Cypen & Cypen  
HomeAttorney ProfilesClientsResource LinksNewsletters navigation
975 Arthur Godfrey Road
Suite 500
Miami Beach, Florida 33140

Telephone 305.532.3200
Telecopier 305.535.0050

Click here for a
free subscription
to our newsletter


Cypen & Cypen
October 22, 2020

Stephen H. Cypen, Esq., Editor

New York Times Co., New York, entered into an agreement with Massachusetts Mutual Life Insurance Co. to purchase a group annuity contract to transfer about $235 million in U.S. pension plan liabilities.
The contract will transfer the benefit payment responsibilities for about 1,850 retirees and beneficiaries in the New York Times Cos. Pension Plan to MassMutual, according to an 8-K filing Tuesday with the SEC.
The transaction, which the company expects to finalize in early 2021, will be funded through existing pension plan assets, according to the filing.
It is the second pension buyout transaction with MassMutual that New York Times has made in the past several years. In 2017, the company announced it was purchasing two contracts from MassMutual to transfer a total of $225 million in liabilities from two of its U.S. pension plans.

That transaction transferred the benefit-paying responsibilities to MassMutual beginning Jan. 1, 2018, for some 3,800 retirees or their beneficiaries under the New York Times Cos. Pension Plan and The Retirement Annuity Plan for Craft Employees of the New York Times Co.
As of Dec. 31, 2018, the New York Times Cos. Pension Plan had $1.4 billion in assets, according to the plan's most recent Form 5500 filing.
As of Dec. 31, New York Times' overall pension plan assets totaled $1.649 billion, while projected benefit obligations totaled $1.661 billion, for a funding ratio of 99.3%, according to the company's most recent 10-K filing.
New York Times spokeswoman Eileen Murphy could not be immediately reached for further information. Rob Kozlowski, Pensions & Investmentswww.pionline.com, October 14, 2020.

The more than $20,000 per month paid to four former Macomb County employees accused of criminal activity will be subject to forfeiture if they are convicted of felonies.
The county currently pays a total of $20,258 each month to former county prosecutor Eric Smith, former public works commissioner Anthony Marrocco, former public works operations manager Dino Bucci and former prosecutor's office chief of staff Ben Liston.
Under the Public Employee Retirement Benefits Forfeiture Act,  a public employee who “breached the public trust” may have their benefits revoked and a public employee who breached the trust and is convicted of a felony “must” have their benefits revoked.

Retirement Board Chairman Mark Deldin said that body has not discussed the matter but expects it will be once the criminal cases are further along toward resolution.Chief county attorney John Schapka said pursuing forfeiture is up to the county Retirement Board, which oversees the county’s $1 billion pension and retiree health care fund.
“It’s premature to consider it” now, he said. “We may be obligated to if the retirement ordinance or state statute says it’s something we must consider.”
In a related matter, a Macomb Township attorney has filed a lawsuit to recover $32,400 of pension collected by Bucci from the township due to his role as a trustee and his criminal acts related to the township. The lawsuit, filed by Frank Cusumano, also seeks his township salary since 2014 and “treble damages,” three times the amount stolen, from when he first took a bribe.
That case, filed in September, was assigned to Judge James Biernat Jr. in Macomb County Circuit Court.
It appears Liston may be able to avoid having his $4,060 per month forfeited because he recently pleaded guilty to three misdemeanor counts for his role in Smith’s alleged scheme to pilfer. That would make forfeiture an optional pursuit of the board.
The remaining total of $16,300 per month collected by Smith, Marrocco and Bucci combined would be automatically revoked, according to the law, which took effect in 1995 and was amended in 2017 to make the forfeiture mandatory if the public-trust violation results in a felony.
But the total pension may not be subject to forfeiture. Schapka said he believes the forfeiture would apply only to pension earned at the time the criminal behavior occurred. For instance, the pension earned by Smith prior to 2012, when the alleged acts started, would remain. Under that scenario, Smith, whose employment started in 1993, would still collect pension earned for about 20 of his 28 years with the county, or roughly $4,000 per month instead of nearly $7,000.
So while the total of over $20,000 per month paid to the foursome amounts to $240,000 a year and potentially millions of dollars over many years, the amount forfeited could be a portion of that total.
Garnishment of pension also could be a way to pay for a convicted criminal to pay restitution, Deldin noted.
Smith, a 54-year-old Macomb Township resident, was charged in March with 10 felonies, including racketeering and five counts of embezzlement by a public official, for his alleged pilfering of $600,000 from 2012 to 2018 from an obscure forfeiture fund under his control.
A preliminary examination is scheduled for January 2021 in 41B District Court in Clinton Township.
Smith resigned from his job in March but began collecting a pension of $6,897 per month in January, when he entered the county Deferred Retirement Option Plan, which allows an employee to retire and remain an employed for five years while the pension accumulates and is paid out in a lump sum after the five years, and the employee continues to collect the pension.
Liston was originally charged with four felony counts but pleaded guilty to three counts of willful neglect of duty by a public official holding the public trust, a misdemeanor. Liston entered the DROP in 2013 and retired in 2018.
Liston, who agreed to testify against Smith, will be sentenced after Smith's case is resolved.
Derek Miller is charged with misconduct in office and conspiracy to commit a legal act in an illegal manner, as part of Smith’s alleged scheme but remains on paid administrative leave as chief of operations.
The fourth defendant in the Smith’s case is William Weber, who is not a county employer or former employee.
Marrocco’s pension of $5,479 per month started Dec. 31, 2016, his last day in office after he was defeated by current Public Works Commisioner Candice Miller.
U.S. attorneys say Marrocco’s crimes began in 1994, two years after he was first elected and the same year Bucci began working in the office.
Marrocco was formally charged in U.S. District Court in June with one count of conspiracy to commit extortion, two counts of extortion and one count of attempted extortion. Each charge is punishable by up to 20 years in prison. A Dec. 10 telephone status conference is scheduled in his case.
Bucci’s pension of $3,922 per month started Feb. 14, 2017, the day he retired after he was placed on paid administrative leave by Miller on civil corruption accusations.
Bucci retired from the Macomb Township Board of Trustees in November 2018 under pressure after he was indicted by a federal grand jury a year earlier. Bucci was originally charged with 18 criminal counts but in a plea deal last May pleaded guilty to two charges. He admitted to extorting hundreds of thousands of dollars from developers and engineering firms by pressuring them to purchase tickets to Marrocco's fundraisers, and conspiring with contractor Christopher Sorrentino to steal $96,000 from the township in a kickback scheme.
He is scheduled to be sentenced in January. U.S. attorneys have recommended a nine-year term.
About two-dozen public officials have been charged and most have been convicted by plea in an ongoing, widespread public corruption federal investigation centered in Macomb County that began several years ago.  Jameson Cook, Macomb Dailywww.macombdaily.com, October 18, 2020.

