This post was authored by Devin Chwastyk and Frank Lavery, II.  Devin is the Chair of the Privacy & Data Security group at McNees.  Frank is a Law Clerk with McNees.  Frank is currently a student at the University of Notre Dame Law School and expects to earn his J.D. in May of 2022. 

On June 3, 2021, the U.S. Supreme Court issued an important opinion in Van Buren v. United States, which provided important clarification of the scope of the Computer Fraud and Abuse Act (CFAA).  The CFAA bars unauthorized access, or access that exceeds authorization, to any computer “used in or affecting interstate or foreign commerce or communication.”  As the Supreme Court aptly explains, this extends protection—at a minimum—to all information from computers that connect to the internet.  Thus, the implications of the CFAA are far reaching. The decision in Van Buren explored what constitutes “unauthorized access” and “access that exceeds authorization.”

Nathan Van Buren was a police sergeant who was provided access to a law enforcement database by the state of Georgia.  Yet, he was only permitted to access the database for legitimate law enforcement purposes.  Nonetheless, Van Buren searched that database for information about a woman with the intent to sell the results for $6,000 to a willing buyer. Unbeknownst to Van Buren, the buyer was a confidential FBI informant posing as a potential romantic partner of the woman.  There was no dispute that Van Buren was prohibited by his Department’s policy from accessing the database for non-work-related purposes, and that he was provided appropriate training on the policy.  Van Buren was arrested and criminally convicted under the CFAA.

Based on its precedent, the 11th Circuit affirmed the conviction, and the Supreme Court granted certiorari to resolve the stark split among the U.S. Courts of Appeal as to what constitutes “exceeding authorized use” under the CFAA.  Van Buren argued that his conduct was not criminal, because he was authorized to access the law enforcement database.  The government argued that his access exceeded his authorization because he was only allowed to access the database for work-related purposes.

The Supreme Court held that while Van Buren undeniably violated his department’s policy in his use of the law enforcement database for personal reasons, there was no ‘gate’ meant to keep Van Buren out of the database.  He simply used his police credentials to access the system for a prohibited purpose.  The Court explained that the CFAA is meant to keep out “outside hackers” through authorization, and “inside hackers” by restricting users from certain parts of a computer system.  The Court went on to hold that “[i]n sum, an individual ‘exceeds authorized access’ when he [or she] accesses a computer with authorization but then obtains information located in particular areas of the computer—such as files, folders, or databases—that are off limits to him [or her].”  Thus, the only relevant question was whether Van Buren could access the database, which both parties agreed he could.  For that reason, Van Buren did not “exceed authorized access” to the law enforcement database as defined by the CFAA, even though he obtained information from the system for a prohibited purpose.

The holding in Van Buren has some very serious real-world implications for those who wish to protect their information from both outside and inside hackers.  Designing access and restricting access are critical for a number of reasons, and a policy alone will not necessarily constitute adequate technical and procedural safeguards to cordon off data within that system.  If your organization wants to properly restrict access to certain information, you must put in place “gates” to keep users out (including employees who are permitted limited access to the system).  These technical IT infrastructure protections should be in addition to policies restricting access and training programs.  Once these safeguards are in place, anyone that ‘hacks’ to gain access to the restricted information will have committed a criminal violation of the CFAA and could be liable to the organization or employer for civil damages.

On May 28, 2021, the Equal Employment Opportunity Commission issued updated informal guidance on COVID-19 and the federal employment laws that it enforces.  This round of guidance focused on COVID-19 vaccines and their intersection with the workplace.  With the CDC recently exempting fully vaccinated individuals from masking requirements (except where otherwise required by other federal, state, or local laws or regulations), the EEOC’s updated guidance is especially timely and important.

Mandating the COVID-19 Vaccine

The EEOC reiterated that employers may mandate that all employees who physically enter the workplace be vaccinated for COVID-19, subject to the reasonable accommodation requirements for employees with disabilities (under the ADA) or sincerely held religious beliefs (under Title VII) that preclude them from receiving the vaccine.  The EEOC did note that its guidance is limited to the federal employment discrimination laws and does not address other legal issues associated with mandatory vaccine policies, such as the Emergency Use Authorization issue that some have raised to claim that mandatory vaccine policies are legally problematic.

