Meritain Health Meritain Health Home

 

Home > Resources > Compliance Resources > Compliance Quarterly > November 2009 Compliance Quarterly > GINA Regulations

GINA Regulations

The Internal Revenue Service (IRS), Department of Labor (DOL) and Health and Human Services (HHS) recently released regulations under the Genetic Information Nondiscrimination Act of 2008 (GINA). GINA amended HIPAA to prohibit employer-sponsored health plans (or insurers) from collecting, using or disclosing genetic information concerning employees or their family members either (1) before or in connection with enrollment or, (2) at any time, for "underwriting purposes."

For purposes of these rules, "genetic information" is broadly defined to include family medical history. "Underwriting purposes" is broadly defined to include anything that relates to a determination of eligibility for benefits or the determination of premiums or other contribution amounts, including discounts, rebates, incentives and copays.

To Whom Do These Regulations Apply?
All employer-sponsored group health plans except for plans that are considered "excepted benefits" for purposes of the HIPAA portability rules and federal government plans.

What Do These New Regulations Provide?
The new regulations provide that wellness programs that otherwise meet the requirements of the prior HIPAA wellness program regulations violate GINA if they provide rewards for completing health risk assessments (often called
"HRAs") that request genetic information, including questions about family medical history.

The regulations also provide that a health risk assessment that includes questions about family medical history and that is completed prior to or in connection with enrollment violates GINA, even if no incentive is provided for completing the assessment. The regulations provide that, for purposes of determining whether a health plan expense is medically appropriate, plans may continue to use the minimum necessary amount of the patient's genetic information.

When Do These Regulations Go Into Effect?
These regulations are effective for plan years beginning on or after December 7, 2009.  

How Do These Regulations Impact Employers?
Naturally, all employers with, or considering, wellness programs and/or health risk assessments should review those practices (and all related notices and election forms) in light of these new GINA rules and the continually evolving Equal Employer Opportunity Commission (EEOC) position on the impact of the Americans with Disabilities Act (ADA).

In two informal opinion letters issued this year, the EEOC has indicated that any health risk assessment that includes disability-related inquiries (and most health risk assessments include such questions) likely violates the ADA unless the health risk assessment is completely voluntary. Based on this still-informal position, the EEOC would not consider a health risk assessment in connection with an employer's health plan to be voluntary if there is any significant penalty imposed for failing to complete it (or if any significant incentive is offered for completing it). All employers that offer an incentive or impose a penalty in connection with a health risk assessment or similar wellness programs that might involve disability-related questions should consider how this EEOC position would apply to their plans.

Meritain Health’s wellness programs all comply with these new regulations.

SPECIAL NOTE: Separate proposed regulations issued by Department of Health and Human Services (HHS) also would modify the current HIPAA privacy regulations: (1) to provide that genetic information is health information; (2) to prohibit health plans from using or disclosing PHI that is genetic information for underwriting purposes (even if an individual has signed an authorization); (3) to require that HIPAA privacy notices for health plans that perform underwriting be revised to state that genetic information will not be used for underwriting purposes; and (4) to modify various definitions to be consistent with GINA. (These changes to the HIPAA privacy rules are expected to be effective 180 days after they are finalized by the regulators.) Meritain Health will follow these regulations and will notify you once they have become finalized. 

Source:  Smith & Downey

Compliance Quarterly is being provided as an informational tool. It is recommended that plans consult with their own experts or counsel to review all applicable federal and state legal requirements that may apply to their group health plan. By providing this publication and any attachments, Meritain Health is not exercising discretionary authority over the plan and is not assuming a plan fiduciary role, nor is Meritain Health providing legal advice.