ACA COMPLIANCE PROVIDER request for proposal (rfp) · ACA REQUEST FOR PROPOSAL (RFP) 1 The purpose...
Transcript of ACA COMPLIANCE PROVIDER request for proposal (rfp) · ACA REQUEST FOR PROPOSAL (RFP) 1 The purpose...
ACA COMPLIANCE PROVIDER REQUEST FOR PROPOSAL (RFP)
SEPTEMBER 2016
ACA REQUEST FOR PROPOSAL (RFP)
1
The purpose of this RFP is to identify and engage an outsourcing solution partner to provide ACA Compliance services to CLIENT with efficiency, industry-leading performance and support. Required Services (Determining Status, Counting Hours and Reporting):
1. Determining Eligibility Data Sources and Classes a. Accept third party data files from the CLIENT HRIS and Payroll systems b. Manage data and generate edit/audit reports c. Support multiple classes of employees, possibly with multiple measurement periods (hours
measured, hours worked and paid, paid LOA, equivalent for non-hourly, qualified unpaid hours, breaks in service (rule of parity), educational Institution rules)
2. Counting and Tracking to Fulfill Eligibility Requirements
a. Support historical and/or on-going calculations of full-time status based on the look-back measurement method (part-time only)
b. Tracking and notification process for full-time status changes for new hires and ongoing eligibility changes
3. Employer Monitoring and Reporting
a. Provide rule/role based security access for reporting b. Reporting of hours (access to reports): scheduled, point in time, on-demand, custom report design
available to employer c. Configure reports/notifications for different trigger points d. Provide an employer dashboard (reports and graphics, drill down for details, alerts) e. Provide the ability to forecast potential “pay or play” penalties
4. IRS Reporting (Section 6055 / 6056)
a. Populate the reports for Section 6055 and 6056 b. Distribute Form 1095-C to employees c. E-File ACA required reporting with the IRS d. Employee call center for 1095-C questions e. Manage Public Exchange inquiries f. Manage IRS appeals
Service Provider Expectations: CLIENT is looking for a long term partnership with a ACA Compliance Provider who has proven operations and IT infrastructure and will provide:
1. A partner that will ensure compliance with current and future ACA regulations. 2. A relationship based on the spirit of partnership with a high level of transparency. 3. A partner that is flexible and can respond quickly. 4. A highly secure technical environment that ensures protection of CLIENT employee data. 5. A process that is technologically advanced and rules/eligibility based. 6. Proactive issue management processes. 7. Thoroughly documented and updated policies and procedures. 8. Timely and accurate transaction processing backed up by industry standard service level agreements. 9. Easy access to data for reporting and analysis purposes. 10. Adherence to industry standard best practices. 11. Adherence to applicable regulations, e.g., HIPAA, etc.
ACA REQUEST FOR PROPOSAL (RFP)
2
TIMELINE
TASK DATE
Request for Proposal released
Service providers to submit clarifying questions for RFP
Answers to RFP clarifying questions returned to service providers
RFP Questionnaire, Pricing Response & Attachments Submitted (Hard/Electronic copies)
Web demos
RFP analysis report finished
Service provider decision finalized
Contract negotiations completed
Implementation kick-off
Target go-live
ACA REQUEST FOR PROPOSAL (RFP)
3
CLIENT INFORMATION Insert information compiled through ACA Discovery Template:
Current ACA process
Employee metrics
Data requirements
Desired service provider solutions
The following is a summary of the impacted employee benefit plans and providers supporting current HR information, timekeeping, leave management, payroll, benefits eligibility and enrollment for CLIENT:
SERVICE PROVIDER
Medical and Rx Carrier TBD
HR Information System TBD
Timekeeping System TBD
Benefits Eligibility and Enrollment System TBD
Leave Management System TBD
Payroll System TBD
W2 Preparer TBD
COBRA Administrator TBD
ACA REQUEST FOR PROPOSAL (RFP)
4
SERVICE PROVIDER PROFILE
Should you be selected as the service provider to CLIENT, your response to this RFP will be an attachment to the definitive contract, and the information that you provide in response to this RFP will have contractual effect.