The EEOC also noted that employers who mandate the vaccine may need to respond to claims that the requirement has a disparate impact on (i.e., disproportionately excludes) employees based on a protected trait, particularly if certain groups may face greater barriers to receiving the vaccine.

Possible Reasonable Accommodations for Mandatory Vaccine Situations

The EEOC offered some possible reasonable accommodations that an employer may need to consider for employees unable to be vaccinated due to a disability or religious beliefs.  These examples included wearing face masks, social distancing in the workplace, a modified work schedule, periodic COVID-19 testing, remote work, and reassignment.  The guidance also reminded employers that employees unable to be vaccinated due to pregnancy may be entitled to an accommodation to allow them to continue working if such accommodations are made for non-pregnant employees.

The guidance also confirmed that the interactive process for vaccination-related accommodation situations is the same as the standard ADA interactive process for all disability-related accommodations.

With respect to possible religious accommodation situations, the EEOC recommended that employers ordinarily assume that an employee’s request for a reasonable accommodation is based on a sincerely held religious belief, practice, or observance.  If the employer is aware of facts that would call into question the religious nature or sincerity of such a belief, practice, or observance, the employer would then be justified in requesting additional information to support the request.

Direct Threat of Unvaccinated Individuals

For those employers who have considered mandating the vaccine, a fundamental question has been what to do with those employees who are unable to get vaccinated due to a disability.  Can such individuals be excluded from the workplace without running afoul of the ADA?  To do so under the ADA, the employer would need to take the position that the unvaccinated employee poses a direct threat to the employee and/or others.  In its most recent guidance, the EEOC outlined the requirements for this analysis.

The EEOC explained that this assessment must be individualized and based on the employee’s present ability to safely perform the essential functions of the job.  The analysis should be based on a reasonable medical judgment that relies on the most current medical knowledge about COVID-19.  According to the EEOC, relevant factors include:

  • The level of community spread at the time of the assessment.
  • Statements from the CDC.
  • Information obtained from the employee’s health care provider with the employee’s consent.
  • The type of work environment, such as whether the employee works alone or with others or works inside or outside, the available ventilation, the frequency and duration of direct interaction the employee typically will have with other employees and/or non-employees, the number of partially or fully vaccinated individuals already in the workplace, whether other employees are wearing masks or undergoing routine screening testing, and the space available for social distancing.

In addition, employers must assess whether providing a reasonable accommodation, such as masking and other mitigation matters, would reduce or eliminate that threat.

As with many ADA situations, this analysis often will not provide a clear answer on whether an employer lawfully may bar an unvaccinated employee from its workplace.  To further cloud the issue, the EEOC noted that the direct threat assessment likely will vary over time and from circumstance to circumstance, as the understanding of COVID-19 and guidance from federal, state, and local authorities continue to evolve.  As the number of active COVID-19 cases continues to drop and the number of vaccinated individuals continues to rise, it becomes even more difficult for employers to make a direct threat determination and exclude unvaccinated employees from the workplace.

Encouraging and Incentivizing the Vaccine

The EEOC confirmed that employers may encourage employees and their family members to get vaccinated by providing educational information, raising awareness, and addressing common questions and concerns.  In addition, the EEOC clarified that employers may offer vaccination incentives to employees so long as the incentives are not so substantial as to be coercive and the incentive is not tied to the employee receiving the vaccine from the employer or an entity with whom the employer has contracted to provide the vaccine to its employees.  Employers also may require employees to provide documentation or other confirmation from a third party not acting on the employers behalf, such as a pharmacy or health department, that employees or their family members have been vaccinated.  However, the guidance announced the EEOC’s position that employers may not offer incentives for employees’ family members to get vaccinated.

Confidentiality of Vaccination Information

In its most recent guidance, the EEOC stated its position that an employee’s vaccination status constitutes confidential medical information under the ADA.  Although the EEOC did not alter its prior position that requiring proof of vaccination is not a disability-related inquiry under the ADA, it now has taken the position that vaccine status is confidential medical information under the ADA.