Various cost savings will help Arnold absorb a 40% increase in its pension costs while avoiding a property tax increase, City Manager Mario Bellavia said.
At a council meeting Tuesday, Bellavia said the increased pension obligation would create a deficit in the city’s budget that would need a property tax hike to cover.  Arnold’s property tax rate is 43.5 mills, the highest in Westmoreland County, according to county data.
But recently, Bellavia said he had balanced the city’s roughly $4.4 million budget without a tax increase.  Bellavia said the city was told its pension was underfunded, and, as a result, its minimum obligation was increasing from about $350,000 a year to $490,000.
With the state covering 30% of the cost, Arnold’s share rises from about $245,000 to $343,000 -- an increase of nearly $100,000.
A variety of cost savings will help counter that increase, Bellavia said. He cited new liability insurance that will save $37,000 and $24,000 in savings on electricity from a reduced supplier rate and from installing LED lights on Drey Street and Fifth Avenue.
Although he didn’t provide specific dollar amounts, Bellavia said a series of grants and reimbursements helped cover some salary costs, and using less water this year has saved the city money on its sewage bill.
Bellavia said the city’s revenues have not been affected much by the pandemic, and he is projecting them to remain flat in 2021.
Bellavia said he is not including a potential $50,000 annual savings the city could see from a debt refinancing.  City officials are exploring refinancing about $1.3 million of its debt, what’s left to pay on a 25-year, $1.7 million borrowing from 2006.
Those bonds carried interest rates of 5% to 6%, Bellavia said. Rates now are around 2.5%.  “It’s a very good move for our city,” said Councilman George Hawdon, council’s director of accounting and finance. “It saves money and the cost is minimal. It’s something that we have to take advantage of.
“Any loan taken out in 2006 should be refinanced,” he said. “It’s such a different interest rate climate now.”  Refinancing the debt would extend it by 10 years, from 2031 to 2041.
Doing that would put the debt on the same timeframe as a $1.8 million, 20-year state loan the city had to take out to pay for mandated sewage separation work, Hawdon said.  But to do that, Hawdon said, the city would have to certify that the things the loan paid for will last for the additional decade.
Hawdon said the money was spent on various projects, including road and street improvements, a stormwater project and buying equipment including a street sweeper and garbage truck. Those items were given a useful life to 2031 to match the term of the borrowing.
Hawdon said officials believe those items can be certified to have another 10 years of life.
Hawdon said the city is now looking into more detail on what was bought with the money and looking for the professional services to carry out a refinancing. He said officials would like to have it done by January.  “Much of it depends on how quickly people get back to us,” he said.  Brian C. Rittmeyer, Tribune-Reviewwww.triblive.com, October 18, 2020.

Better longevity risk and long term care data, information on delaying retirement, and making retirement saving more mobile across firms could strengthen retirement systems in a post-COVID world, says Wharton Prof. Olivia S. Mitchell in interview with Kerry Pechter at Retirement Income Journal.

Olivia Mitchell, a professor at the Wharton School and executive director of Wharton’s Pension Research Council, knows a lot about retirement systems. If she doesn’t know something, she can call any of the defined contribution or defined benefit experts she knows, from Philadelphia to Frankfurt and Singapore to Sydney.
In a recent article, “Building Better Retirement Systems in the Wake of the Global Pandemic,” she suggests that we need to rethink the idea of having employers sponsor retirement plans--and forcing them to deal with all the associated regulations and financial ramifications.
“Tying workers’ pensions (and in some countries, health insurance) to an employment relationship is quite risky when firms go out of business and worker mobility results,” she writes.

“Therefore, in the wake of the pandemic, retirement and health insurance coverage are likely to be delinked from employer-provided plans in many countries, instead of continuing what was once termed ‘industrial feudalism’ under which workers were discouraged from leaving their firms for fear of losing their benefits.”

In an interview this week, we asked Mitchell what a non-employer plan might look like? “A multiple employer system could be one model,” she told RIJ, “but it would only allow portability for employees across firms in each system. A state-run system could be of interest, but only insofar as employees remain employed in that state.”

In her paper, she mentions tontines, as well as Singapore’s mandatory deferred income annuity, and shares the policy recommendations that she and other pension experts have made:

  • Generate and make available better data about mortality and morbidity patterns. These could help insurers price longevity risk around the world.
  • Develop guidelines for measuring and forecasting social security and pension assets and liabilities, as well as the assessment of long term care needs for the aging population.
  • Encourage delayed retirement, “delicately where possible.” One study has shown that older people might claim their social security benefits later and work longer if they could receive a partial lump sum when they finally claimed, in exchange for the deferral.
  • Create a centralized database that helps mobile workers track their pension accounts as they move across employers.
  • Improve the “gig economy,” since it gives older people flexible, part-time, and on-demand work opportunities. Though pension, health, and other employee benefits have traditionally not been provided to gig workers, that situation has begun to change.

Asked which of the systems she admires most, of those she’s seen around the world, she said, “As to which is the best: that’s a hard call. Each country has a different first pillar social security, tax, and social insurance system, so the pension platforms and designs in each must be integrated with these institutions as well. So what works in Australia might not work in the US, without some major redesign.”
It turns out that her type of defined contribution plan is the one she participates in.
“My favorite U.S. platform is the national educational retirement system that covers many of us in higher education,” she said. “Typically employees have a choice of a handful of money managers who are vetted/selected by the fiduciaries of each employer, but the pension accounts are fully portable across all university/research/medical system affiliates, with a national purview.
“TIAA/CREF was the first mover here, followed by many other fund managers across the land. The participating employers’ payroll systems are usually the conduits for the contributions to the custodian who allocates the funds to the requisite accounts,” Mitchell added. “It allows for national labor mobility, flexibility over contributions, and the potential for annuitization.”  Kerry Pechter, Retirement Income Journalhttps://retirementincomejournal.com, June 10, 2020.

