Insurers and health plans to cover COVID-19 at home tests

On Jan. 10, 2022, the Departments of Labor, Treasury and Health and Human Services released guidance to support the Administration’s directive that health insurers and group health plans cover, subject to certain criteria, the cost of FDA-authorized and approved over-the-counter (OTC) COVID-19 at home tests. 

Beginning Jan. 15, 2022, UnitedHealthcare will cover most commercial individual and group plan members’ FDA-authorized and approved OTC COVID-19 at home diagnostic tests purchased on or after this date, without a doctor’s prescription or clinical assessment. This COVID-19 at home test coverage will include up to 8 tests per member per 30 days.

UnitedHealthcare has established a preferred retail program for its commercial individual and group health plan members with UnitedHealthcare’s Pharmacy benefit administered by OptumRx. UnitedHealthcare’s initial preferred OTC retailer for COVID-19 at home tests is Walmart Pharmacy where members may show their ID card and then do not have to pay an up-front cost or submit a claim form for subsequent reimbursement. More preferred retailers are expected to be added soon. When COVID-19 at home tests are purchased at any in-store or online retailer, other than the in-store Walmart Pharmacy, members may submit their receipt(s) for reimbursement through the UnitedHealthcare member portal. UnitedHealthcare will reimburse the member a maximum of $12 per test.

Self-funded customers with carve out pharmacy (who do not have UnitedHealthcare Pharmacy benefits administered by OptumRx) have two options.

  1. Work with their pharmacy benefit manager (PBM) to set up a program, potentially including a direct reimbursement program for employees at their PBM’s pharmacy.
  2. Reimburse the COVID-19 at home tests purchased at the member’s choice of retailer at retail costs through their UnitedHealthcare administered medical benefit. 

UnitedHealthcare assumes that most employers will select option 1 and use their PBM to set up the program for the members. The customer must let their UnitedHealthcare representative know if they want the program to go through the medical benefit (not the PBM) by Friday, Jan. 21, 2022. If your client does not have the UnitedHealthcare pharmacy benefit with OptumRx, for an interim period, UnitedHealthcare will pay claims submitted in the member portal through the medical benefit.

If an employer chooses option 2, to use the medical benefit, UnitedHealthcare will reimburse a member purchase of at home tests when they submit the receipt through the member portal. The member would be reimbursed based on the cost of the test they purchase within the guideline of 8 tests per member per 30 days.

Please review the COVID-19 At Home Test FAQs on the uhc.com COVID-19 FAQ site and look for more communications to be sent early next week. COVID-19 At Home Test member FAQs also available here. UnitedHealthcare will be sending this information directly to clients by Wednesday, Jan. 19.

Log4j and the “ER” Cybersecurity Challenge for Nonprofits

As we head into 2022 with Delta and Omicron on our minds and cautious hopes that this will be the year we finally put this disruptive pandemic in our rearview mirror, the impact of the log4j vulnerability continues to be felt across the technology and cybersecurity world.

(If you don’t know anything about log4j, you might want watch this short explainer video first.)

For nonprofits of all sizes, but especially smaller nonprofits (meaning under 100 staff), log4j exposed a weakness that has always been there, but could loom larger as vulnerabilities like log4j continue to emerge. And bear with me here, because I’m going to drop two eye-glazing words on you: enumeration and remediation.

Let’s use the (quite apropos) acronym ER to refer to these two terms. I like ER because it makes most Americans immediately think of “emergency room” (and, perhaps even better, makes Americans of a certain age think of the television series E/R’s George Clooney).

Emergency Room is appropriate because when there is a critical vulnerability disclosure such as log4j, technology personnel need to respond immediately by doing two (2) triage-like actions as thoroughly and rapidly as they can. And these two things are enumeration and remediation.

Think of it like this – let’s say someone threatened to throw a cream pie in the face of any of my colleagues who display the color blue.

Vulnerability – displaying the color blue
Threat – cream pie to the face.

Here’s a picture of my colleagues:

Enumeration would involve going through my staff and seeing who displays any blue. I would immediately see that I have two people with blue showing, one with a blue shirt and one with blue hair.

Remediation would involve having those staff people prevent any blue from showing. I’ll have the person in the blue shirt change to a red shirt and have the person with blue hair change it to red.

Voila! No one gets a cream pie in the face.

How ER applies to log4j and other vulnerability disclosures

The log4j vulnerability was first publicly disclosed on Thursday, December 9th, 2021 and, within hours, attackers were actively scanning the Internet for systems with the log4j vulnerability present and launching attacks against systems discovered to have the vulnerability.

For you to be able to defend your organization against attackers in these kinds of scenarios, you first need to know if you have any systems that are vulnerable to this exploit (e.g. anyone showing the color blue from the example above).

You have to have some way of searching through your systems and software and knowing if you have any devices or software that might be vulnerable and, if so, what they are and how exposed they may be. The process of identifying systems that have vulnerabilities and how exploitable they are is the essence of enumeration.