The validity of the EEOC’s position that requesting vaccination documentation is not a disability-related inquiry, but that the information provided must nevertheless be kept confidential, is legally questionable.  However, employers should take reasonable measures to keep information regarding vaccine status confidential and store such information separate from an employee’s personnel file.

The EEOC did not addressed whether employers may require employees to wear visual indicators of their vaccination status for purposes of administering a mask requirement policy, leaving that an unanswered question for employers.  The ADA permits the disclosure of confidential medical information to supervisors or managers with a legitimate business need to know the information.  Because the CDC recommends and some states require masks for unvaccinated people, there may exist a legitimate business need to communicate to managers and supervisors whether the employees under their supervision are vaccinated to allow them to enforce the mask requirements.  However, managers and supervisors should have access only to the information relating to employees under their supervision and should understand that they should not discuss one employee’s vaccination status with other employees.


With the move away from masks for fully vaccinated individuals and the increasing reopening of workplaces, vaccinations and their effect on workplace policies and practices are the next big step in the journey that has been COVID-19.  The EEOC’s most recent guidance provides few surprises and little change from employers’ prior assessments of the relevant issues, with the possible exception of the position taken on the confidentiality of vaccination status.  However, the guidance is a useful resource for understanding the rules and challenges employers face as we all slowly reenter “normal.”

On May 5, 2021, New York Governor Andrew Cuomo signed A2681B/S1034—the Health and Essential Rights Act (“HERO Act” or “Act”), which requires employers to enact an airborne infectious disease exposure prevention standard for all work sites and to create a workplace safety committee.

Under the Act, the NY Department of Labor, in consultation with the Department of Health, must provide industry tailored model standards for all work sites to establish minimum requirements for preventing exposure to airborne infectious diseases in the workplace. The standards will account for different levels of exposure and whether a state of emergency has been declared. The standards must include procedures and methods for employee health screenings; face coverings; required personal protective equipment; accessible hand hygiene stations with permitted break times to utilize the facilities as needed; regular cleaning and disinfecting of shared equipment and frequently touched surfaces; social distancing practices; isolation practices; and compliance with engineering controls.  There will also be a requirement to designate supervisory employees to enforce compliance with the prevention plan.  The plan will also need to be reviewed with all employees. The Act also contains prohibitions on retaliation.

All NY employers are required to establish an airborne infectious disease exposure prevention plan by either adopting the model standard relevant to their industry or by establishing an alternative plan, which is equal to or exceeds the minimum requirements of the standard. The alternative plan is be developed with either a collective bargaining representative or with meaningful participation of employees and the plan is to be tailored and specific to hazards in the specific industry and work sites of the employer.

Unless the Department of Labor provides an extension, employers are required to provide copies of their prevention plan to all employees by June 4, 2021. The prevention plan must be posted in a visible and prominent location within the worksite and included in an employee handbook, if the employer has one.

While the prevention plan requires immediate attention by any employer, the workplace safety committee can be addressed after the prevention plan is in place. Only employers with at least 10 employees are required to establish a joint labor-management workplace safety committee by November 1, 2021. The committee is to meet during work hours once a quarter and will review and raise any health or safety concerns.

Employers with operations in New York state should be prepared to act quickly to review the model standards once they are released by the Department of Labor and should begin establishing workplace safety committee guidelines.

On May 18, 2021, the IRS issued the long- awaited guidance on the COBRA subsidy and premium assistance credit available under the American Rescue Plan Act of 2021 through eighty-six questions and answers.  The Notice addresses eligibility, reduction in hours, involuntary termination of employment, coverage eligible for premium assistance, beginning and end of the premium assistance period, extended elections, calculation of the premium assistance credit and other common questions.

The bad news is the plethora of questions.  The good news is that an employer may rely upon an employee’s attestation in determining if an individual is an Assistance Eligible Individual, unless the employer has actual knowledge that the individual’s attestation is incorrect.  The employer should keep the employee’s attestation as documentation that the individual was eligible for the premium assistance.

