Outsourced ACA Reporting: is it risky?

If you have to report under IRC 6055 & IRC 6056, no doubt you have found many vendors offering low cost ACA reporting, or offering to bundle it with the payroll software. Be wary, chances are they’re expecting you to be the expert. They will expect you to understand every nuance of the law, and you’ll be the one held accountable and responsible for the results. The ACA law is very clear: third parties are not responsible for mistakes.

When you choose to outsource your ACA compliance and reporting, look for a vendor that has tax experts on staff, the IRS provides guidance on the difference in the types of each professional credential and qualification they recognize.

We queried some of the most promoted ACA reporting services on the web and found that many vendors are not aware of, much less compliant with, established regulatory requirements. Some were not aware that they must be HIPAA and HITECH compliant.

HIPAA Privacy Rule

The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes a set of national standards for the protection of certain health information. For payroll record specific information, HIPAA privacy rules have an exception that allow for the data to not be considered Protected Health Information (PHI). When it comes to ACA Reporting however, there is no similar exception. The information that is necessary to complete ACA reporting contains employee Social Security Numbers that are connected with medical plan enrollment details. For this reason, the data necessary to complete ACA Reporting must include PHI and thus the HIPAA and HITECH Compliance rules come into effect. These rules require many various things, including the following:

  • Employers must enter into a Business Associate Agreement with any vendor they share PHI to in order to complete ACA reporting.
  • Once the vendor comes into contact with the PHI, they have responsibilities to encrypt and safeguard this information.
  • Any communication that includes PHI (emails, etc) must be sent encrypted in order to ensure compliance.
  • Once the vendor receives the data, they must maintain all other HIPAA and HITECH compliance items regarding how the data is accessed and stored.

Vendors providing ACA reporting services meet the definition of Business Associate under 45 CFR 160.103. The HIPAA Privacy Rule requires that reporting employers include in the business associate contract specified written safeguards on the individually identifiable health information used or disclosed by its business associates. Moreover, the reporting employer may not contractually authorize its business associate to make any use or disclosure of protected health information that would violate the Rule.


Complexity and Compliance

The Affordable Care Act (ACA) is a highly complex law. Complexity is the most common cause of noncompliance and noncompliance is a type of risk. Like other significant risks, it can result in a multitude of bad outcomes for an organization. Organizations that cannot, or do not, effectively comply may face substantial IRS fines that can have meaningful consequences for the financial health of their business.

The IRS has clearly indicated that it won’t waive employer mandate penalties under the Affordable Care Act. For example, in a letter from the IRS to House Representative Bill Huizenga dated April 14, 2017 related to a question from an applicable large employer, it was made clear that the IRS did not interpret the presidential executive order as providing penalty relief or relief from ACA information return filing requirements, nor are there any provisions in the law which provide for a waiver of employer shared responsibility payments.

“The recent Executive Order Minimizing the Economic Burden of the Patient Protection and Affordable Care Act Pending Repeal (January 20, 2017), directed federal agencies to exercise authority and discretion permitted to them by law to reduce potential burden imposed by the ACA. The Executive Order does not change the law; the legislative provisions of the ACA are still in force until changed by the Congress, and taxpayers remain required to follow the law and pay what they may owe. For additional information on the ACA Executive Order, please visit https://www.irs.gov/tax-professionals/aca-information-center-for-tax-professionals.”

These risks can all be negated or mitigated by taking some time to select a competent ACA reporting partner.

Intelligent ACA reporting requires a blend of the right technology and expert regulatory guidance. Employers need trustworthy compliance experts that can help manage and mitigate potential financial exposure from ACA penalties. How do you identify the professional in a field of amateurs? Look for licensed practitioners. Vendors that offer a service overseen by an Enrolled Agent, CPA or tax attorney will have the experience necessary to determine what sections of the law affect your organization. Enrolled agents are the only federally-licensed tax practitioners who specialize in taxation for any entities with tax-reporting requirements and will often know how to gather the right data from the right sources to send to the IRS to prove your company’s compliance with the ACA.

Will your vendor be able to assist you in the event of an audit?

While rare, audits can be a huge hassle. Make sure your vendor tracking look-back, measurement, administrative and stability periods for your employees. Creating this type of an ACA system of record will be your greatest insurance if an IRS audit ever takes place.

If there is a challenge, remember, only attorneys, CPAs and Enrolled Agents have representation rights to represent taxpayers before IRS. Registered Tax Preparers have no authority to represent clients before the IRS (except regarding returns they prepared and filed December 31, 2015, and prior). Unlike attorneys and CPAs, who are state-licensed and who may or may not choose to specialize in taxes, all enrolled agents specialize in taxation.

ACA Reporting Audits

ACA Reporting audits generally begin with IRS Letter 5699, Request for Employer Reporting of Offers of Health Insurance Coverage (Forms 1094-C and 1095-C). Here is what the letter means:

  • The IRS is preparing to assess fines. The IRS is monitoring non-compliance and has dedicated caseworkers (tax compliance officers) handling this process. Penalty assessment are being considered.
  • Now is the time to file for any tax year you have not done so. While you may incur a penalty for filing late, it may be possible to reduce your penalty from $530 per form to $260 per form for those not already filed.
  • It is important to prepare and file your 2017 returns properly. Regardless of what one reads in the headlines, the 2017 ACA regulations are still in place. Employers must file with the IRS by February 28 ( to avoid penalties.

How to Respond

The first thing to do is to ensure your reporting was performed correctly and that you do indeed owe a penalty. We often speak with employers who will receive these letters from the IRS. Most cases would have been preventable if they had performed the ACA reporting correctly. Essentially this step involves having an expert to personally review the reporting and conduct an interview with the employer for the purpose of fully understanding what coverage the employer actually offered and to whom an offer of coverage should have been made.

The next step should begin by making any corrections to prior filed forms and submitting those corrections to the IRS. This will leave you in a place of assessing the true penalties you are faced with under 4980H (A) and 4980H (B).

At this point, it is critical that you fully analyze the various transitional relief options to prevent these penalties from being applied. Transitional relief items can be incredibly complex and confusing, and proper application requires in-depth knowledge of many areas of the Affordable Care Act and all ACA reporting areas.

Once you have reviewed your reporting, and analysed your options, you are now ready to respond to the IRS. Depending upon the severity of your outstanding issues, it could make sense at this point to also involved an enrolled agent who specializes in this area. Be aware, there are very few attorneys, CPAs or other tax professionals who specialize in ACA reporting.

Can you run the risk of non-compliance? Are you confident you or your ACA reporting vendor have the expertise on staff to manage the data and prepare the reports? If not, here are a few parting tips:

  1. Determine ALE Status: Ensure that you have written proof – which includes counsel – that determines whether or not you are an applicable large employer, as calculations made from head counts may be erroneous and risk non-compliance.
  2. Get Started: Organizations must distribute statements by Jan. 31, 2018 and submit files to IRS by March 31, 2018. As a result, it is important to start this process as early as possible so that you do not have to scramble at year-end.
  3. Get Help: Consider hiring ACA consultants who have a breadth of experience with taxation rules and regulations and are not exclusively an ACA reporting vendor. The investment is worth your time and money since it can reduce the risk of being non-compliant or incurring a penalties.