Enumeration

A typical nonprofit of, let’s say thirty-five (35) staff may have a couple of servers, a firewall (or two), some wireless access points, a few printers, and thirty-five (35) or so laptops and desktops (typically one per staff person). This nonprofit would also have dozens of software applications such as Microsoft Office, Windows and Mac OS operating systems, Adobe Reader, Quickbooks, and so on.

The Cybersecurity & Infrastructure Security Agency (CISA) provides many resources for responding to log4j, with an entire GitHub repository for guidance. This includes a list of all known vendors and software with vulnerabilities.

Even if our typical thirty-five person nonprofit has the best of intentions and goes to the CISA repository looking to take action, they are quickly going to find themselves facing a number of challenges:

  1. They have no current inventory of all these systems
  2. They have no person(s) with clear responsibility for leading the process
  3. There is limited or zero ability to automate this process
  4. It is extremely difficult for the decision-makers to make appropriate decisions about resource allocation:
    • How urgent is it to do this?
    • How much risk is there?
    • How likely is it that my organization will be targeted?

That is part one of the ER challenge. How would your organization perform enumeration in a scenario like this? Would it even be possible?

Remediation

Part two of the ER challenge is remediation. Once you have enumerated your vulnerabilities (going back to our cream pie example, the two people displaying the color blue), you need to remediate. This typically means eliminating the vulnerabilities by either patching (running updates that fix the vulnerabilities) or making system changes that render the vulnerability unexploitable.

If your enumeration process reveals many vulnerabilities, you will need to prioritize your remediation efforts. Let’s say, for example, that you discovered a vulnerability in one of your servers and also in software applications running on 10 out of your 35 workstations. How do you decide what to remediate first?

In this instance, an Internet-facing server (such as a web server or database server) with the log4j vulnerability present is probably the most critical, since all it would take for an attacker to exploit it is to find it themselves (through their scans of the Internet) and then send it a single packet of data.

The workstations would not typically be Internet-facing (meaning they would not accept unsolicited input from the Internet), and therefore would be less vulnerable, since some kind of user action would be required for an attacker to exploit the log4j vulnerability on those workstations. Note that you will still want to remediate these vulnerabilities, because they can be exploited by getting a user to click on a malicious link, such as through a phishing email. Note that further remediation could include training your staff on how phishing emails work and educating them on how to identify potentially malicious email messages.

The Crux of the Challenge

At this point, unless you’re an IT professional or just incredibly curious about this sort of thing, your eyes have most likely glazed over. Alternately, you might be experiencing minor heart palpitations (if so, my apologies!).

And that’s the issue, in a nutshell. Most nonprofits are in no way prepared to respond effectively to these kinds of major vulnerability disclosures.

What to Do

If your organization does not have in-house capabilities that allow you to keep a current and accurate inventory of your systems and perform some reasonable version of the ER process we’ve described here, think about whether your organization is comfortable accepting that risk or if you’d like to do better. If you would like to be better prepared, consider working with a third-party technology provider (such as RoundTable) that has tools and expertise to respond appropriately to present and future threats.

Also, having an automated digital asset management system (not simply a spreadsheet you update manually) is not only incredibly helpful for day-to-day IT needs, but is increasingly a critical tool in your cybersecurity defense arsenal, without which, you’re left to either guess & hope or do a lot of manual work to perform enumeration and remediation when needed.

If you would like to talk with someone at RoundTable about how we could help your organization with improving your cybersecurity or any other aspect of your technology management, please reach out.

LISTEN TO A PODCAST ON LOG4J

Tax Information Reporting for Non-Profit Organizations

Information reporting, such as on Forms 1099 or W-2, is one of the crucial components of a well-functioning tax system.  Such information reporting both assists taxpayers in filing of their annual returns as well as informs the government of income earned by taxpayers.  Broadly speaking, the IRS has placed the burden of information reporting on the payors but ultimately the requirement to report income falls on the recipient. 

Much like with wage reporting, the Internal Revenue Code does not make the distinction between Non-Profit Organizations and For-Profit Organizations, thereby requiring many Non-Profit Organizations to file annual information returns.  The most common form of information reporting for organizations (besides payroll) is the filing of Form 1099. 

The most common types of reportable payments made by organizations which require reporting are

  • Non-Employee Compensation
    • These are payments to independent contractors made by the organization.  These can include service providers like accountants and lawyers.  Organizations should be sure that payees are independent contractors and not employees
  • Rent
    • Payments for the use of property (typically including any CAM charges or Real Estate Taxes included as part of the lease) are subject to information reporting.
  • Other Income
    • Organizations that make other payments that may be taxable to the recipient (such as prizes, awards, or non-qualified scholarships) should report these as “Other Income”

One area that is unique to the Non-Profit Sector is the potential payment in relation to the mission of the organization.  The Internal Revenue Code does have a somewhat broad definition of income, with income as “all income from whatever source derived” meaning “instances of undeniable accessions to wealth, clearly realized and over which taxpayers have complete dominion.”  While some of these cases can be clear (wages, interest) others can be a bit more obtuse (certain fringe benefits, prizes, and awards).  Where does a payment or benefit from an organization fit in – certainly if an organization is helping someone in need, the last thing they may want is to create a taxable burden on someone as a result. 

