Small business owners may be wondering if a self administered QSEHRA is possible, or a good idea. The answer? Not really. Setting up your own QSEHRA without an HRA administrator can be confusing and time-consuming, from the compliance requirements to the administrative burden. It’s important to stay compliant or the IRS could deem your HRA to be invalid and all of your reimbursements to be taxable (for both you and your employees). Here are a few more reasons why experts don't recommend it.
Let’s review: What is a QSEHRA?
The Qualified Small Employer HRA, sometimes called a Small Business HRA or a defined contribution model or 401(K) style benefits, is a type of standalone HRA that is designed to help small business owners afford health insurance for their teams—often a major challenge due to rising premiums and participation rates.
As a health reimbursement arrangement, the QSEHRA allows employers (with 50 employees or less) to set aside a fixed amount of money each month that employees can use to purchase individual health insurance or use on medical expenses, tax-free. This means employers get to offer small business health insurance benefits in a tax-efficient manner without the hassle or headache of administering a traditional group plan and employees can choose the plan they want.
The general idea is this: employers simply reimburse employees when a health expense occurs. There is no pre-funding of accounts. If employees don't submit receipts for reimbursement or do not need medical care, the leftover funds stay in the employer's pocket.
Can I self-administer a QSEHRA?
Self-administering a QSEHRA is not a good idea. Here's why.
PRIVACY: For starters, given the nature of a small business HRA and the private health information it involves when it comes to filing reimbursements for qualified medical expenses, privacy is a big issue, even before we get into the whole HIPAA aspect of it (more on that below). As an employer, you would have access to personal information about your employees' health. This could be potentially uncomfortable for everyone involved.
PAPERWORK: It's a hassle for employers to keep up with medical receipts and time-consuming to maintain them in a secure way, not to mention the necessary paperwork that comes with it. The IRS requires businesses to keep records up to 7 years. That means you’ll need a secure way to keep your employees’ medical receipts and their PHI secure and safe for up to 7 years. The organizational method of receipts in a shoebox isn't going to cut it.
HIPAA COMPLIANCE: This is the big one. Because small business HRAs are designed for companies with less than 50 employees, it doesn’t technically fall within many of the federal laws that affect health plans built for larger corporations. But that doesn't mean you are off the hook when it comes to HIPAA (the Health Insurance Portability and Accountability Act of 1996). Some parts of HIPAA still apply to small business HRAs. Why? Because all health plans, including those reimbursed through a QSEHRA, must observe the HIPAA Privacy Rule, regardless of the company's size. This rule is designed to protect patients' PHI.
→ Dive in to more details on QSEHRA Compliance here.
More about PHI
PHI (Protected Health Information) comes in all sorts of communication forms, including hard documentation, emails and telephone calls. Here are a few "real life" examples that could come into play when an employee submits verification for qualifying medical expenses to an employer.
- A bill from a doctor's visit
- An MRI scan
- Lab work results
- Phone records
- Explanation of benefits
- An email to a doctor's office asking about a medication
- Appointment scheduling card from doctor
- Referral documentation
- Documentation from health claims
- Benefit information or payments
- Social security numbers, medical record numbers, fax numbers, phone numbers, health insurance beneficiary numbers, etc.
Now that is a lot to keep track of.
QSEHRAs and HIPAA compliance
Here are a few rules to remain compliant with HIPAA:
- A company is responsible for ensuring plan documents and software are up to date and compliant with the most recent changes.
- Employees' PHI cannot be used to make any work-related decisions. Example: You can't fire someone based on shared health information.
- A system must be in place to protect all sensitive information at all times.
- HIPAA compliant procedures and documentation should be included in your small business HRA contract documents and should list any actions you plan to take to ensure your employee’s PHI is fully protected.
- HIPAA privacy officers must be identified within the business to handle sensitive information. Administration procedures must ensure no one outside of the designated privacy officers has access to employees’ PHI.
Penalties for HIPAA non compliance
From the less-serious "Reasonable Cause" to the more-serious "Willful Neglect," these civil penalties can range from $100 to $50,000 per incident with no jail time to more serious offenses resulting in up to $250,000 in fines and 10 years in prison, especially if information was taken under false pretenses or disclosed on purpose.
If that wasn't enough of a deterrent, state laws could impose additional penalties for the same offenses. Also, even if you didn't intend for noncompliance to occur or it was an accident, you are still liable. There is no safe haven here.
QSEHRA administration with Take Command
With your employees' privacy and costly violations on the line, why chance it? Let Take Command's QSEHRA administration tool do all the heavy lifting for you.
Our platform drafts plan documents with HIPAA compliant language and instant updates, and takes care of QSEHRA administration requirements like reviewing documents that contain protected health information. We'll also handle all the accounting and legal legwork, take care of onboarding each of your employees, and make tax time easy and painless. You'll never have to hassle with receipts or worry about setting up a health plan again.
A wife to one and mother to four, Keely does all of the things. She’s also dabbled in personal finance blogging and social media management, contributed to MetroFamily magazine, and is passionate about good food, treasure hunting and upcycling. With a B.S. in Psychology from the University of Oklahoma and a knack for a witty punchline, it’s no surprise that Keely’s social posts are as clever as they get. In her (very little) free time, you’ll find Keely with her nose in a book or trying out a local restaurant with her family.