In my last column I discussed the recent survey of financial attitudes for young adults. Here then are some ideas about managing finances which can apply to people of all ages.
Convincing people to save for any goal, whether retirement or a new car, is a challenge. It is a good idea but not necessarily what they want, kind of like getting kids to eat their vegetables.
Proof of this idea is that participation rates and deferral rates in voluntary enrollment retirement plans is much lower for younger workers than older employees. Perhaps we should frame the suggestion by saying there are ways to avoid financial mistakes made by the parents. Here are some ideas.
A study by Vanguard showed the average 401(k) participant within 10 years of retirement age (i.e., between ages 55 and 64) has a plan balance of just $69,097. This amount may not provide much help over a retirement of 10 or 20 years. And candidly it is frighteningly low.

Too many workers find themselves behind because they never really addressed the question. So, first you must know where you are going. A MoneyRates retirement plan survey found that 71% of workers within 20 years of retirement age still had not done a calculation of how well their savings will hold up over their retirement years. Doing a rough calculation is not that hard. Avoiding the analysis because you fear the result is not much of a decision process.
Use of a retirement calculator only takes a few minutes. Setting up the savings rate for a 401(k) or IRA takes little time. Then you only need to let it work.
You must control debt because indiscriminate debt can easily undermine many of your financial goals. A dollar in debt can more than counteract the benefit of a dollar in savings.
The Federal Reserve’s Survey of Consumer Finances states that the typical household still has $69,000 in debt other than a mortgage by the time the head of that household is within 10 years of retirement. Notice that this figure is remarkably close to the amount previously mentioned for the average 401(k) balance. In other words, debt can effectively offset a person’s 401(k) savings.
Retirement saving is a big job but is much easier when spread over a long period. Time is an ally. Spreading retirement savings out over 25 to 40 years is much easier than trying to do it in 10 years. A catch-up strategy is difficult and unpleasant.
Do not leave free money on the table. Many 401(k) plans offer a match. This offer is a clear and direct financial incentive to start saving now. Employers contribute dollars when the employee contributes. If the employee does not contribute into the plan, they do not receive this money from the employer. There is no retroactive claim to retrieve money foregone from previous years.
Being a consistent 401(k) saver means you claim this money each year. And it is entirely yours once received into the plan. 
Saving money is hard work and requires personal discipline. The concept is to let the money and its investment work on your behalf. The investment returns earned become much more powerful when compounded over a long period of time. Compounding means earning a return not just on the original money invested, but also on the returns earned in other years.
A dollar saved at age 30 can equal $10 at retirement age. Clearly, time is an ally.
As I have said many times, have a plan. Have a sound strategy based on evidence, not a flimsy promise. Investigate before you invest. May you all have a prosperous future. Mark Sievers, Daily Republic,  www.dailyrepublic.com, October 18, 2020.

New Pension Benefit Guaranty Corporation (PBGC) Data and Analysis: Multiemployer Plan Benefit Provisions Study and Single-Employer Partial Pension Risk Transfer Study/Data Tables:
On October 19, 2020, PBGC released the following new studies:

  • Benefit Provisions in Multiemployer Defined Benefit Pension Plans – This study is a supplement to PBGC’s data tables and provides a detailed review of plan provisions available to active workers participating in multiemployer defined benefit pension plans.
  • Analysis of Single-Employer Partial Pension Risk Transfers – This study reviews partial risk transfer data reported by single-employer pension plans to PBGC on premium filings for 2015 - 2018. The study analyzes partial risk transfer activities and summarizes this information by year, plan size, industry, and whether or not the plan is frozen for benefit accruals or participation.
  • Single-Employer Partial Pension Risk Transfer Data Tables – As a companion to the Analysis of Single-Employer Partial Pension Risk Transfers, additional data tables related to partial pension risk transfer activity are posted along with the 2018 Data Tables.

Pension Benefit Guaranty Corporation, www.pbgc.gov, October 19, 2020.

7.    JOB LOSS HAS COST MILLIONS THEIR HEALTH INSURANCE:As many as 7.7 million workers lost jobs with employer-sponsored insurance (ESI) during the COVID-19 pandemic, according to a new study from the Employee Benefit Research Institute (EBRI). An additional 6.9 million dependents lost insurance benefits as well. Manufacturing workers were most affected by loss of jobs with ESI.
The study, “How Many Americans Have Lost Jobs with Employer Health Coverage During the Pandemic?,” was sponsored by The W.E. Upjohn Institute for Employment Research, and The Commonwealth Fund.
In response to the COVID-19 pandemic, most states imposed lockdown orders that closed many workplaces and dramatically slowed U.S. economic activity in the spring of 2020. The result was a massive increase in unemployment, which peaked in April at 14.7%. During the 15 weeks from mid-March to the end of June, Americans filed nearly 49 million new claims for unemployment benefits.
“The strong link between employment and health insurance coverage has important implications for Americans’ insurance coverage and access to health care, as ESI is the most common form of health insurance in the United States,” EBRI said in a release. “The manufacturing sector is disproportionately impacted because more of those jobs come with ESI, compared with retail, or accommodation and food service workers.”
“Workers ages 35 to 44 and 45 to 54 bore the brunt of ESI-covered job losses, in large part because workers in these age groups were the most likely to be covering spouses and other dependents,” said Paul Fronstin, Director of EBRI’s Health Research and Education Program, in a release. “The adverse effects of the pandemic recession also fell disproportionately on women. Although women made up 47% of pre-pandemic employment, they accounted for 55% of total job losses.”  Retirement Income Journalhttps://retirementincomejournal.com, October 10, 2020.

