Archive for March, 2014

Final ACA Rules Require Employers to Pay $63-a-head Tax in 2015

New Affordable Care Act final rules will allow employers to split the payment of a $63-per-employee fee in 2015.

The rules, issued by the Department of Health and Human Services (HHS) in March, mean that a special $63 “reinsurance” tax on employers can be paid in two installments starting in 2015.

The fees are part of ACA provisions designed to collect $25 billion in “reinsurance” taxes from employers who sponsor health plans for their workers over a period of three years. The money will be used to partially reimburse insurance companies that are writing policies in public insurance exchanges.

According to the final rules, employers would be able to pay $52.50 for each employee participating in a company-sponsored health plan by Jan. 15, 2015, and a final payment of $10.50 in the fourth quarter of that year.

“We recognize that the reinsurance collections provided for in the Affordable Care Act will result in substantial up-front payments from contributing entities for the reinsurance program. Therefore, in consideration of the comments received, we are finalizing our proposal to collect contributions via two payments,” the final rules said.

In the second year of the tax, 2016, the fee will be reduced to $44 per plan enrollee.

HHS has not proposed the amount of the fee for the third and final year of the program.

That’s because the final rules will exempt self-insured and self-administered plans from the fees in 2015 and 2016. And that, health reform pundits say, will leave collections short of the $25 billion target, which could portend a higher than expected tax on employer plans in the final year of the tax, 2017.

HHS said its reading of the law is that self-insured and self-administered plans “should not be a contributing entity,” adding that few plans will qualify for the exemption.

Congressional Republicans have criticized the fee, saying it’s an unfair tax because employers will receive nothing in return for paying it.

California the Top Cyber Crime Target

California is a major target of cyber crime in the U.S., accounting for one in six hacks into major computer systems in the country, according to a new report by the state Attorney General’s office.

While the damages are in the billions nationwide from hacking attacks mostly on businesses, California by a large margin tops all states in the number of hacked systems, the number of computer systems infected by malware, the number of victims of Internet crimes, the losses suffered as a result of those crimes, and the number of victims of identity fraud, according to the report.

In addition, because of the outsized role new technologies and mass-media entertainment play in its information-based economy, California is particularly vulnerable when its networks become infected and its intellectual property is stolen.

In 2012, the Privacy Rights Clearinghouse recorded at least 331 breaches in the U.S. caused by international criminals who were purposefully trying to compromise databases or networks. California accounted for 17% of those breaches – a far higher percentage than in any other state – which, in turn, contributed to putting at risk the sensitive personal information of at least 2.5 million Californians that year, according to the report.

Between 2009 and 2012, the number of intentional breaches in the U.S. jumped by 280% (see chart), but during that same period the number of breaches in California shot up 560%.

The rapid increase in international breaches both in the state and nationwide should be cause for concern for any business that has an online presence, but particularly for those that have sensitive customer information online, like ID information and credit cards.


Cyber security best practices

Strong passwords – Use strong passwords and change them regularly. Passwords are the first line of defense in preventing unauthorized access to any computer. Strong passwords should be at least eight characters in length and include a combination of upper case and lower-case letters, one number and at least one special character, such as a punctuation mark.

Install and maintain anti-virus software – The primary way that attackers compromise computers in the small office is through viruses and similar code that exploits vulnerabilities on the machine. You may also want to train your staff on how to recognize a computer virus infection. Some typical symptoms are:

  • System will not start normally (e.g., “blue screen of death”).
  • System repeatedly crashes for no obvious reason.
  • Internet browser goes to unwanted Web pages.
  • Anti-virus software appears not to be working.
  • Many unwanted advertisements pop up on the screen.
  • The user cannot control the mouse/pointer.

Use a firewall – Unless you have a database that is totally disconnected from the Internet, it should have a firewall to protect against intrusions and threats from outside sources. While anti-virus software will help to find and destroy malicious software that has already entered, a firewall’s job is to prevent intruders from entering in the first place.

Secure socket layer – If you are handling credit card transactions, make sure that your payment system includes a secure socket layer to encrypt all of the important data of each customer.

Control physical access – Not only must assets like files and information be secured, the devices that your employee use must also be safe from unauthorized access. The single most common way that protected health information is compromised is through the loss of devices themselves, whether this happens through theft or accidentally.

Limit network access – Limit access to your most important data to only a few individuals in your organization.

Plan for the unexpected – Fire, flood, hurricane, earthquake and other natural or man-made disasters can strike at any time. Important health care records and other vital assets must be protected against loss from these events. There are two key parts to this practice: creating backups and having a sound recovery plan.

Configuration management – New computers and software packages are delivered with a dizzying array of options, but little guidance on how to configure them so that the system is secure. In the face of this complexity, it can be difficult to know which options to permit and which to turn off. Here are some rules of thumb:

  • Uninstall any software application that is not essential to running your business (e.g., games, IM clients, photo-sharing tools).
  • Do not simply accept defaults or standard configurations when installing software. Step through each option, understand the choices, and obtain technical assistance where necessary.
  • Disable remote file sharing and remote printing within the operating system configuration. Allowing these could result in the accidental sharing or printing of files to locations where unauthorized individuals could view them.

Protect mobile devices – Laptops, smart phones and portable storage media are even more vulnerable to hacking, making it easier for hackers to gain entrance to your company data. Because of their mobility, these devices are easy to lose and vulnerable to theft. Make sure they are protected, too.

Establish a security culture – None of the above measures can be effective unless your staff is willing and able to implement them, and you enforce policies that require these safeguards to be used. In short, you must instill and support a security-minded organizational culture.

Welcome to the Wright & Kimbrough Insurance Blog

Welcome to our blog, where we’ll be keeping employers up to date on the latest developments in a number of areas:

Workers’ Comp

Workplace Safety (including new regulations and endeavors by Cal/OSHA and federal OSHA

Risk Management

Employee Benefits (including the Affordable Care Act)

Human Resources Issues

Our goal is to keep you on the right side of the law and regulations so that you can avoid penalties and lawsuits and also to help you manage your risk to keep your employees and customers safe.