Because answers and information that do not reflect reality may place you in breach of contract, you are encouraged to give full, complete and accurate answers and information from the outset.
Please answer these questions in consideration of CLIENT’s current ACA compliance administration process information provided in this RFP.
COMPANY INFORMATION
RFP QUESTION: SERVICE PROVIDER RESPONSE:
Question 1a. a. Company profile
Response 1a.
Question 1b. b. Company history
Response 1b.
Question 1c. c. Date ACA compliance services were established
Response 1c.
Question 1d. d. Indicate the name and the ACA business function of any subcontractors you are using to provide ACA services
Response 1d.
Question 1e. e. Location of company headquarters
Response 1e.
Question 1f.
f. Company size
Response 1f.
Question 1g.
g. Company growth plans (e.g., planned mergers, acquisitions, divestitures)
Response 1g.
Question 1h. h. Total number of employees in your ACA Compliance Department
Response 1h.
Question 1i. i. Work locations:
Company facility locations
Type of work being performed at each facility
Location that will primarily service the prospective client
Response 1i.
ACA REQUEST FOR PROPOSAL (RFP)
5
Question 1j. j. Overall company turnover and service center turnover over the past 12 months
Response 1j.
Question 1k. k. Services that are performed off-shore, where they are performed & for how long they have been performed in that location
Response 1k.
Question 1l. l. Number and average size of employers your ACA Compliance Service Team manages
Response 1l.
Response 1m. m. Is your firm willing to indemnify CLIENT for service provider errors that result in penalties to the company?
Response 1m.
AUDITS & SECURITY
1. INSURANCE, SYSTEMS & TECHNOLOGY AUDITS Describe all audits, tests and reviews conducted over the past 24 months internally or by clients, prospects and/or 3rd party service providers that you have hired specifically for audit purposes. There is no need to include written descriptions of formal audit results submitted as part of this RFP response.
RFP QUESTION:
SERVICE PROVIDER RESPONSE:
Question 1a. a. OPERATIONS Audits:
SSAE 16 (SOC 1, SOC 2, or SOC 3); include Issue Date, Type and Opinion (If you have not yet conducted a SSAE 16 SOC Audit, explain plans/timing of doing so.)
Response 1a.
Question 1b. b. DATA CENTER Audits:
SSAE 16 (SOC 1, SOC 2, or SOC 3); include Issue Date, Type, and Opinion (If you have not yet conducted a SSAE 16 SOC Audit, explain plans/timing of doing so.)
Response 1b.
Question 1c. c. SECURITY & TECHNICAL audits:
Tests and reviews including the following:
Answer 1c. Performed Internal/External (If external, who
performed?)
Additional Details
IT Risk Assessment Audit consistent with the ISO 2700 Standard
Application Code Reviews
ACA REQUEST FOR PROPOSAL (RFP)
6
Penetration or Vulnerability Scans
Security Audits
Stress Testing for Peak Periods
Question 1d. d. Insurance Coverages, Name of Carrier and Coverage Level for General Liability
Response 1d.
Question 1e. e. Tech Errors & Omissions (E&O) and Cyber Crime Insurance Coverage (Not Regular E&O):
Name of carrier and coverage level for Tech E&O coverage in force
Name of carrier and coverage level for Cyber Crime coverage in force
Response 1e.
Question 1f. f. Are the Tech E&O and Cyber Crime policies referenced in Question 1e. paid in full for the full-term and currently in force?
Response 1f.
Question 1g. g. Financial Audits, Tests and Reviews including:
Financial statements audited by public accountants resulting in an opinion (Include issue date, and opinion type issued: Unqualified, Qualified, or Adverse)
Response 1g.
Question 1h. h. If you are a privately held firm, are you willing to share your last two years of audited financial statements if selected as a finalist?
Response 1h.
2. SECURITY
RFP QUESTION:
SERVICE PROVIDER RESPONSE:
Question 2a. a. Do you have a data breach plan in place? Have you ever been required to disclose a HIPAA breach of information for a client’s employee population?