Question: How do employers determine whether a HIPAA breach has occurred, and what are the employer’s breach notification obligations?
Short Answer: Once the employer determines that a breach of unsecured PHI has occurred in a self-insured health plan, HIPAA requires notice to the affected individuals, HHS, and in some cases the media depending on the scope of the breach.
Reminder: HIPAA Privacy and Security Rules Apply to “Covered Entities”
The HIPAA privacy and security rules apply to the following Covered Entities:

  • Health Plans
    1. Employer-sponsored group health plans
    2. Health insurance carriers (including HMOs)
    3. Government health programs (Medicare, Medicaid, IHS, TRICARE, etc.)
  • Health Care Clearinghouses
  • Health Care Providers (transmitting health information electronically)
    1. Doctors, nurses, hospitals, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies, etc.

Typical employer-sponsored group health plans subject to these HIPAA privacy and security rules include:

  • Medical
  • Dental
  • Vision
  • Health FSA
  • HRA
  • EAP
  • Wellness Programs

For more details, see ABD Office Hours Webinar: HIPAA Training for Employers.
Definition of a HIPAA Breach
A HIPAA breach is defined as the acquisition, access, use, or disclosure of unsecured protected health information (PHI) in a manner not permitted, which compromises the security or privacy of the PHI.
PHI is individually identifiable health information maintained or transmitted by a covered entity or business associate.  PHI is considered “unsecured” where it is not rendered unusable, unreadable, or indecipherable to unauthorized persons through the use of encryption (or destruction).  HHS has a useful guide to encryption standards for this purpose here: https://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html
Important Note: The exclusion of enrollment/disenrollment information from the definition of PHI subject to HIPAA protection significantly limits the scenarios where a breach may occur.  Enrollment/disenrollment information held by the covered entity in its role as employer is considered an employment record that is not PHI, provided such records do not include any substantial clinical information.  For more details, see our ABD Office Hours Webinar: HIPAA Training for Employers.
Determining Whether a Breach Has Occurred: The Risk Assessment
An impermissible use or disclosure of unsecured PHI is presumed to be a breach unless the covered entity or business associate demonstrates that there is a low probability that the PHI has been compromised.  This analysis is referred to as the risk assessment.
The risk assessment must be based on at least the following factors:

  • The nature and extent of the PHI involved (including the types of identifiers and the likelihood of re-identification);
  • The unauthorized person who used or had access to the PHI;
  • Whether the PHI was actually acquired or viewed; and
  • The extent to which the risk to the PHI has been mitigated.

Given the presumption of a breach in the revised HITECH Act regulations, it is difficult for a covered entity or business associate to come to the conclusion that a breach has not occurred where there has been an impermissible use or disclosure of unsecured PHI.
Determining Whether a Breach Has Occurred: The Three Exclusions from Breach
The regulations carve out three specific situations where there is no HIPAA breach despite the impermissible use or disclosure of unsecured PHI:

  • Unintentional Access/Use of PHI by Workforce Member: If a person acting under the authority of a covered entity or business associate unintentionally acquires, has access to, or uses PHI while acting in good faith and within the scope of that authority, this mistaken access by a workforce member will not rise to a HIPAA breach as long as the mistake does not result in further impermissible uses or disclosures of PHI.
    • Example: A People Ops employee within the HIPAA firewall is tasked with plan administrative functions for the dental and vision plan.  The employee unintentionally accesses claims information for an employee related to the medical plan (e.g., because an internal systems error) despite no plan-related need to know that claims information.  This would likely fall within the exception.
  • Inadvertent Disclosure of PHI to Authorized Person: If a person who is authorized to access PHI at a covered entity or business associate inadvertently discloses PHI to another person authorized to access PHI at the same covered entity or business associate, this mistaken disclosure will not rise to a HIPAA breach as long as the disclosure is not further used or disclosed impermissibly.
    • Example: A People Ops employee within the HIPAA firewall is tasked with plan administrative functions for the dental and vision plan.  The employee unintentionally has access to claims information for an employee related to the medical plan (e.g., because of a misdirected internal email) despite no plan-related need to know that claims information.  This would likely fall within the exception.
  • No Reasonable Ability to Access PHI: There is no HIPAA breach if the covered entity or business associate has a good faith belief that the unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information.
    • Example: A health plan employee mistakenly sends a participant’s EOB by regular mail to the incorrect address, and the letter is returned unopened by the post office as undeliverable.  This would likely fall within the exception.

Breach Notification Step #1: Notice to Affected Individuals
Upon discovering a breach of unsecured PHI, the covered entity must notify the affected individuals without unreasonable delay, and in no event later than 60 calendar days following discovery of the breach (or, if earlier, when the breach would have been discovered by exercising reasonable diligence).  Note that 60 days is an outer limit.  Notification may need to be sooner under the underlying “without unreasonable delay” governing standard.
How to Provide the Notice:
The notice generally must be in writing and provided by first-class mail to the last known address of the individual (or by email if the individual has agreed to electronic notice).
If the contact information is insufficient or out-of-date, the covered entity must use “substitute notice.”  If there are 10 or fewer individuals subject to substitute notice, the covered entity must use an alternative form of written notice, telephone, or other means.  If there are 10 or more individuals subject to substitute notice, the covered entity must be by conspicuous posting for 90 days on the home page of the covered entity’s website, or conspicuous notice in major print or broadcast media in geographic areas where the affected individuals likely reside.
If the covered entity determines that notice is urgent because of possible imminent misuse of the unsecured PHI, the covered entity may provide notice by telephone or other means, as appropriate.
Content of the Notice:
The notice must include the following elements written in plain language:

  • A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known;
  • A description of the types of unsecured PHI that were involved in the breach (such as whether full name, SSN, DOB, home address, account number, diagnosis, disability code, or other types of information were involved);
  • Any steps the individuals should take to protect themselves from potential harm resulting from the breach;
  • A brief description of what the covered entity involved is doing to investigate the breach, to mitigate harm to individuals, and to protected against further breaches; and
  • Contact procedures for individuals to ask questions or learn additional information, including toll-free phone number, email address, website, or postal address.

