on the consumer debt industry.
  • On Wednesday, July 17th at 10am, in 2128 Rayburn, the House Financial Services Committee will hold a hearing to receive the Semi-Annual Monetary Policy Report to Congress.
  • On Wednesday, July 17th at 2:30pm, in 216 Hart, the Senate Agriculture, Nutrition and Forestry Committee will hold a hearing on the Commodity Futures Trading Commission Reauthorization.
  • On Thursday, July 18th at 10:30am, the Senate Banking, Housing and Urban Affairs Committee will hold a hearing on the Federal Reserve’s Semiannual Monetary Policy Report to the Congress.
  • On Thursday, July 18th at 1pm, in 2154 Rayburn, the Economic Growth, Job Creation and Regulatory Affairs Subcommittee of House Oversight and Government Reform Committee will hold a hearing titled “Regulatory Burdens: The Impact of Dodd-Frank on Community Banking.”
  • On Thursday, July 18th at 1pm in 2128 Rayburn, the House Financial Services Committee will holding a hearing titled “A Legislative Proposal to Protect Americas Taxpayers and Homeowners by Creating a Sustainable Housing Finance System.”
Article By:

of