If Yes: o What steps were taken to resolve? o Was your breach: 1) Unintentional (stolen laptop), 2) Intentional (disgruntled
employee) or 3) Outside breach?
Response 2a.
Question 2b. b. Has your company been under examination by the Department of Labor (DOL) or Department of Health and Human Services (HHS) within the last 4 years in relation to HIPAA security or procedures? If so, was remedial action required and/or were fines assessed in relation to service failures affecting your current or former clients?
Response 2b.
ACA REQUEST FOR PROPOSAL (RFP)
7
Question 2c. c. Describe your process for storing client data (i.e., servers, locations, cloud, etc.). What redundancy and security processes are used to ensure continuity of service?
Response 2c.
Question 2d. d. Confirm compliance with all HIPAA & HITECH requirements and regulations. Confirm you have a dedicated department and/or dedicated staff members responsible for monitoring and assuring HIPAA compliance.
Response 2d.
Question 2e. e. Confirm all subcontractors' compliance with all HIPAA & HITECH requirements and regulations. Confirm you will be responsible for executing BAAs with subcontractors and will be responsible for any subcontractor breaches in data security.
Response 2e.
Question 2f. f. Please detail your background check policy for employees and if it’s performed by a third party.
Response 2f.
3. ENCYPTION
RFP QUESTION:
SERVICE PROVIDER RESPONSE:
Question 3a-h. Description of your encryption protocol?
Response 3a-h. Encrypted (Yes/No) Additional Details
a. Level: Database
b. Level: Field
c. At Rest
d. In Transit
e. Internal to your Network
f. External to your Network
g. Back-Up Data
h. Test Database
Question 3i. i. Who has control over the decryption keys?
Response 3i.
Question 3j. j. Are your data files encrypted during transmission (i.e., SFTP)?
Response 3j.
Question 3k. k. How is it protected at the destination?
Response 3k.
Question 3l. l. Outline the “front door” protection (i.e., protected using IDs and passwords).
Response 3l.
ACA REQUEST FOR PROPOSAL (RFP)
8
Question 3m-o. Password Protocols
Response 3m-o. m. Length?
n. Construct?
o. Duration?
4. OTHER
RFP QUESTION:
SERVICE PROVIDER RESPONSE:
Question 4a. a. Detail your firewall and intrusion protections, network and host-based.
Response 4a.
Question 4b. b. Detail your user authentication process and restrictions.
Response 4b.
Question 4c. c. Detail your network access policy/approach as it relates to external interfaces.
Response 4c.
Question 4d. d. Detail your network integration abilities.
Response 4d.
Question 4e. e. Is your platform one single database or multiple?
Response 4e.
Question 4f. f. Detail your networks scalability to meet increases in demand.
Response 4f.
Question 4g. g. How many years of historical data can be kept? Is there a mechanism to archive/purge this information per regulatory guidelines?
Response 4g.
Question 4h. h. What operating systems (including mobile devices) and browsers are supported?
Response 4h.
ACA COMPLIANCE ADMINISTRATION
1. PROCESS
RFP QUESTION: SERVICE PROVIDER RESPONSE:
Question 1a. a. Is your ACA Compliance Administration available in a modular format (i.e., hours tracking on a stand-alone basis, reporting on a stand-alone basis)?
Response 1a.
Question 1b. b. Can you manage the tracking of multiple eligibility groups?
Response 1b.
Question 1c. c. Can you load data for the historical portion of the current measurement period?
Response 1c.
ACA REQUEST FOR PROPOSAL (RFP)
9
Question 1d. d. Do you have the capability to track multiple and variable measurement periods?
Response 1d.
Question 1e. e. Are you able to apply both monthly and look-back measurement methods?
Response 1e.
Question 1f. f. Are you able to track limited non-assessment periods?
Response 1f.
Question 1g. g. Are you able to track hours of service for non-hourly employees, including per diem employees?
Response 1g.
Question 1h. h. Can your system manage measurement and stability periods based on payroll dates as opposed to the first of the month?
Response 1h.
