United States: Benefits Counselor – May 2019 Update


IRS Updates and Expands Correction Program for Retirement Plans

The Internal Revenue Service ("IRS") issued Revenue Procedure ("Rev. Proc.") 2019-19, which updates and expands the Employee Plans Compliance Resolution System ("EPCRS"), the IRS's correction program for qualified plans. Rev. Proc. 2019-19 replaces Rev. Proc. 2018-52, the most recent consolidated version of EPCRS. Rev. Proc. 2019-19 expands the EPCRS' Self-Correction Program ("SCP") by allowing plan sponsors to correct more plan failures without involving the IRS or paying a user fee. Under Rev. Proc. 2019-19, the SCP allows—through the adoption of retroactive plan amendments—the self-correction of (1) certain plan document failures, (2) certain plan loan failures, and (3) additional categories of operational failures.

  • Plan Document Failures. Plan document failures are plan provisions that facially or, by their absence, violate the qualification requirements of the Internal Revenue Code (the "Code"). A plan document failure includes a nonamender failure, a failure to adopt good faith amendments, or a failure to adopt interim amendments. Plan document failures are considered to be significant failures. Therefore, to be eligible for self-correction, the failure must be corrected within a two-year correction period (the end of the second plan year following the plan year wherein the failure occurred), and the plan must have a "favorable letter" at the time of correction (defined as a determination letter, opinion or advisory letter). However, SCP is not available to correct a failure to timely adopt a qualified plan document or initial written 403(b) plan.
  • Plan Loan Failures. A participant's failure to repay a loan in accordance with plan terms (a defaulted loan) may be corrected by the participant repaying all missed payments in a single lump sum with interest, re-amortizing the outstanding loan balance and interest over the remaining period of the loan, or a combination of both. If a defaulted loan is not corrected, a plan may treat the loan as a deemed distribution in the year of correction instead of the year of failure without needing permission from the IRS. The IRS cautions, however, the Department of Labor ("DOL") still requires the inclusion of a Voluntary Correction Program compliance statement (not SCP) to qualify for defaulted loan relief under the DOL's Voluntary Fiduciary Correction Program.

    A failure to obtain spousal consent for a plan loan in accordance with plan terms may be corrected by notifying the affected participant and his or her spouse and thereupon obtaining spousal consent. If the plan cannot obtain spousal consent, SCP is not available to correct the failure.

    If the number of loans to a participant exceeds the number of loans permitted by the plan terms, a plan may correct this failure by adopting a retroactive plan amendment to conform the written plan document to the plan's operation. To be eligible for this self-correction relief, (1) the plan, as amended, must satisfy the Code's plan amendment requirements, (2) the amendment must satisfy the Code's qualification requirements, and (3) the plan loans, including excess loans, must have been available to all participants or solely to one or more non-highly compensated employees.

  • Operational Failures. Operational failures are qualification failures that arise solely from the failure to follow plan terms. Under the expanded SCP, a plan may correct operational failures by adopting a retroactive plan amendment to conform the written plan document to the plan's operation. To be eligible for this relief, the following conditions must be satisfied: (1) the plan amendment would result in an increase of a benefit, right or feature; (2) the increase in the benefit, right or feature would be available to all eligible employees; and (3) providing the increase in the benefit, right or feature is permitted under the Code and satisfies the correction principles of EPCRS section 6.02.


HHS Issues Final Notice of Benefit and Payment Parameters for 2020

The Department of Health and Human Services ("HHS") has issued the final Notice of Benefit and Payment Parameters ("Notice") for 2020, providing regulatory and financial parameters applicable to qualified health plans on the Exchanges, plans in the individual, small group, and large group markets, and self-insured group health plans. HHS notes the changes finalized in the Notice are aimed at lowering premiums, increasing market stability, reducing regulatory burdens, enhancing the consumer experience and reducing federal expenditures.

With respect to self-insured plans, highlights include:

  • Annual Cost-Sharing Limits. The 2020 maximum out-of-pocket limit that non-grandfathered plans may impose on in-network essential health benefits will increase from $7,900 to $8,150 for self-only coverage, and from $15,800 to $16,300 for family coverage, representing an approximately 3.16% increase over the 2019 parameters. The final 2020 limits are less than those initially proposed by HHS in January
  • Generic Drugs. To encourage participants' use of lower-cost generic drugs, plans do not need to count drug manufacturer coupons toward the maximum out-of-pocket limit on cost sharing for specified brand-name prescription drugs when a medically appropriate generic equivalent is available. However, HHS declined to finalize another proposal that would allow plans that cover both a brand-name prescription drug and its generic equivalent to considering the brand-name drug to not be an essential health benefit, which, by extension, would have allowed plans to impose annual or lifetime dollar limits on brand-name prescription drugs with generic equivalents.

