Compliance with COBRA, HIPAA, and I9 Forms (And Many Other Things!)
Titanium Infrastructure can audit your compliance in COBRA, HIPAA, and the I9 area. We can also look at your hiring practices to ensure that you have less of a chance of getting in trouble with the EEOC. Failure to complete, file, and retain required paperwork throws an organization out of compliance and results in substantial fines.
Failure to protect PII (Personally Identifiable Information) and PHI (Protected Health Information) of employees can result in heavy fines and criminal penalties under HIPAA. Failure to send out proper notices for SBCS and COBRA can result in fines under HHS and DOL ERISA. If your HR is being performed by people without formal training and the proper certifications, or if your HR is delegated by people in higher positions who do not possess the adequate knowledge to direct the HR employees, we can be your compliance experts.
On average we find (per client): potential fines and penalties ranging from $350,000 to upwards of 1 million dollars.
The sections below are areas that can get your company into trouble if not in compliance:
On average we find (per client): potential fines and penalties ranging from $350,000 to upwards of 1 million dollars.
The sections below are areas that can get your company into trouble if not in compliance:
COBRA and HHS Healthcare Paperwork Compliance Issues:
Potential Damage: COBRA Fines under DOL ERISA are $110.00 per day per person per occurrence until the error is corrected.
Potential Damage: SBC Fines under HHS are $1,264.00 per failure (per employee).
Potential Damage: SBC Fines under HHS are $1,264.00 per failure (per employee).
To put it simply, an SBC goes out to employees within 30 days of enrollment in a covered plan. A COBRA notice must go out to employees upon separation from the company.
How many employees do you have? Not that any type of math is fun, but this kind is definitely not.
Are your people enrolling and explaining benefits to employees trained professionals in human resources and benefits administration? Enrolling people into a plan is only a portion of true benefits administration. You must explain the packages to your employees or run a liability risk when they complain that they made a decision based on inadequate information. Substantial fines under COBRA and by HHS can be incurred when incorrectly administering a benefits package.
It is not enough to merely give a general summary and then enroll someone without adequately explaining all facets of the benefit plans. Even if you have a formal plan administrator, you still need to confirm that they are sending out the SBCs and COBRA notices.
If you have in-house people performing these functions, we can partner with them to make sure they receive the necessary knowledge to effectively manage your benefit plans and keep you in compliance with COBRA and HHS and out of hot water (unless the water is in a hot tub and approved in your benefits plan).
How many employees do you have? Not that any type of math is fun, but this kind is definitely not.
Are your people enrolling and explaining benefits to employees trained professionals in human resources and benefits administration? Enrolling people into a plan is only a portion of true benefits administration. You must explain the packages to your employees or run a liability risk when they complain that they made a decision based on inadequate information. Substantial fines under COBRA and by HHS can be incurred when incorrectly administering a benefits package.
It is not enough to merely give a general summary and then enroll someone without adequately explaining all facets of the benefit plans. Even if you have a formal plan administrator, you still need to confirm that they are sending out the SBCs and COBRA notices.
If you have in-house people performing these functions, we can partner with them to make sure they receive the necessary knowledge to effectively manage your benefit plans and keep you in compliance with COBRA and HHS and out of hot water (unless the water is in a hot tub and approved in your benefits plan).
I9 Form Compliance
Potential Damages: $376,000 dollars of fines (low end)
Wait...WHAT?
Wait...WHAT?
Titanium Infrastructure can perform an I9 practice and retention audit and then guide your organization in corrective action to mitigate potential fines. Below is an example:
Company A experienced much turnover in the past 5 years. Although they only have 35 employees now, they have kept every I9 Form for all 150 people ever hired. Out of the 150 I9s, only 115 of them fall within the required retention period. All 150 I9 Forms are now auditable by USCIS instead of just the 115. Penalties will be applied to all 150.
● Example A: Since the company held onto all 150 I9s, all of the I9s are under scrutiny. They are all done incorrectly (this could mean certain blanks are not filled out, signatures are in the wrong place, signatures not falling within the correct dates, and expired I9 Forms). 150 x 2,507 = 376,050 potential damages.
● Example B: They only retained the 115 I9s that fell within the potential period. All 115 were done incorrectly - $288,305 potential damages.
● Example C: Titanium Infrastructure advised on which I9s to purge, and then corrective action was initiated on the I9 Forms remaining within the retention period. All 115 I9s are evaluated and corrected. Potential damages = 0.
If you are still not on board with the importance of I9 Forms, here are some more fun facts:
• According to USCIS the average error rate per I9 form is 76%
• Penalties range from $252.00 to $2,507.00 per I9 form
• Organizations with 50% or more errors are fined at the highest rate
If you are interested in speaking to us about I9s, we would love to hear from you. We partner with organizations and perform an I9 audit. We then work with your designated I9 completers and ensure that they are trained on how to fill out the I9 Form correctly, are using the appropriate and current form, and that all corrective actions are taken in order to mitigate your liability and exposure as much as possible.
Company A experienced much turnover in the past 5 years. Although they only have 35 employees now, they have kept every I9 Form for all 150 people ever hired. Out of the 150 I9s, only 115 of them fall within the required retention period. All 150 I9 Forms are now auditable by USCIS instead of just the 115. Penalties will be applied to all 150.
● Example A: Since the company held onto all 150 I9s, all of the I9s are under scrutiny. They are all done incorrectly (this could mean certain blanks are not filled out, signatures are in the wrong place, signatures not falling within the correct dates, and expired I9 Forms). 150 x 2,507 = 376,050 potential damages.
● Example B: They only retained the 115 I9s that fell within the potential period. All 115 were done incorrectly - $288,305 potential damages.
