Employee Benefits Compliance Requirements

1094 and 1095 Reporting Requirements

If an Employer Has 50 or more Full Time Employees or Full Time Employee Equivilent then they must adhere to Section 4980H of the IRS Code. However even smaller employers sometimes need to adhere as well if they offer a Level Self Funded or Self Funded Plan Option. The IRS uses this information to determine whether an employer is in compliance with the ACA’s employer shared responsibility provisions and individual mandate. Employers must file Form 1094-C and Form 1095-C with the IRS annually. Form 1094-C is a transmittal form that is used to report summary information about the employer, while Form 1095-C is used to report information about each full-time employee and the coverage that was offered to them. Employers must also provide a copy of Form 1095-C to each full-time employee.¹
Below is an image of the 1094 and 1095 forms just to give you an idea of the information required for each of your employees each year.

1094 and 1095 Reporting Forms Information

The 1094-C form is a transmittal form that is used to report summary information about the employer. Which generally is straight forward information about the employer and the number of employees they have. Generally the only tedious aspect of this is figuring out your Full Time Employee Equivilent number. This is the number of employees you have that are full time and part time. The IRS has a formula for this and it is generally the number of full time employees plus the number of part time employees multiplied by 30 hours per week.

The 1095-C form is used to report information about each full-time employee and the coverage that was offered to them. This form is a bit more tedious as it requires you to report the coverage that was offered to each employee and the cost of that coverage month to month. Meaning if they changed coverage mid way through the year, or were added/termed during the year you will have to track that and report it. Unfortunetly, Employee Benefits Compliance is not really at the top of any of the payroll providers priorty list and the online portals that do allow for it charge an additional fee. These are data points that can be easily tracked with the Sanus Benefits Portal and all of the forms filled out correctly to the cent. You should not be piece mealing this information with your various Health Insurance Carriers across your populace or paying someone an absoranat fee to piece meal it for you. Imagine tracking 100s of employees that have various dependents coming/going throughout the year down to the month of coverage. It is a nightmare and instead of sitting back with my hands tied. I created a system that tracks and does it all for you at no cost for members. Portals such as Sanus Benefits are just going to become more prevelant as the years go on and the IRS starts to crack down on Employers that are not compliant, dont be in the dark and get ahead of the curve.

Penalties for Non Compliance with 1094/1095 Reporting

An ALE Member that fails to comply with the information reporting requirements may be subject to the general reporting penalty provisions under section 6721 (failure to file correct information returns) and section 6722 (failure to furnish correct payee statement). ²

• $60 per filing for up to 30 days late, for a maximum penalty of $683,000 per year (or $239,000 for qualified small businesses*)
• $130 per filing for being 31 days late through Aug. 1, for a maximum penalty of $2,049,000 per year (or $683,000 for qualified small businesses)
• $330 per filing after Aug. 1 or for not filing at all, for a maximum penalty of $4,098,500 per year (or $1,366,000 for qualified small businesses)
• $660 per filing for intentionally disregarding a filing date, with no maximum penalty for ALEs or qualified small businesses

Employee Benefits Required Compliance Notices

Employers are required to provide certain notices to employees regarding their rights and benefits each year. This information changes based on plan types and the number of employees you have. The Sanus Benefits Portal automatically generates these notices for you inside your benefit packet after plan election. Below are some of the most common notices that employers are required to provide:

• Summary Plan Description (SPD)
• Summary of Benefits and Coverage (SBC)
• Notice of Privacy Practices (HIPAA)¹
• COBRA General Notice²
• CHIPRA Notice³
• Creditable Coverage (Medicare Part-D) Notice⁴
• Womens Health And Cancer Rights (WHCRA) Notice ⁵
• Newborns' and Mothers' Health Protection Act Notice⁶
• Notice of Special Enrollment Rights⁷
• Marketplace Notice⁸

Penalties for Non Compliance with Required Notices

Employers that fail to provide required notices to employees may be subject to penalties under ERISA, HIPAA, and other federal laws. The penalties for noncompliance can be severe, and may include fines, lawsuits, and other legal action. Employers should take steps to ensure that they are in compliance with all required notice requirements, and should seek legal advice if they have questions about their obligations under federal law. Generally the penalties are a per day fine for each day the notice/document is not provided to the employee.

• Failure to Provide SBC: Up to $1,443 per failure
• Failure to Provide CHIPRA Notice: $145 per participant per day
• Failure to Provide Creditable Coverage Notice: $1,000 per participant per day
• Failure to Provide Documents Requested By DOL: $190 per day, with a maximum penalty of $1,906 per occurrence
• Failure to Provide WHCRA: $100 per day per employee

Employer HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was enacted to protect individuals' health information and privacy. Any company with access to protected health information must put measures in place to comply or risk severe penalties.

The best way to remain in compliance with HIPAA is by offloading the responsibility to a platform geared to handle it. You as an employer should not be asking individuals about their health status, trying to collect Personal Health Information (PHI) from them, or helping them in navigating complex personal health issues. This opens you up to fines and penalties with one misstep. If one person's email is hacked, some PHI is left out after collecting questionnaires, or you are not properly securing your employees' health information, you can be fined. Just to give you an idea of the rules enforced under HIPAA, here are 4 rules that can apply to employers. ¹

• Privacy Rule
• Security Rule
• Breach Notification Rule
• Enforcement Rule

HIPAA Privacy Rule

The Privacy Rule establishes national standards for the protection of individuals' medical records and other personal health information. Employers that have access to protected health information must take steps to ensure that it is protected from unauthorized access or disclosure. Generally the only time you would need to access this information is to fill out health questionnaires. Which you should be completing through a secure portal that is HIPAA compliant to lessen any chance of a breach.

HIPAA Security Rule

The Security Rule establishes national standards for the protection of electronic protected health information. As an employer you should try to separate yourself from any possible liability, and offload any PHI collection or conversations with a HIPAA compliant consultant and platform such as Sanus Benefits Portal.

HIPAA Breach Notification Rule

The Breach Notification Rule requires covered entities to notify affected individuals, the Secretary of Health and Human Services, and, in some cases, the media of a breach of unsecured protected health information.

HIPAA Enforcement Rule

The Enforcement Rule establishes procedures for the investigation of complaints and the imposition of civil money penalties for violations of the HIPAA rules. The Office for Civil Rights (OCR) is responsible for the enforcement of these regulations and can impose significant penalties for violations.

Penalties for Non Compliance with HIPAA

The consequences for failing to comply with HIPAA can include significant fines and legal liabilities. Employers should take steps to ensure that they are in compliance with all HIPAA requirements, and should seek legal advice if they have questions about their obligations under the law from a qualified legal professional.