Question 1i. i. Describe your Employer Notification and Reporting Process for status changes, including dashboard capabilities, if applicable.
Response 1i.
Question 1j. j. Describe your Employee Notification Process for status changes.
Response 1j.
Question 1k. k. Are you able to include retirees and COBRA in the data for reporting?
Response 1k.
Question 1l. l. Are you able to forecast and trend Benefit Eligible Status on an on-going basis?
Response 1l.
Question 1m. m. Are you able to calculate Affordability? Please describe the process and the Safe Harbor options supported.
Response 1m.
Question 1n. n. Describe your employer reporting capabilities specific to forecasting full-time status changes and the associated impacts.
Response 1n.
2. DATA FILES
RFP QUESTION: SERVICE PROVIDER RESPONSE:
Question 2a. a. Are you able to import data from multiple 3rd party data sources? If so, please outline any limitations with this process.
Response 2a.
Question 2b. b. Do you require input data to be provided in a pre-determined template or do you have custom data intake capabilities?
Response 2b.
ACA REQUEST FOR PROPOSAL (RFP)
10
Question 2c. c. Describe your audit process for 3rd party data intake.
Response 2c.
Question 2d. d. Can the 3rd party data be edited once it is loading into your system? If so, please outline any limitations with this process.
Response 2d.
3. REPORTING
RFP QUESTION: SERVICE PROVIDER RESPONSE:
Question 3a. a. Are you able to manage (compile, e-file, distribute) the ACA IRS Reporting Requirements (Sections 6055 and 6056)? If so, describe your process for managing these requirements.
Response 3a.
Question 3b. b. Specifically, are you able to manage the ACA IRS Reporting Requirements for Form 1095-C, Lines 14, 15 and 16 (including Interpreting benefit data for indicator codes for Line 14, 15 And 16 on the 1095-C)? Please describe any limitations with FULLY completing this section of Form 1095-C.
Response 3b.
Question 3c. c. Has offeror’s solution been audited by a 3rd party to verify that all ACA regulations are accounted for and calculated correctly? If so, please list the 3rd party auditor.
Response 3c.
Question 3d. d. Is the 1095-C reporting available online for employees to access?
Response 3d.
Question 3e. e. Do you integrate with 3rd party tax systems like Turbo Tax or Quicken? If so, please list the providers.
Response 3e.
Question 3f. f. How long will you retain data and IRS reports for employee and employer inquiries?
Response 3f.
Question 3g. g. Is the 1095-C reporting online available for employers to access, review, audit and update both pre and post filing. If so, is there an audit trail? If a correction filing is required, does it automatically generate an updated e-file?
Response 3g.
4. IRS SUPPORT SERVICES
RFP QUESTION: SERVICE PROVIDER RESPONSE:
Question 4a. a. Do you provide call center services for employee inquiries regarding 1095 Reporting?
Response 4a.
ACA REQUEST FOR PROPOSAL (RFP)
11
Question 4b. b. Do you manage IRS inquires and penalties?
Response 4b.
Question 4c. c. Describe any support provided with Public Exchanges for penalty verifications and appeals.
Response 4c.
5. OTHER ACA REQUIREMENTS
RFP QUESTION: SERVICE PROVIDER RESPONSE:
Question 5a. a. Do you report the employer and employee Total Premium Cost of applicable plans to payroll to be included on the W2? Please include method of reporting (payroll feed or other report) and frequency (per payroll or year-end files).
Response 5a.
Question 5b. b. What level of customization is available for the Notice of Exchanges? What Is the method of distribution and associated costs?
Response 5b.
Question 5c. c. Please indicate how you can support the calculation of the Number of Covered Lives for the Patient-Centered Outcomes Research Institute (PCORI) Fee. Please include a description of your reporting capabilities, including counting methods supported.
Response 5c.
Question 5d. d. Please Indicate the reporting available for Hours Data. Please indicate if the reports can be scheduled, are available as of a point in time, available on-demand and if a custom report design is available to the client.
Response 5d.