● Example C: Titanium Infrastructure advised on which I9s to purge, and then corrective action was initiated on the I9 Forms remaining within the retention period. All 115 I9s are evaluated and corrected. Potential damages = 0.
If you are still not on board with the importance of I9 Forms, here are some more fun facts:
• According to USCIS the average error rate per I9 form is 76%
• Penalties range from $252.00 to $2,507.00 per I9 form
• Organizations with 50% or more errors are fined at the highest rate
If you are interested in speaking to us about I9s, we would love to hear from you. We partner with organizations and perform an I9 audit. We then work with your designated I9 completers and ensure that they are trained on how to fill out the I9 Form correctly, are using the appropriate and current form, and that all corrective actions are taken in order to mitigate your liability and exposure as much as possible.
Protection of PII (Personally Identifiable Information) and PHI (Protected Health Information) under HIPAA
Potential Damage – $$$$$$ YIKES - Keep Reading:
Breach or Failure to Protect PII and PHI for employees falls into 4 tiers:
Tier A: Violations where the offender did not realize he or she violated the act (and by exercising reasonable diligence, would not have known).
Fine: $100.00 minimum to $50,000 maximum for EACH violation
Tier B: Violations due to reasonable cause and not from willful neglect
Fine: $1,000 to $50,000 for EACH violation
Tier C: Violations due to willful neglect that the organization did not correct within 30 days of when the violation was discovered (or should have been discovered)
Fine: $10,000 to $50,000 for EACH violation
Tier D: Violations due to willful neglect that the organization did not correct
Fine: $50,000 minimum to $1.5 million dollars maximum for identical violations in a calendar year.
Tier A: Violations where the offender did not realize he or she violated the act (and by exercising reasonable diligence, would not have known).
Fine: $100.00 minimum to $50,000 maximum for EACH violation
Tier B: Violations due to reasonable cause and not from willful neglect
Fine: $1,000 to $50,000 for EACH violation
Tier C: Violations due to willful neglect that the organization did not correct within 30 days of when the violation was discovered (or should have been discovered)
Fine: $10,000 to $50,000 for EACH violation
Tier D: Violations due to willful neglect that the organization did not correct
Fine: $50,000 minimum to $1.5 million dollars maximum for identical violations in a calendar year.
What are PII and PHI? PII is anything that can identify a person (name, address, phone number, social security number, etc.). PHI is anything that divulges any information about a medical condition, treatment, or health insurance plan of a person. Pretty much everything that has to do with effective benefits administration.
HIPAA and the protection of PII and PHI are very important in all organizations, but especially government contracting companies. Any companies dealing with health insurance and benefits are obligated to protect this information per HIPAA (Health Insurance and Portability Act) guidelines. This type of info when transmitted, should be protected and encrypted. Should your employee information not be protected, you or your organization could incur fines as listed above.
HIPAA and the protection of PII and PHI are very important in all organizations, but especially government contracting companies. Any companies dealing with health insurance and benefits are obligated to protect this information per HIPAA (Health Insurance and Portability Act) guidelines. This type of info when transmitted, should be protected and encrypted. Should your employee information not be protected, you or your organization could incur fines as listed above.
Here is another fun fact – There can also be CRIMINAL penalties for failure to protect PII and PHI under HIPPA:
Individuals can incur criminal penalties for knowingly disclosing PII from a system of records to an unauthorized person.
Fine: Criminal penalties for failure to protect PII are a Misdemeanor conviction AND a fine up to $5,000.00
Criminal penalties for knowingly and wrongfully obtaining or disclosing PHI:
• Up to 1 year in prison or a fine of $50,000 (or both)
For offenses committed under false pretenses or for commercial purposes:
• Up to 10 years in prison or a fine of $250,000 (or both)
Titanium Infrastructure can provide knowledge to the people involved with your PII and PHI and advise management on cost-effective ways to mitigate this potential issue. If you are interested in hearing more, contact us. Don’t be one of the companies that loses money…..
Individuals can incur criminal penalties for knowingly disclosing PII from a system of records to an unauthorized person.
Fine: Criminal penalties for failure to protect PII are a Misdemeanor conviction AND a fine up to $5,000.00
Criminal penalties for knowingly and wrongfully obtaining or disclosing PHI:
• Up to 1 year in prison or a fine of $50,000 (or both)
For offenses committed under false pretenses or for commercial purposes:
• Up to 10 years in prison or a fine of $250,000 (or both)
Titanium Infrastructure can provide knowledge to the people involved with your PII and PHI and advise management on cost-effective ways to mitigate this potential issue. If you are interested in hearing more, contact us. Don’t be one of the companies that loses money…..
Keep in mind that once an audit or inquiry is started by USCIS, the DOL, or EEOC, any documentation inside the employment file in question is up for analysis. We’d like to take this time to remind you that having one giant personnel folder per employee is a liability in and of itself. When Titanium Infrastructure partners with your company, we will look at your files and make suggestions on better retention and record keeping to minimize liability.
Click Here if you are interested in Industrial Security and FSO services, including Obtaining and Setting up a Facility Clearance FCL), Self-Inspection Evaluation, and ITPSO (Insider Threat Program Senior Official) services
Click Here if you are interested in more of our Human Resources services
~Making your organization strong and resilient by
giving you the EDGE you need for success!~
Click Here if you are interested in Industrial Security and FSO services, including Obtaining and Setting up a Facility Clearance FCL), Self-Inspection Evaluation, and ITPSO (Insider Threat Program Senior Official) services
Click Here if you are interested in more of our Human Resources services
~Making your organization strong and resilient by
giving you the EDGE you need for success!~