Breach Notification Step #2: Notice to HHS
Breaches Involving Fewer Than 500 Individuals:
For breaches of unsecured PHI involving fewer than 500 individuals, the covered entity must report the breach to HHS via its website within 60 days of the end of the calendar year (i.e., by the end of February of the year following the breach).  The covered entity must maintain a contemporaneous log of any such breaches that occur during the year to later use when completing the reporting requirement.
Breaches Involving 500 or More Individuals:
For breaches of unsecured PHI involving 500 or more individuals, the covered entity must report the breach to HHS via its website without unreasonable delay, and in no event later than 60 calendar days following discovery of the breach (or, if earlier, when the breach would have been discovered by exercising reasonable diligence).
Breaches are reported to HHS via its website here: https://www.hhs.gov/hipaa/for-professionals/breach-notification/breach-reporting/index.html
HHS maintains a publicly accessible list of HIPAA breaches affecting 500 or more individuals that have been reported within the last 24 months here: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Breach Notification Step #3: Notice to the Media (500+ Only)
Covered entities are required to notify prominent media outlets serving the state or jurisdiction if the breach of unsecured PHI involves more than 500 residents of a state or jurisdiction.
The covered entity must report the breach to the media without unreasonable delay, and in no event later than 60 calendar days following discovery of the breach.  The notice to the media must include the same content as is required in the notice to the affected individuals.
What if the Breach Occurs at an Insurance Carrier of a Fully Insured Plan?
In this case, the insurance carrier is directly responsible for satisfying all of the applicable HIPAA breach notification obligations because the carrier is itself a HIPAA covered entity.  There is no action item for the employer plan sponsor.
What if the Breach Occurs at a Business Associate of a Self-Insured Plan?
Business associates include any third-party that creates, receives, maintains, or transmits PHI on behalf of the covered entity.  For more details, see our prior post: When is a HIPAA BAA Required?
A prototypical example would be the TPA for a self-administered plan that acts as the ASO and claims administrator.   Note that in many cases the TPA for a self-insured plan is an entity that also acts as an insurance carrier for many plans.  However, when acting as a TPA for a self-insured plan, the entity is taking the role as a business associate rather than an insurance carrier/covered entity.
Where the breach occurs at a business associate, the business associate must notify the covered entity of the breach.  The covered entity is then responsible for satisfying the breach notification obligations described above, even though the breach occurred at one of its business associates.
Under the standard HIPAA rules, business associates must notify the covered entity of the breach without unreasonable delay, and in no event later than 60 calendar days following discovery of the breach (or, if earlier, when the breach would have been discovered by exercising reasonable diligence).  However, many BAAs include terms to provide a shorter outer limit (e.g., 15 calendar days) for the business associate to notify the covered entity of the breach to ensure that the covered entity has sufficient time to satisfy its breach notification obligations.  Where the business associate is acting as an agent of the covered entity, the covered entity’s 60-day outer notification limit applies based on the date the business associate discovers the breach—it is not based from the date the business associate notifies the covered entity.
Lastly, in some situations the terms of the BAA will expressly delegate the breach notification obligations to the business associate.  In these arrangements, the business associate will be contractually obligated to notify the affected individuals, HHS, and (if applicable) the media on behalf of the covered entity.  This arrangement is generally preferred from the covered entity’s perspective because the business associate that suffered the breach is generally a) a large entity specialized in health plan administration and experienced in HIPAA breach notification obligations, and b) in a better position to satisfy the requirements by virtue of having already assessed the situation that occurred within its systems.
For a full recorded HIPAA training session, see ABD Office Hours Webinar: HIPAA Training for Employers.  Brian Gilmore, www.theabdteam.com, October 16, 2020.

Shrugging off the damage to the economy and stock market caused by the coronavirus, asset managers serving the defined contribution industry posted AUM gains for their mutual funds and target-date series for the 12 months ended June 30, 2020, an annual survey by Pensions & Investments reveals.
Total proprietary mutual fund assets under management rose 2.2% to $3.26 trillion vs. the year-ago period. Over five years, mutual fund AUM grew by 31.5%.
Total target-date AUM climbed to $1.91 trillion for the 12 months ended June 30, up 12.5% for the year-ago period and double the AUM from five years ago.
These gains were achieved essentially, in poker parlance, due to sponsors' playing a pat hand with their investment lineups and plan designs due to the coronavirus.
"Prior to the market decline as a result of the pandemic it was largely business as usual for many committees," said Ryan Gardner, the Windsor, Conn.-based managing partner and senior consultant for DiMeo Schneider & Associates LLC. "As the market decline unfolded and into the summer months, many committees elected to defer non-critical changes and/or other changes to their investment menus. I suspect we will start to see normal levels of activity as we get closer to year end and into the new year."
The coronavirus "has absorbed benefits staff with the CARES Act," Martha Tejera, project leader of the DC consulting firm Tejera & Associates LLC, Seattle, wrote in an email, referring to the Coronavirus Aid, Relief and Economic Security Act.
"Investment committees have had to deal with increased market volatility and shifts between investment strategies," she wrote. "Senior management has had to address other workforce issues that arose with COVID. So there has been limited capacity by plan sponsors to do anything creative or innovative during 2020."
Ms. Tejera added that she hoped that the impact caused by the coronavirus "will ease in 2021 and we will see progress with helping workers be financially prepared for retirement."
The DC asset management industry's performance for the 12 months ended June 30 benefited in general from a paucity of participant panic.
"Even though there have been wild swings on Wall Street in 2020, most 401(k) participants have stayed the course with their retirement savings behaviors," Robert Austin, the Charlotte, N.C.-based director of research for Alight Solutions, wrote in an email.
"The average participation rate in plans slipped only marginally from 81% in 2019 to 80% in the second quarter of 2020," he wrote. "Average savings rates increased slightly from 8.1% to 8.2%, likely due to the impact of automatic contribution escalation."
Although there was "brisk" net trading activity during the first quarter of 2020, "it has been more measured" during the second and third quarters, Mr. Austin wrote.
"The overall net trading activity through September 2020 was 2.85% of starting balances," he added. "In 2019, it was 2.29%. If the trend continues, 2020 will be the year with the highest trading activity since 2008. Trades have almost universally been out of equities and into fixed income funds."