DOL Releases Q&As on Association Health Plans

In response to the recent decision in State of New York, et al. v. U.S. Dep't of Labor, et al. vacating portions of the DOL final rule expanding association health plans, the DOL has announced it will appeal the decision to the D.C. Circuit Court of Appeals. In the interim, the DOL has released a series of questions and answers ("Q&As") and a position statement directed at insurers, employers, participants and other parties who may be affected by the decision. In this guidance, the DOL indicates it will work with all affected parties, HHS, and the individual states to mitigate any disruptions and hardships resulting from the decision. Accordingly, the guidance includes a nonenforcement policy providing that the DOL will not pursue enforcement against parties for actions taken in good faith reliance on the final rule, as long as parties meet their responsibilities to association members and their participants and beneficiaries to pay claims as promised. Nor will the DOL or HHS pursue enforcement against existing association health plans for continuing to provide benefits to members who enrolled in good faith reliance on the final rule before the decision, through the remainder of the applicable plan year or contract term. The DOL states the Q&As will be updated as the matter evolves.

HHS Lowers Penalties for HIPAA Violations

On April 30, 2019, HHS published a Notification of Enforcement Discretion ("Notification") to announce it is revising how it applies the penalty provisions under the Health Insurance Portability and Accountability Act ("HIPAA"). HIPAA, as most recently amended by the Health Information Technology for Economic and Clinical Health ("HITECH") Act, provides four categories of violations based on an increasing level of culpability associated with the respective violation. The four categories and corresponding penalty tiers are:

  • The person did not know (and, by exercising reasonable diligence, would not have known) that the person violated the provision (Tier 1);
  • The violation was due to reasonable cause, and not willful neglect (Tier 2);
  • The violation was due to willful neglect that is otherwise timely corrected (Tier 3); and
  • The violation was due to willful neglect that is not timely corrected (Tier 4).

Despite the varying levels of culpability, HHS regulations have adopted the same cumulative annual penalty limit of $1.5 million across all four categories of HIPAA violations. In the Notification, HHS has determined a "better reading" of the HITECH Act is to apply a sliding scale to the cumulative annual penalty. The minimum/maximum penalties per violation in each category remain unchanged. Thus, until further notice, HHS will use the following penalty tier structure, as adjusted for inflation:

Culpability Minimum Penalty
per Violation
Maximum Penalty
per Violation
Annual Limit
No Knowledge $100 $50,000 $25,000
Reasonable Cause $1,000 $50,000 $100,000
Willful Neglect – Corrected $10,000 $50,000 $250,000
Willful Neglect – Not Corrected $50,000 $50,000 $1,500,000

HHS expects to engage in future rulemaking to update the penalty tiers as stated in the Notification.

CMS Announces HIPAA Electronic Transactions Standards Compliance Review Program

The Centers for Medicare & Medicaid Services ("CMS") is launching an Administrative Simplification Compliance Review Program to assess covered entities' compliance with HIPAA's electronic transaction standards. CMS indicates it will randomly select nine covered entities—a mix of health plans and health care clearinghouses—for compliance reviews. Any covered entity may be selected for review, not just those who work with Medicare or Medicaid. CMS initially piloted the program in 2018 with health plan and clearinghouse volunteers. Unlike its longstanding reactive practice of investigating individual complaints against covered entities, CMS indicates the Compliance Review Program is "proactive enforcement" that uses a progressive penalty structure, with remediation as the end result of a review. If HHS uncovers a violation, depending on the level of culpability, HHS may enter into a corrective action plan or, in cases of egregious or willful noncompliance, HHS may impose monetary penalties. To help covered entities prepare for a review, CMS has published two informational documents entitled "What to Expect: Q&A" and "Prep Steps You Can Take."

OCR Publishes Spring 2019 Cybersecurity Newsletter

In its Spring 2019 Cyber Security Newsletter, HHS's Office for Civil Rights ("OCR") warns of two formidable cybersecurity threats targeting covered entities and business associates: advanced persistent threats and "zero-day" attacks. In the past few years, both of these cybersecurity attacks have been used against the health care sector with severe consequences. As its name implies, an advanced persistent threat is a long-term cybersecurity attack that continuously attempts to find and exploit vulnerabilities in a target's system to steal or corrupt information or otherwise disrupt business operations. A zero-day attack exploits previously unknown hardware, firmware, or software vulnerability. A hacker employing a zero-day attack learns of a security flaw and exploits it before the manufacturer can issue an appropriate fix, patch or anti-virus update. Some recent high-profile attacks have been a combination of an advanced persistent threat and zero-day attack.