ROLL OUT AND SERVICE MODEL
1. IMPLEMENTATION GO LIVE ROLL OUT
RFP QUESTION: SERVICE PROVIDER RESPONSE:
Question 1a. a. Your standard implementation timeline.
Response 1a.
Question 1b. b. Internal quality control procedures in place to audit and review all implementation related tasks.
Response 1b.
Question 1c. c. Detail how you manage and monitor your implementation and ongoing service capacity.
Response 1c.
2. SERVICE MODEL
RFP QUESTION: SERVICE PROVIDER RESPONSE:
Question 2a. a. Client Services Account Management Team structure.
Response 2a.
Question 2b. b. Location and hours the Client Services Account Management Team (not Service Center Team) is available for HR administrations (specify time zone).
ACA REQUEST FOR PROPOSAL (RFP)
12
Response 2b.
Question 2c. c. Ongoing client stewardship process – include details on: a. Methods used to monitor ongoing client satisfaction b. Frequency you review client satisfaction with clients c. Ongoing stewardship reports & stewardship analytics d. Ability to show trends and/or areas that need improvement
Response 2c.
Pricing
TASK PEPM SERIVE PROVIDER
RESPONSE:
ACA COMPLIANCE SERVICES
PEPM
DATA MANAGEMENT
PEPM
a. Load Historical Employee Payroll, Time and Benefit Data from 3rd
party data sources (HCM, Benefit Administration system, etc. PEPM
b. Load Ongoing Employee Data Files from payroll systems and other data sources
PEPM
COUNTING AND TRACKING TO FULFILL ELIGIBILITY REQUIREMENTS
PEPM
a. Support historical and/or on-going calculations of full-time status based on the client specific measurement method
PEPM
b. Tracking and notification process (reporting, dashboard, etc.) for benefit eligibility status changes
PEPM
IRS/REPORTING (SECTION 6055/6056)
PEPM
a. Fulfill reports for Section 6055 and 6056 PEPM
b. Distribute Form 1095-C to employees PEPM
c. E-file Form 1094-C with IRS PEPM
d. Distribute Form 1095-C to employees PEPM
e. Manage Public Exchange inquiries PER INQUIRY
f. Manage IRS appeals PER APPEAL
ACA REQUEST FOR PROPOSAL (RFP)
13
Appendix 1 Statement of Work (To Be Customized) This Statement of Work (SOW) is made and entered by and between CLIENT and the chosen ACA Compliance Service Provider. The chosen ACA Compliance Service Provider agrees as follows: 1. Identify/quantify Risks:
Describe risks to the project 2. Scope of Work
Describe in detail the work the chosen ACA Compliance Service Provider will perform 3. Inclusions
Describe:
Tasks to be performed
Resources assigned to tasks
Location(s) where task(s) to be performed 4. Exclusions
Describe:
Tasks that are not part of the scope of this project 5. Deliverables by Phases
Describe:
Items that will be developed or provided (i.e., products, service, plans, status reports, documentation)
Dates for delivery
Implementation plan
ACA REQUEST FOR PROPOSAL (RFP)
14
ADDITIONAL APPENDICES To be included as attachments
1. Standard Contract
2. Standard Service Level Agreement/Performance Guarantees
3. Standard Business Associate Agreement
4. Latest Audit Reports (or other External Audit Reports including: SSAE 16 (SOC 1, SOC 2, or SOC 3);
include Issue Date and Type
5. Tech Errors & Omissions Insurance Certificate
6. Cyber Crime Insurance Certificate
7. Implementation Timelines and other implementation documentation
8. Administrator Training documentation
9. Standard Ongoing Stewardship Reports
10. Results of Client Satisfaction Surveys
11. Sample Reporting Package and listing of all reports available
12. ACA Compliance Documentation and Samples
13. Security, Privacy Policies and Procedures
14. Technology Infrastructure Documents such as:
a. Network and System Infrastructure Diagrams
b. System Dataflow / Integration Diagrams
c. Business Continuity and Disaster Recovery Plans
d. Overview of Data Center Infrastructure
15. Any other materials you believe are relevant
16. Pricing Proposal