Mutual fund growth
Among the mutual fund managers, most of the biggest got bigger for the period ended June 30, and the rankings of industry leaders barely changed from the year-ago period.
Among the top three, Vanguard Group Inc.'s mutual fund AUM rose 2.9% to $930.6 billion; Fidelity Investments AUM gained 10.6% to $667.3 billion; and Capital Group Cos. Inc. added 4.4% to $430.7 billion.
Fourth-ranked T. Rowe Price Inc.'s AUM slipped 1.2% to $255.2 billion and fifth-ranked J.P. Morgan Asset Management's AUM dropped 3.8% to $101.1 billion.
Beyond the three largest mutual fund providers, a majority of the top 25 firms experienced AUM declines.
Target-date funds drove the gains in the mutual fund industry. For the 12 months ended June 30, target-date mutual funds' AUM rose 7% from the year-ago period, reaching $939 billion. Target-date funds now contribute 28.8% of total mutual-fund AUM; five years ago, it was 20.2%.
Among target-date series, commingled trusts surged to $792.7 billion AUM by June 30, up 17.1% from the year ago period and up 136.5% over five years. Commingled trusts now account for 41.5% of aggregate target-date fund AUM; five years ago, it was 35.2%.
Mutual funds still lead the target date universe with 49.2% of the total AUM, but their market share has declined from five years ago when they owned 52.6% of the AUM.
The AUM of target-date funds using separate accounts rose to $169 billion for the 12 months ended June 30, up 24.5% from the year ago period and up 50% from five years ago.
Custom target-date funds' AUM reached $166 billion for the 12 months ended June 30, up 14% from the year-ago period and up 68.8% from five years ago.
"I expect contributions to target-date funds will continue because they are the most popular QDIA," said Ross Bremen, a partner with NEPC LLC, Boston.
The growth of commingled trusts fits in with sponsors' desire for lower-cost investments as well as with their concerns about being sued for ERISA violations by participants claiming plans' investment fees were too high, he added.
Among Mr. Gardner's clients, the large plan segment -- $500 million or more in total plan assets -- "are more likely to consider or be eligible for CITs (collective investment trusts) in the target date asset class, primarily as a way to explore lower costs for participants," he said. With more than 620 DC clients, the average plan's asset size is $205 million. Approximately 245 clients have assets of $100 million or more, he said.
"I expect CITs to continue to gain due to lower operations' costs relative to either mutual funds or separate accounts," Ms. Tejera wrote.
The CIT costs and "growing comfort of the plan sponsors" has led to their greater popularity, she added. "I do not think participants have a view one way or the other."

Vanguard still on top
Among the 20 largest target-date providers, 13 posted AUM gains, four experienced declines; one essentially broke even; and results for two were incomplete because they didn't provide information for the year-ago period.
Vanguard continued to dominate with an AUM of $631.6 billion, up 6.6% from the year-ago period. Vanguard's AUM is greater than the combined AUM of firms ranked 5 through 20.
BlackRock Inc. had an AUM of $255 billion, up 12.3% from the year-ago period, which enabled it to move into second place from fourth.
Fidelity Investments stayed in third place with an AUM of $253.6 billion, up 10.4%. T. Rowe Price Group slipped to fourth from second even though its AUM rose 6.9% to $247.6 billion.
Among the various categories, Vanguard retained its dominant first-place positions for mutual fund target-date series and for commingled trust series, while BlackRock maintained its leadership in the separate account and custom categories.
Despite the dominant roles in mutual funds and target-date funds played by a relative handful of asset managers, DC consultants said sponsors shouldn't feel squeezed on price or choice of investments.
"Given the fierce competition among target date managers, fees have continued to come down," said Mr. Bremen.
"I do not have concerns regarding lack of choice or options, as there are still many choices for my clients," wrote Ms. Tejera.
Mr. Gardner said his clients haven't experienced any pricing squeezes among mutual funds or target date funds. "Eighty percent of target date funds isn't pricing," he said. The glidepath, underlying asset classes and asset volatility are crucial issues for clients' choosing a target-date provider, he said. So is the choice of a "to" series, in which the equity component remains the same after the retirement-age vintage fund or a "through" series, in which the equity component continues to decline after the retirement-age vintage fund, he added.

Looking ahead
Future growth among participants' retirement assets will depend on the speed and scope of the health care, employment and general economy recoveries from the damage caused by the coronavirus pandemic, consultants said.
One source of potential growth, they said, is the SECURE Act, the provisions and benefits of which essentially have been obscured by the coronavirus and sponsors' efforts to implement the CARES Act.
Mr. Bremen said one immediate benefit of the Setting Every Community Up for Retirement Enhancement Act, passed in December 2019, is the raising to 15% from 10% the safe harbor cap on employees' contributions to retirement accounts.
Another safe harbor may take longer to produce results -- the one that protects sponsors from liability if they take certain steps and receive certain assurances from insurers about in-plan annuities and other retirement income products.
"Anything that Washington does to benefit participants is great," said Mr. Bremen, citing the law's safe harbor and product portability provisions. "The reality of the COVID environment is that sponsors are focusing on ensuring participants stay the course" rather than adding new features quickly.
"With everything going on and with market volatility, we haven't seen a lot of activity on retirement income," he said.
Ms. Tejara noted that it's too early to assess the impact of the SECURE Act and that her clients also aren't forging ahead on retirement income. "Plan sponsors have been busy with COVID on investments, withdrawals and loans, which has caused a pause," she added.  Robert Steyer, Pensions & Investmentswww.pionline.com, October 19, 2020.

