What to look for. What To Ask for. What to watch out for.

By Melanie Gipp and John Jenkins

The decision to outsource a Human Resource (“HR”) function to a Third Party Administrator is one not to be taken lightly. Outsourcing any HR job or process to another company has a significant impact on the way your business operates. Topping this list is COBRA administration. Everyday, companies of all sizes are adopting a Business Process Outsourcing (BPO) strategy when it comes to COBRA and it is the broker’s responsibility to help the employer make an informed decision.

According to the ERISA Industry Committee’s 2004 Position Paper, “the specificity of the new requirements pose substantial administrative and information technology burdens on plan sponsors under the best of circumstances. The burden will be greatest for employers that administer COBRA continuation coverage requirements internally rather than outsourcing this activity to a vendor.” But how does one select the best in class vendor?

For many companies, the due diligence used in the hiring process for employees are more developed and more detailed than the due diligence used in hiring a COBRA administrator. For something as important as COBRA, this has to change. This article offers helpful ideas and tips when interviewing potential COBRA administrators. Using the information in this article should help, even the largest of employers, identify and select the best administrator for their particular requirements.

There are many reasons a company may choose to outsource COBRA. For small to medium sized employers, the chief reasons are accessing experience, tapping into technical expertise and introducing consistency in the application of the regulations. For large organizations, risk management and economies of scale are added to the above list as drivers behind outsourcing COBRA.

When guiding your client through the search for a COBRA administrator, you want to make sure that employees, former employees, and their families’ rights are being communicated accurately, timely and professionally. Additionally, the administrator of COBRA must be scalable, flexible, and technologically advanced enough to meet an employers various COBRA needs. After all, the last thing your client wants to accomplish by outsourcing COBRA is to hire a company who is less flexible, less scalable and more labor-intensive than it's own internal department.

Further, you want to determine the administrator has the necessary staff and resources to handle your client’s COBRA efficiently. The administrators’ staff should be easy for the company’s staff to work with, offer first class customer service for Qualified Beneficiaries (after all they are your client’s former employees), and know more about COBRA than the employer does.

To start the selection process, you and you client need to identify a COBRA administrator who has proven and documented expertise and capabilities in these four areas:

A superior system for tracking and complying with COBRA and HIPAA nationally. The administrator's entire system must be as transparent to you, as if your staff were self-managing this employer obligation. You should not have to ask permission to see deeply and clearly into your own data. The client's data must be secure, available and protected. The system must be scalable and flexible enough to handle every request or need that your company will make over the course of the client relationship.

An increasing number of administrators are entering the COBRA BPO arena on a daily basis. As a broker, you must make sure the company your client engages to administer COBRA can deliver exceptional Return on Investment. BPO Outsourcing Journal’s 2002 National Survey revealed that, in best case scenarios, cost reductions associated with outsourcing an internal HR function could amount to a 50% to 60% when compared to building and maintaining a comparable in-house department.

Below is a partial list of items that should be used when comparing several COBRA administrators. The cost to outsource COBRA is approximately 4/100th of the total medical premium, however, the risk associated with this activity is significantly higher than you and your client might imagine. Consider there are Department of Labor penalties, Department of the Treasure excise tax penalties, costly premiums, uninsured claims, costly legal fees, plaintiff awards and loss of goodwill associated with COBRA lawsuits. When comparing several administrators, the marginal cost to hire the most competent administrator is a non-issue compared to the risk managed on your client’s behalf. This is not the place to bargain-shop!

Procedural

• Determine exactly what your client’s COBRA needs are.
• Organize a list of potential vendors and request information.
• Make sure the administrator’s service is able to meet your client’s goals and their processes are easy to implement.
• Ask for client and professional references. Obtain current and former client references.
• Are there any positive or negative comments on the Society of Human Resource Management’s bulletin board www.shrm.org/forums/forums?
• Ask about the size of the client base, client retention rate, number of clients per service representative, and what percentage of the overall firm revenue is represented by COBRA administration.
• Request the administrator submit a detailed project plan prior to beginning the installation phase.
• Does the administrator outsource any of their internal functions? If so, what are they and does the administrator have service level agreements (SLA) in place with these vendors?
• Will the administrator enter into a SLA or Performance Guarantee with your client?
• Obtain an organizational chart of the administrator to review division of duties, chain of command and ease of scalability.
• Discuss with the administrator how they recruit, hire and train new service representatives.
• Discuss with the administrator their service model and make sure you and your client are always talking to experienced staff members.
• If possible, tour the offices of the COBRA administrator to see if they have an organized, safe and clean office environment.