One item of note that was addressed in the Notice is the disqualifying factor of being “eligible for other group health plan coverage”.  The Notice explains that an individual who may be eligible for other group health coverage would be eligible for the COBRA premium assistance (1) during any waiting period in the new group health plan and (2) if an open enrollment period was not available under the new plan between April 1, 2021 and September 30, 2021.  However, the IRS also indicated that if an individual was able to enroll in other group health plan coverage as a result of the special enrollment period due to the Emergency Relief Notices, then the individual is not eligible for premium assistance.  Luckily, the employer may rely upon the individual’s attestation with respect to being eligible for other group health plan coverage and is not required to investigate the terms of other group health plan’s eligibility requirements.

Another item of note for employers with less than 20 employees.  If your plan is fully insured, your insurance carrier is responsible for the premium assistance.  If your plan is self-funded and not subject to Pennsylvania’s mini-COBRA laws, you are not required to offer premium assistance.

Read the entire IRS Notice here.

For more information on how this change affects your plan and other recent changes in employment law, register here for the McNees 2021 Labor & Employment Seminar to be held virtually on June 10th and 11th.  Topics will include:

  • Employee Benefits in the COVID (and Post-COVID) Era
  • 2020 The Year Best Suited for the Rear View
  • Biden’s Labor Board: What’s on the Agenda (Again)?
  • Diversity, Equity & Inclusion Fundamentals for HR Professionals
  • Workplace Safety: In the Era of COVID and Medical Marijuana
  • ADA/FMLA/WC Scenarios: HR’s Role in Managing Employees with Mental Health Issues
  • Litigation Trends: Privacy, Pay, Equity, COVID, ADR, Going Virtual
  • Perils of the Digital World: An Employer’s Guide to Dealing with Data Breaches
  • Wage & Hour Law in 2021 (and Beyond): Keeping Up with Changes in Federal and State Law

On May 10, 2021 the U.S. Department of Health and Human Services (HHS) announced that Section 1557 of the Affordable Care Act and Title IX’s prohibitions on discrimination based on sex include discrimination on the basis of sexual orientation and gender identity.  “Research shows that one quarter of LGBTQ people who faced discrimination postponed or avoided receiving needed medical care for fear of further discrimination.” The clarification reverses the position of the HHS under the Trump Administration and will guide the Office for Civil Rights (OCR), responsible for enforcing Section 1557, when handling complaints and investigations of discrimination in providing health care because of an individual’s sexual preference or gender identification.

For more information you can review the full press release at HHS Announces Prohibition on Sex Discrimination Includes Discrimination on the Basis of Sexual Orientation and Gender Identity |

For more information on how this change affects your plan and other recent changes in employment law, register here for the McNees 2021 Labor & Employment Seminar to be held virtually on June 10th and 11th.  Topics will include:

  • ADA/FMLA/WC Scenarios: HR’s Role in Managing Employees with Mental Health Issues
  • Wage & Hour Law in 2021 (and Beyond): Keeping Up with Changes in Federal and State Law
  • Perils of the Digital World: An Employer’s Guide to Dealing with Data Breaches
  • Litigation Trends: Privacy, Pay, Equity, COVID, ADR, Going Virtual
  • Employee Benefits in the COVID (and Post-COVID) Era

Governor Wolf’s office announced on Tuesday that all COVID-19 mitigation orders will be lifted on Memorial Day, except for the mask mandate.  While this is certainly welcome news, and another sign that the pandemic might be on its way out, it is not necessarily a free pass for employers to throw all caution to the wind.

What DOES this mean for employers?  The Governor’s office has not yet provided specific details, but it appears that the administration plans to lift all COVID-19 mitigation orders (except mask requirements), including the orders issued by the Secretary of Health in April, July, and November 2020.  These orders placed onerous burdens on businesses to institute strict mitigation measures, or face the threat of penalties, including shutdown.

In other words, it appears that as of Memorial Day, Pennsylvania will no longer require businesses to do things like maintain cleaning protocols, implement temperature screens, stagger work start and stop times, provide sufficient space for employees to maintain social distance while on breaks and meals, conduct meetings virtually, provide employees with access to regular handwashing, or prohibit non-essential visitors from entering the premises, among other COVID-19-related restrictions.