The Federal Deposit Insurance Corporation (FDIC) today published a new resource guide to promote private and philanthropic investment partnerships with FDIC-insured Minority Depository Institutions (MDIs) and Community Development Financial Institution banks (CDFI banks). Investing in the Future of Mission-Driven Banks is FDIC’s latest effort to build supportive partnerships between these banks and other financial institutions, private companies and philanthropic organizations.
FDIC-insured MDIs and CDFI banks provide critically needed banking products and services to small businesses and individuals in minority and lower income communities in urban and rural areas that have traditionally lacked access to safe and affordable credit. Many of these institutions are small, and building capacity and scale are critical to growing their operations and expanding services to their communities.
There are approximately 250 MDIs and CDFI banks insured by the FDIC with combined capital of less than $40 billion. Consequently, modest investments at any one of these institutions can have an enormous impact on their operations and the communities they serve. Every dollar of equity capital invested can increase lending by a multiple of the original investment. Every dollar of deposits can only increase lending up to the amount of the deposit. In addition, grants and other investments may qualify for matching funds in existing support programs, and partnerships between private companies, philanthropic organizations, or other banks can greatly expand the investment from the original partner.
The FDIC has also created a MDI and CDFI Bank locator that includes every FDIC-insured mission-driven bank and branch in the country. Information includes bank type, location, and direct links to each bank. Federal Deposit Insurance Corporation (FDIC), www.fdic.gov, FDIC: PR-111-2020, October 16, 2020.

Want to keep your driver’s license handy without lugging around a purse or wallet?  As soon as next year, there could be an app for that.
Just as house and car keys, bank cards, plane tickets and proof of car insurance have evolved from physical objects to digital apps, a pilot program through the Department of Highway Safety and Motor Vehicles will soon determine whether the time has come to store your state-issued driver’s license on your smartphone.
It’s a concept that has gained traction with pilot programs in other states as a way to curb identity theft, card skimmers and even the spread of coronavirus. Louisiana started offering a limited version in 2018, but Florida could be the first in the nation to offer motorists a digital, hands-free driver’s license option for all uses.

The state will launch a pilot program in December.

“As I.D. fraud becomes more frequent and sophisticated, we made it a priority to reinforce ID verification by adding extra software security technologies," said Tony Lo Brutto, a vice president at cybersecurity firm Thales, selected to launch driver’s license app and associated verification program.

If all goes well, motorists can choose to apply for both a physical driver’s license and an electronic copy that can be downloaded as an app to a smartphone or tablet. The program has already been approved by the American Association of Motor Vehicle Administrators, the nation’s umbrella agency for motor vehicle departments, and it meets all personal identification requirements of the International Organization for Standardization, Thales said.
That means the mobile app could be used as identification domestically and overseas.
It will carry the same information as the traditional cards, including driving privileges and restrictions. But with the information now cloud-based, police officers, bartenders and others can more easily determine authenticity. What’s more, users can be selective in how much personal information they turn over.
“Let’s say you’re 21 and have to show I.D. before you walk into a bar," said Hillsborough County Tax Collector Doug Belden. “With this technology, you can pull out your phone, select what kind of verification you need and show it to the man at the door without your phone ever leaving your hand."

Users could limit the information provided to just a photo and if they’re over 21 years old, Belden said, adding that users don’t have to show exact date of birth, where they live, or even their full name. That information can be kept private.

State offices like Belden’s already maintain massive databases of personal information, accessible by authorities, with every driver’s license issued, he said. The wallet-sized cards are simply a pared-down version. But there’s greater security in a digital version, with information kept behind the passcode, pin number or fingerprint-triggered security locks built into most phones and tablets.

If it is lost or stolen, the Thales app enables users to wipe their personal information. In addition, renewals and change of address would be a snap. The no-contact app also means less chance of contacting germs like the coronavirus.

How much it would cost is still being worked out. The price of a standard Class E license in Florida now is $48, first time or renewal. There’s a $35 fee to replace a lost or stolen card. Louisiana charges an additional $5.99 for its app, accepted only for traffic stops inside the state’s borders.

“I’m excited for this innovation project that will make the state of Florida a national leader in offering secure and trusted mobile identification," Terry Rhodes, executive director of highway safety and motor vehicles, said in a statement to the Tampa Bay Times.

“We have made a sustained commitment to the modernization of nearly every aspect of what our department does and how customers access our services, and Thales will be a great partner as Florida now steps into the future of mobile identification.”

Thales is also working with 11 other states and five Canadian provinces on mobile driver’s license and personal identification programs, the company said. The company launched the first successful pilot program in 2016 in partnership from the U.S. National Institute of Standards and Technology.  Anastasia Dawson, Tampa Bay Timeswww.tampabay.com, October 18, 2020.

“You can’t take it with you”--is frequently cautioned among family and friends. Yet, many of us can’t seem to bring ourselves to plan ahead for our valuables. Jump start with this simple information about estates and estate bonds.

Understand Your Estate
Who gets Cousin It’s wig collection? Are the teddy bear’s in the attic worth money or clung to for emotional value? Oh, was that the necklace you always imagined inheriting? No, you don’t get those coveted golf clubs!
When our loved ones die, this family “stuff” can all be considered part of their estate.  Since the word estate often conjures rolling hills and giant mansions, most of us assume we don’t have one. In reality, we generally do. As explained by Investopedia:
An estate refers to everything of value that an individual owns--real estate, art collections, antique items, investments, insurance, and any other assets and entitlements--and is also used as an overarching way to refer to a person’s net worth. Legally, a person’s estate refers to an individual’s total assets, minus any liabilities.

Make a Will, Name an Executor and Request an Estate Bond
Clearly, none of us wants to leave family and friends the headaches and heartaches of sorting and deciding upon our accumulated treasures. Best to plan ahead--and encourage those around us to do the same. Make a will, designate an executor and ensure an estate bond is in place. As LegalMatch summarizes:

When a person dies or is disabled, often there is a legal document or will that details what is to be done with the deceased’s estate. When this happens, either the document or the court will appoint someone called the executor to distribute the assets of the estate according to the written wishes of the deceased. An estate bond is a safeguard to ensure that the executor faithfully complies with the written wishes of the deceased.

Obtaining An Estate Bond Efficiently
If you are designated as the executor for an estate, you may be requested (by court or the family) to secure an estate bond. Estate bonds are also referred to as probate bonds, administrator or personal representative bonds. These surety bonds protect the beneficiaries of the estate.

Colonial Surety Company is an easy choice for obtaining an estate bond efficiently and quickly. We are licensed and admitted in all US states and territories. Our digital, direct to consumer approach puts you a few clicks away from obtaining your estate bond.

The steps are easy -- get a quote online, fill out your information, satisfy underwriting requirements, and enter your payment method. Once approved, you can even print or e-file your bond from your home or office. Obtain an Estate Bond Here!