Process

• Does the administrator’s COBRA unit, if separate, have a current SAS 70 Type II audit? By whom? Be sure to obtain a copy of the auditor’s final report for your file.
• Discuss with the administrator how their internal metrics compare to national averages. Areas of interest could include the percentage of COBRA elections compared to your internal numbers or national averages, average length of time under COBRA, response time to send out correspondence, process elections and payments, and call center statistics.
• Discuss with the administrator their administrative and risk management capabilities and service standards.
• Discuss with the administrator their administrative competence and what experience they have.
• Can the administrator handle your client’s non-English speaking employees and their dependents? Can the administrator choose the language type of the letter (i.e. Spanish or English)?
• Will the administrator update COBRA eligibility directly with the carrier? If so, can they send HIPAA 834 files? What audit systems does the administrator have in place for file transfers?
• Discuss with the administrator the type of audit trail used. Gain detailed information on the administrator’s retention policy regarding phone calls, notes, correspondence and emails.
• Discuss with the administrator their fraud prevention procedures relative to processing premium payments on behalf of your company.
• Discuss the administrator’s ‘end of client’ relationship philosophy and performance standards when assisting client in migrating away from their services.
• Can the administrator handle complicated or one-off special scenarios? For example, special letter inserts, severance packages and open enrollment processing.

Legal / Financial

• Have the administrator’s service agreement carefully reviewed by an experienced labor or ERISA attorney.
• Have the administrator disclose all their “gotcha” fees. These could include letter reprint fees, additional HIPAA certificates, enrollment, file transfer and special letter inserts.
• Inquire with the administrator regarding their insurance coverage. The administrator should have adequate professional liability coverage specific to COBRA administration, employee dishonesty bonding, workers comp and general liability coverage. Other insurance coverage pertaining to lost data and business continuity may also be important.
• Obtain a certificate of insurance from the administrator’s insurance carrier. Is the carrier reputable and financially sound?
• Discuss how the administrator stays current on all state and federal developments pertaining to continuation regulations.
• Does the administrator have Business Associate Agreements in place with all down-stream suppliers who may come in contact with your company’s PHI?
• Have a detailed discussion with the administrator to make sure they are capable of handling all state continuation requirements in states in which your client has employees.
• Is the administrator involved in any litigation at present? Have they been involved in litigation in the past and what was the outcome?

IT / Technology

• Is the administrator’s data center SAS 70 Type II audited? By whom? This is a different SAS 70 Type II audit than referenced above in Process section.
• Discuss with the administrator the type of platform they use in tracking your population. Is it homegrown or purchased? If purchased, what type of SLA and warranties does the administrator have in place with the software vendor?
• Does the administrator’s compliance software vendor have a SAS 70 Type II audit? By whom? Is it current?
• Discuss with your administrator exactly where your client’s data will be located; review their business continuity plan. Is there sufficient redundancy built into their computing infrastructure?
• Is there controlled access to their offices or sensitive areas of their business?
• Is their offices monitored by an outside security company?
• Discuss with your administrator their threat-detection (both internal and external) safeguards, zero-day threat response, anti-virus policy, internal and external hacking, password bombardment and network integrity monitoring.
• In the event of a “smoking hole” scenario, how long will it take the administrator to be up and fully functional?
• What redundancies does the administrator have in place if their website goes down, for any reason?
• Is the administrator’s website encrypted using the highest level commercially available and HIPAA compliant?
• Be sure to schedule a detailed tour of their website, try out the forms, reports and processes.
• Does the administrator use wireless or wi-fi connectivity for their offices? If so, what are their privacy protection standards?
• Does the administrator have pre-scheduled down-time for updates, patches, routine maintenance and version upgrades for their website? Is the downtime schedule acceptable to you?
• What is the administrator’s client password policy?
• Discuss your clients’ entering into a service level agreement (SLA) with the administrator for such items as business continuity, security, availability and management reporting.
• Discuss with the administrator their disaster mitigation strategy and obtain written copies.
• Can the administrator connect to your client’s HRIS / HRM to accept full or partial files? Is the administrator capable of connecting to your carriers or administrators via HIPAA 834 or HR-XML?

Not all COBRA administrators are created equal. Taking time to ask some or all of these questions will help to ensure you identify the very best administrator to exceed your client’s needs and expectations. This list can be used for all sources of COBRA administration services, including insurance carriers, TPA’s, insurance agencies, PEO’s, Associations or payroll providers.