The mask mandate will remain in effect until 70% of adult Pennsylvanians are fully vaccinated – meaning two weeks have passed since they have either received the second dose of a two-dose vaccine regimen or one dose in a single dose regimen.

In the short-term, it means that Pennsylvania employers must continue to comply with the mandates of the Department of Health’s orders until Memorial Day.  It also means that Pennsylvania employers must continue to mandate masks for the foreseeable future (it is not clear if or when Pennsylvania may reach the 70% mark for fully vaccinated adults).

What this DOES NOT mean for employers.  Although the various safety and mitigations orders may be lifted as of Memorial Day, it is important to recall that the CDC’s recommendations will continue to have a profound impact on how employers should maintain the workplace.  For example, the CDC continues to recommend that unvaccinated employees quarantine after an exposure to COVID-19.  The CDC also recommends that all businesses have a plan in place that is specific to the workplace, identifies all areas and job tasks with potential COVID-19 exposure, and that businesses implement control measures to eliminate or reduce exposure.

In light of these recommendations, the federal government continues to posture for increased enforcement efforts.  OSHA issued a national emphasis program in March intended to notify certain high-risk industries of the possibility of on-site inspections, even without a complaint from an employee.  Employers in the healthcare, food processing, and general warehousing industries should be particularly conscious of the possibility of an OSHA inspection in the next 12 months.

In addition, OSHA submitted its emergency temporary standard on COVID-19 to the White House’s Office of Management and Budget for review on April 26, 2021.  It remains uncertain what this nationwide standard will be, but based on OSHA’s guidance to date, and reports from the DOL, it could include measures like requiring employers to have a written plan, supply masks, enforce social distancing, maintain cleaning and disinfection measures, and to train workers on workplace safety as it relates to COVID-19.  We will provide an update on this emergency temporary standard if and when it is issued.

To summarize, although employers can certainly breathe a sigh of relief that Pennsylvania is now poised to put most COVID-19 restrictions in the rearview mirror, employers should be cognizant of the federal government’s increased focus on workplace safety and enforcement.  Maintaining a workplace free of the hazard of COVID-19 exposure is more important now than ever.

For more information, please contact any member of the McNees Labor & Employment Group and plan to attend the 2021 McNees Labor & Employment Law Seminar to be held virtually on June 10th and 11th.

On Thursday April 14, 2021, the U.S. Department of Labor announced guidance for plan sponsors, plan fiduciaries, record keepers and plan participants on best practices for maintaining cybersecurity. This is the first time the Department has issued guidance on cybersecurity for employee benefit plans.

The guidance includes tips for plan sponsors and fiduciaries in selecting and hiring service providers, including:

  • Compare the service provider’s information security standards, practices and policies, and audit results to the industry standards.
  • Look for service providers that follow a recognized standard for information security and use a third-party auditor to review and validate its cybersecurity practices.
  • Ask the service provider how it validates its practices, and what levels of security standards it has met and implemented.
  • Evaluate the service provider’s track record in the industry, including public information regarding information security incidents, other litigation, and legal proceedings related to the service provider’s services.
  • Ask whether the service provider has experienced past security breaches, what happened, and how the service provider responded.
  • Find out if the service provider has any insurance policies that would cover losses caused by cybersecurity and identity theft breaches.
  • Make sure that the contract requires ongoing compliance with cybersecurity and information security standards – and beware of contract provisions that limit the service provider’s responsibility for IT security breaches.
  • Also, try to include provisions addressing the following in your agreements with your service providers:
    • Information security reporting,
    • Clear provisions on the use and sharing of information and confidentiality,
    • Notification of cybersecurity breaches,
    • Compliance with records retention and destruction, privacy and information security laws, and
    • Insurance coverage.

The guidance also includes cybersecurity programs’ best practices to assist plan fiduciaries and recordkeepers in their risk mitigation responsibilities, including:

  • Have a formal, well documented cybersecurity program.
  • Conduct prudent annual risk assessments.
  • Have a reliable annual third party audit of security controls.
  • Clearly define and assign information security roles and responsibilities.
  • Have strong access control procedures.
  • Ensure that any assets or data stored in a cloud or managed by a third party service provider are subject to appropriate security reviews and independent security assessments.
  • Conduct periodic cybersecurity awareness training.
  • Implement and manage a secure system development life cycle (SDLC) program.
  • Have an effective business resiliency program addressing business continuity, disaster recovery, and incident response.
  • Encrypt sensitive data, stored and in transit.
  • Implement strong technical controls in accordance with best security practices.
  • Appropriately respond to any past cybersecurity incidents.