OCR's newsletter reminds covered entities and business associates that the HIPAA Security Rule includes many security measures to prevent or at least mitigate damage caused by advanced persistent threats and zero-day attacks. These measures include: conducting a risk analysis to identify risks and vulnerabilities to electronic protected health information; implementing a corresponding risk management plan to reduce those identified risks and vulnerabilities; regularly reviewing audit and system activity logs to identify abnormal or suspicious activity; maintaining security incident response procedures; establishing and periodically testing contingency plans like disaster recovery and data backup/restoration; encrypting electronic protected health information at rest and in-transit; and providing security training for workforce members.


Ninth Circuit Rules Plan Fiduciary Violated ERISA by Setting Own Fees as Recordkeeper

In Acosta v. City National Corporation, No. 17-55421 (9th Cir. April 23, 2019), the U.S. Court of Appeals for the Ninth Circuit ruled that a plan fiduciary engaged in prohibited self-dealing by setting and approving its own fees from plan assets for serving as the plan's recordkeeper. City National Corporation ("City National") sponsored a 401(k) plan for its employees. A subsidiary, City National Bank, was the plan's trustee and recordkeeper. City National Bank was compensated for its recordkeeping services by revenue sharing, (i.e., sharing a portion of mutual fund fees charged to the plan). The DOL filed a lawsuit alleging City National breached its fiduciary duties and engaged in self-dealing under ERISA section 406(b) by setting its own recordkeeping fees and not tracking or documenting time employees spent servicing the plan. The lower district court granted the DOL's motion for summary judgment. On appeal, City National did not contest it had engaged in self-dealing but instead argued it was not liable for the self-dealing because the compensation arrangement was "reasonable" under ERISA section 408(c). The Ninth Circuit disagreed and affirmed the district court's ruling. Citing longstanding precedent, the Ninth Circuit held the "reasonable compensation" exemption with respect to plan assets paid to fiduciaries for services rendered does not apply to prohibited self-dealing under ERISA section 406(b). The Ninth Circuit acknowledged City National's contention that, unlike, in this case, self-dealing often arises in circumstances where the fiduciary receives kickbacks or plan transfers to a personal account or otherwise receives compensation for illegitimate services. However, the Ninth Circuit held that the self-dealing analysis is separate from the reasonable compensation analysis, and self-dealing can indeed occur through payments for legitimate services actually rendered.


Form 5500 for Calendar Year Plans. Plan administrators generally have seven months after the end of a plan year to file a Form 5500, including applicable schedules and attachments. Thus, for plan years ending December 31, 2018, the Form 5500 filing deadline is July 31, 2019. Plan administrators can apply for a deadline extension until October 15, 2019, by filing Form 5558 by July 31, 2019.

SMM for Calendar Year Plans. Plan administrators generally have 210 days after the end of a plan year to provide a Summary of Material Modifications ("SMM") of a plan change. Thus, for a plan change adopted in 2018, the deadline is July 29, 2019.

Upcoming Health Plan Compliance Deadlines and Reminder

PCORI Fee. Plan sponsors of self-funded plans must report and pay the annual Patient-Centered Outcomes Research Institute ("PCORI") fee by filing IRS Form 720 by July 31, 2019. For the calendar year plans, this will be the final PCORI fee. For non-calendar year plans that end between January 1, 2019, and September 30, 2019, the final PCORI fee must be paid by July 31, 2020.

Upcoming Retirement Plan Compliance Deadlines and Reminders

Annual Funding Notice. Defined benefit plans with 100 or fewer participants generally must provide the annual funding notice to required recipients by the Form 5500 filing deadline.

Form 8955-SSA. Like the Form 5500, Form 8955-SSA (Annual Registration Statement Identifying Separated Participants With Deferred Vested Benefits) is due seven months after the end of a plan year (July 31, 2019, for the calendar year plans). A plan administrator can receive the same extension for the Form 8955-SSA as is available for the Form 5500, by filing Form 5558 on or before July 31, 2019. Plan administrators must also provide the individual statements to those separated participants identified on the Form 8955-SSA prior to the Form 8955-SSA filing deadline.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
Reinhart Boerner Van Deuren s.c.
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Reinhart Boerner Van Deuren s.c.
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions