[firm] blog logo

As Plan Administrator, the Employer is Liable – Not the Service Provider (i.e., What Kind of Indemnification Are You Getting?)

The plan administrator of an employee benefit plan (employee welfare or retirement) has the general fiduciary responsibility under ERISA to ensure the operational and documentary compliance of the plan. Under ERISA, the sponsoring employer is the plan administrator unless another person or entity is named in the plan. This generally means the employer retains ultimate responsibility and liability for legal compliance even though the employer may rely heavily on the plan’s third-party service providers. One way to mitigate this liability is to obtain indemnification from a service provider for the service provider’s errors, for which the employer (as plan administrator) would still be legally liable. The default language in third-party service provider contracts often provides indemnification only for the service provider’s “gross negligence”, but not its “ordinary negligence”, thus leaving the employer responsible for correcting (and paying for) errors caused by the service provider that do not amount to “gross negligence” or “intentional… Continue Reading

IRS Updates Nonqualified Deferred Compensation Audit Technique Guide

The IRS recently updated its Nonqualified Deferred Compensation Audit Technique Guide (the “Updated Guide”), which replaces the previous version published in June 2015. The Updated Guide provides more detailed guidance on the legal standards applicable to deferred compensation arrangements, including the addition of specific citations to relevant regulations and revenue rulings. Notably, the Updated Guide also includes significantly expanded discussions about Code Section 409A and its application to deferred compensation arrangements. Code Section 409A, and other regulations impacting deferred compensation, are very complicated and can carry substantial penalties and taxes for noncompliance. As Congress and the Biden Administration look for additional sources of funding for their initiatives, heightened IRS audit activity may be on the horizon. The Updated Guide is a good reminder to employers that they should periodically review their nonqualified deferred compensation arrangements, not only for documentary compliance but operational compliance as well. The Updated Guide is available… Continue Reading

Reminder – Employers Must Maintain Mental Health/Substance Abuse Parity Documentation

As discussed in our prior blog post here, effective as of February 10, 2021, employer-provided group health plans that impose nonquantitative treatment limitations (?Ç£NQTLs?Ç¥) on mental health or substance use disorder benefits (?Ç£MH/SA Benefits?Ç¥) must have documentation demonstrating that the NQTLs satisfy the mental health and substance use disorder parity rules (?Ç£Compliance Documentation?Ç¥). As discussed in another one of our prior blog posts here, the DOL has identified particular NQTLs on which it will focus its enforcement efforts. The DOL also clearly communicated that general statements to the effect that the plan has compliant processes will not meet the Compliance Documentation requirements. We have noted that some third party administrators are producing reports and other documents that fail to satisfy the Compliance Documentation requirements. For example, such documents may refer to the administrator?ÇÖs internal policies or procedures without adequately describing them, or they may simply incorporate internal policies by reference… Continue Reading

Largest Single-Entity Settlement to Date Due to HIPAA Non-Compliance

The U.S. Department of Health and Human Services (?Ç£HHS?Ç¥), Office for Civil Rights (?Ç£OCR?Ç¥), recently entered into a $5.55 million settlement agreement with Advocate Health Care Network and its subsidiaries (?Ç£Advocate?Ç¥) to resolve multiple potential violations of HIPAA involving electronic protected health information (?Ç£EPHI?Ç¥). The settlement results from OCR?ÇÖs investigation of Advocate which began in 2013 after Advocate submitted three breach notification reports to OCR within a three-month timespan. The reported breaches involved (1) the theft from one of Advocate?ÇÖs support centers of four desktop computers containing unsecured EPHI of nearly four million individuals, (2) unauthorized access of unsecured EPHI from the computer network of Advocate?ÇÖs business associate (?Ç£BA?Ç¥), and (3) the theft of a laptop containing unsecured EPHI from an Advocate workforce member?ÇÖs vehicle. Upon its investigation, OCR determined that Advocate failed to (a) conduct an accurate and thorough risk analysis related to its utilization of EPHI, (b) implement… Continue Reading

October 2021
S M T W T F S
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Archives