Lastly, the guidance includes online security tips for plan participants who access their accounts online.

The guidance may be found at here.

For more information on recent changes in employment law, plan to attend the McNees 2021 Labor & Employment Law Seminar to be held virtually on June 10th and 11th.

The Department of Labor recently issued FAQs addressing basic questions regarding the American Rescue Plan Act’s requirement that employers and health plans subsidize COBRA between April 1, 2021 and September 30, 2021 for assistance eligible individuals.  In addition, the Department issued model notices which are required to be provided to certain former employees. The General Notice and Election Notice are to be used by employers who are subject to federal COBRA.  The Alternative Notice is to be used for employers which are not subject to federal COBRA but which are subject to a state’s mini-COBRA provisions.

Below are the relevant links.

For more information on recent changes in employment law, plan to attend the McNees 2021 Labor & Employment Seminar to be held virtually on June 10th and 11th.  Topics will include:

  • Diversity, Equity and Inclusion Fundamentals for HR Professionals
  • 2020: The Year Best Suited for the Rear View
  • Workplace Safety: In the Era of COVID and Medical Marijuana
  • Biden’s Labor Board: What’s On the Agenda (Again)?

By Adam Santucci & Conner Porterfield.  Conner is a third-year law student at Rutgers University School of Law with an expected graduation date of May 2021. 

In the recent decision of Commonwealth v. Mason, the Pennsylvania Supreme Court held that a nanny did not have a reasonable expectation of privacy while working inside the home of her employer.  Thus, the employer’s decision to video and audio record her in their home was not a violation of the Pennsylvania Wiretapping and Electronic Surveillance Control Act (Wiretap Act).  This decision reversed both the trial court and PA Superior Court’s holding that the nanny enjoyed a reasonable expectation that her verbal communications were not subject to recording while performing her nanny duties. This decision offers helpful guidance to Pennsylvania employers outside of the domestic employment context as well.

In Pennsylvania, intercepting and recording oral communications without all parties’ consent violates the Wiretap Act if the parties have a reasonable expectation that they are not being recorded.  Violators may be subject to criminal prosecution and claims for civil damages.  To establish a prima facie Wiretap Act violation, it must be proven that “(1) the complainant engaged in communication; (2) the complainant possessed an expectation that the communication would not be intercepted; (3) the complainant was justifiable under the circumstances; and (4) that the defendant attempted to, or successfully intercepted the communication.” Agnew v. Dupler, 717 A.2d 519, 522 (Pa. 1998).

Pennsylvania courts have previously held that video recording, without audio, does not violate the Act (with some exceptions, such as restrooms and locker rooms).  In addition, the courts have held that recorded conversations in open office spaces do not violate the Wiretap Act, because employees did not have a reasonable expectation of privacy in such an environment. Additionally, PA courts have held that there is no reasonable expectation of privacy in the workplace when individuals are taking notes during a recorded conversation. But, as the Court in Mason reminded us, whether a recording violates the Wiretap Act is a highly fact specific question that must be determined on a case-by-case basis.

In finding no violation of the Wiretap Act, the PA Supreme Court reasoned that parental video surveillance of children’s rooms is so common that it has led to the phrase “nanny cam.”  The court noted that parents frequently install monitoring devices to observe domestic workers employed within their homes. Therefore, in Mason, the nanny’s expectation of privacy within her employer’s home was unreasonable, because nanny cams are essentially ubiquitous.

Mason suggests, at least for electronic monitoring purposes, that domestic workers are subject to employer video and audio monitoring throughout most of the home.  It is likely that the decision applies not only to nannies, but also others employed in the home as well, such as cleaning persons.  The majority’s opinion suggests that the decision could reduce employee’s expectations of privacy in other non-residence workplaces as well.