Worth Doing: Organize and Gift Treasures Now
It’s painful to think about sorting out the treasures of deceased parents, relations, and friends. It’s best for everyone to get started when the good fortune of time together is possible. The more you have a shared understanding of how to pass on heirlooms, make donations and preserve important memorabilia, the less potential for confusion, misunderstanding, conflict and excess trauma later.

Paring down on excess stuff can help put the focus on the belongings that matter most in families. What can you do with things that may no longer be in use? Give them away now. Computers, cell phones, books, clothing, musical instruments--there are many charities specializing in making good use of the excess stuff that piles up in families. Here are three examples. You will find many more as you network in your community.

Colonial, www.colonialsurety.com, October 18, 2020.

Two disturbing phone scams have popped up on the FTC’s radar. Both scams have one thing in common: they want to trick (and scare) you out of money. If you live on Staten Island, pay close attention, since these two scams seem to be targeting people in your area. But we know that scammers don’t often stick with one area, so they could expand their target area any time now.
Phone scam extorting parents
This scam starts with someone texting you a picture of your own child -- that they could’ve grabbed off of the internet, like your public social media account. Sometimes, these scammers also send frightening pictures, like images of dismembered bodies. In either case, the messages come with the threat that the scammer knows where you live and will kill your family if you don’t pay them. If you get a call like this, report it to your local police right away, before you do anything else.
Phone scam targeting immigrant
This scam starts as an imposter call from someone pretending to be from U.S. Immigration and Customs Enforcement (ICE). These scammers often say your immigration status is being revoked, and the police are on their way to arrest or deport you -- unless you pay them money right away.
These are both scams. As scary as they seem, if you’ve gotten these kinds of messages or calls:

  • Don’t respond to calls or texts, and don’t pay, even in the face of threats. Scammers will often try to pressure and intimidate you to get your money or information.
  • Report these scams to your local police department, and then tell the FTC at ftc.gov/complaint.
  • Set your social media accounts to private. This can keep scammers from getting personal details, or grabbing pictures you don’t want shared.
  • Know that the government will never call or text to threaten you or ask for money. If you’re concerned, look up the agency’s real number and call them directly. Ask them what the story is.

For more tips, check out this video.
Cristina Miranda, Division of Consumer and Business Education, FTC, www.consumer.ftc.gov, October 19, 2020.

When people who are in jail or prison want to call family and friends, they can only use official service providers for either collect or pre-paid calls. The per-minute charges for these calls can be costly. And that’s how scammers have found a way to take people’s money.
The FTC’s complaint against Inmate Call and its affiliates  says they took advantage of inmates and their loved ones by falsely claiming to offer calling plans for “unlimited“ minutes for a set price. According to the FTC, these companies also posed as official service providers. Inmate Call allegedly put ads on its websites that used logos of actual official service providers to lure people into buying these fake unlimited plans. The FTC’s complaint claims people who bought these plans wound up getting not even one minute of call time, let alone unlimited minutes. After people paid, says the FTC, Inmate Call just redirected them to the official service providers for correctional facilities -- where they ended up paying yet more money.

Inmate Call allegedly targeted people from lower-income communities, and many people lost hard-earned money to this scheme. The FTC says Inmate Call made off with more than $1 million between 2016 and 2020.

If you or someone you know is in a correctional facility, remember that official service providers do not offer unlimited plans. This type of unlimited plan does not currently exist for jails or prisons, so if anyone tries to sell you one, it’s a scam. Before you pay, make sure you’re dealing with the official service provider for your loved one’s correctional facility. And be sure to tell the FTCabout this and other scams that you spot.  Lisa Lake, Consumer Education Specialist, FTC, www.consumer.ftc.gov, October 16, 2020.

Help is available for taxpayers who need tax information for prior years, but who didn’t keep copies of their returns. There are options for helping taxpayers get the information they need.

Taxpayers should generally keep copies of their tax returns and any documentation for at least three years after they file. If taxpayers didn’t keep these records, here are some things they can do:

Ask software provider or tax preparer
Those who need a copy of their tax return should check with their software provider or tax preparer first. Prior-year tax returns are available from the IRS for a fee.

Get a transcript
Taxpayers who can’t get a copy of a prior-year return may order a tax transcript from the IRS. To protect taxpayers’ identities, this document partially masks personally identifiable information such as names, addresses and Social Security numbers. All financial entries, including the filer’s adjusted gross income, are fully visible. These are free and available for the most current tax year after the IRS has processed the return. People can also get them for the past three years.

Taxpayers ordering a transcript should allow time for delivery. Here are the three ways to get transcripts:

  • Get Transcript online. People can use this tool to view, print or download a copy of all transcript types. Those who use it must authenticate their identity using the Secure Access process. Taxpayers who are unable to register or prefer not to use Get Transcript Online may use Get Transcript by Mail to order a tax return or account transcript type. Taxpayers should allow five to 10 calendar days for delivery.
  • By phone. The number is 800-908-9946.
  • By mail. Taxpayers can complete and send either Form 4506-T or Form 4506T-EZ to the IRS to get one by mail. They use Form 4506-T to request other tax records: tax account transcript, record of account, wage and income and verification of non-filing. These forms are available on the Forms, Instructions and Publications page on IRS.gov.

Request a copy of a tax return from the IRS
If necessary, taxpayers can request a copy of a tax return by completing and mailing Form 4506 to the IRS address listed on the form. There’s a $50 fee for each copy and these are available for the current tax year and up to six years prior.  IRS Tax Tip 2020-139, www.irs.gov, October 20, 2020.
What did the man say when the bridge fell on him? The suspension is killing me.
"Always do your best. What you plant now, you will harvest later." -Og Mandino

On this day in 1962, US President John F. Kennedy addresses TV about Russian missile bases in Cuba and imposes a naval blockade on Cuba, beginning the missile crisis.



Copyright, 1996-2020, all rights reserved.

Items in this Newsletter may be excerpts or summaries of original or secondary source material, and may have been reorganized for clarity and brevity. This Newsletter is general in nature and is not intended to provide specific legal or other advice.

Site Directory:
Home // Attorney Profiles // Clients // Resource Links // Newsletters