While the holding in Mason is limited to domestic workers, it does provide some helpful guidance to employers generally.  First, it offers a reminder that video recording, without audio recording, is generally lawful.  Second, it reminds us of the requirements of the Wiretap Act and how recording issues can impact the workplace.  Employers must keep in mind that violations of the Wiretap Act can result in third-degree felony charges.  Employees may also file a civil claim and recover actual damages, punitive damages, and incurred litigation costs.  With such risks, it is always wise for employers to seek legal counsel before recording employee communications in the workplace.  Developing appropriate policies and issuing guidance to employees on your audio and video recording practices is also recommended.

The American Rescue Plan Act of 2021 (the “Act”) was signed into law on March 11, 2021.  As well as providing extended unemployment, the Act provides for subsidized COBRA, an increase in the amount of dependent care assistance permitted, continued and expanded credit for paid sick and family leave, and assistance for certain single and multiemployer pension plans.

Dependent Care Assistance Plan

The Act increases the amount an employee can exclude from the employee’s income and contribute to a dependent care assistance plan from $5,000 to $10,500 for the year 2021 only.


Both private sector employers who are required to provide COBRA and governmental employers who are required to provide “public COBRA” under the Public Health Services Act must fully subsidize COBRA premiums from April 1, 2021 until the earlier of (i) September 30, 2021, (ii) the date following the expiration of the maximum period of continuation coverage required under COBRA, or (iii) the date the former employee becomes eligible for coverage under any other group health plan.  Employers must subsidize the payments for any employee who lost coverage because the employee was involuntarily terminated (other than for gross misconduct) or had a reduction in hours.  Employees who voluntarily terminated employment are not eligible.  The eligible employees would include those who elected COBRA and are still in their coverage period and those who did not elect COBRA or those who terminated their COBRA election and who would still be in their coverage period if they had elected or not terminated COBRA.

Employers will receive a credit against their quarterly Medicare Tax payments for the payment of the subsidy.  If the plan is a multiemployer plan, the plan will be responsible for the payment of the subsidiary and will receive a credit on its Medicare Tax liability.   To the extent that the amount of the subsidies exceeds the Medicare Tax liability, the employer will receive a refund.

Employers must provide three notices to eligible former employees notifying them of the premium subsidy, the extended opportunity to elect coverage, and when the premium subsidy will be terminated.

In addition, employers may, at their option, allow former employees who are currently electing COBRA to elect coverage under a different plan offered by the employer as long as (i) the premium for the new coverage does not exceed the premium for the current coverage, (ii) the new coverage is not an excepted benefit, a QSEHRA, or a FSA, and (iii) the employee did not voluntarily terminate employment.

Credit for Paid Sick Leave and Paid Family Medical Leave

The Act expanded the time period in which an employer may receive a tax credit for voluntarily providing paid sick leave and paid family medical leave in certain circumstances.  The tax credit is equal to 100% of the qualified sick leave and family medical leave wages and it is applied against the employer’s quarterly taxes.  The Act retains the $200 and $511 a day limitation depending upon the reason of the leave.  The Act also expands the leave to include (1) the seeking or awaiting the results of a diagnostic test for, or a medical diagnosis of, COVID-19 and (a) such employee has been exposed to COVID-19  or (b) the employee’s employer has requested such test or diagnosis, or (2) the employee is obtaining immunization related to COVID-19 or recovering from any injury, disability, illness, or condition related to such immunization.

Single Pension Plan

For purposes of the underfunded single employer plan, it will extend the amortization period from 7 years to 15 and make changes to the interest rate stabilization provisions.

Multiemployer Pension Plan

The Act temporarily delays the designation of endangered, critical, and critical and declining status of multiemployer pension plans.  For plan years between March 1, 2020 and February 28, 2021, a multiemployer pension plan may maintain their status from the prior plan year.  In addition, a multiemployer plan which is in endangered or critical status for a plan year beginning in 2020 or 2021 will have their funding improvement period or rehabilitation period extended for five years.

For more information on these changes and other employee benefit law changes, contact a member of our Labor and Employment or Employee Benefits Group.