Luckily, there is an exemption for these payments.  The IRS considers payments from organizations generally to be “gifts” under IRC Section 102.  The IRS has published several different revenue rulings (Rev. Rul. 2003-12, 99-44, INFO 2006-0027) which elaborate on this, but largely the payments are made because of “detached and disinterested generosity….out of affection, respect, admiration, charity of like impulses.”  As such, the payments are “excluded from gross income” and “not subject to information reporting under 6041.”  So long as the recipients are not required to perform any services or similar and the payments are made out of this generosity the payments should be both exempt from tax and information reporting. 

Finally, a common question for many non-profit organizations relates to payments for foreign contractors.  Most non-profits are familiar with the information reporting rules requiring Form 1099 to contractors, but when the payment is made to an overseas contractor (who typically will not have a Social Security Number) questions arise.  While no one answer can be said, generally, payments made to a service provider who is providing the services outside of the US are not subject to US Taxation (as they are not Effectively Connected Income) and are not subject to reporting requirements.  Organizations should obtain a Form W-8 BEN from these contractors, which is a certification that the payments are not Effectively Connected Income (e.g. performed in the US). 

Other payments that are not for services (e.g. awards or prizes) or are performed by a non-resident individual in the US or are Effectively Connected Income are both taxable in the US and reportable payments.  Such payments are reported on Form 1042-S and may be subject to withholding at the source, which can vary greatly depending on the nature of the payment and the citizenship of the recipient. 

Edward McWilliams, CPA

EDWARD MCWILLIAMS, CPA

Partner

Ed is a Partner in the firm’s tax and business advisory practice focusing on providing services to middle market private companies across different industries as well as to early stage startups. Ed has over a decade of experience providing tax and business consulting services to these companies of different sizes and across different industries, bringing a broad and diverse knowledge base and strategic solutions to the many complex issues that businesses face.

Unveiling Financial Purpose, Power & Prosperity: Pandemic & Beyond

Unveiling Financial Purpose, Power & Prosperity: Pandemic & Beyond

About This Event

Unveiling Financial Purpose, Power & Prosperity: Pandemic & Beyond

This seminar will present the tools and resources with strategies to strengthen and develop new skills to discover and re-discover avenues for wealth building power, aligning purpose and financial prosperity for personal lives and nonprofit organizations. The Zoom information will be emailed upon receipt of your registration.

The proceeds of this symposium will help to support the Work of Hidden Halos Kingdom Assets.

To Support the vision of Hidden Halos Kingdom Assets or adopt a project, you can donate through our website or text (SMS) to give.

Suggested Donation $ 25 (USA) TEXT ” KIM Global” to 44-321.

SMS “KIM Global” to 917 999 0700 to GIVE

All donations are tax deductible in the USA, tax ID can be found on our website or give through our website on the “Support Our Cause” tab or copy and paste this link on your browser:

https://www.paypal.com/donate/?cmd=_s-xclick&hosted_button_id=AD2CCZMHB693E

You can also find us on givelify.com

Thank you for your support.

BEHIND THE SCENES OF A VIRTUAL EVENT

BEHIND THE SCENES OF A VIRTUAL EVENT

Have you ever wondered what it looks like to put together a virtual event? They look seamless and effortless, but in reality, a lot of work goes into producing a polished event.

There are a lot of details and moving parts in order to make a seamless virtual event:

  • Map out your event
  • Find the best platform that fits your event needs
  • Determine your MC and other speakers
  • Work with participants to record their portions
  • Edit speaker videos
  • Rehearse, Rehearse, Rehearse!
  • Create compelling visuals

MAP OUT YOUR EVENT

Your event can range from being all live on a zoom webinar to having a combination of live and prerecorded components and with or without an interactive audience. Determine your event format and how you envision it happening so that the rest of the event planning falls into place.

DETERMINE YOUR EVENT PLATFORM

There are so many types of virtual event platforms available now; it can be difficult to decide which to use. PBP is constantly investigating new platforms and revisiting old platforms, as the platforms are continuously upgrading and adding services. We watch as many demos and talk to as many companies that we can to make sure we are able to suggest the perfect platform for your event. Sometimes a combination of different platforms works best for your event, and we want to ensure you have the best platform for the best experience for your guests.

SPEAKER WRANGLING

Everything with the virtual world needs to be decided early because it takes time to prepare. If you decide to prerecord any/all of your speakers, then you need to know who the speakers are early on so that they have time to create their videos. You will need to *virtually* hold their hands a bit while they record their video – making sure they are dressed appropriately for the event, the lighting is right, the camera is positioned correctly, they are not looking down at their script constantly, etc. Your speaker may have to rerecord their speech, but better to know early on rather than right before the event.

EDITING

Once you receive your speaker videos you will need to watch them a few times to make edits. Many times the beginning and the end need to be edited out because the speaker is either starting/stopping the camera or someone is saying “go” in the background. These are all minor edits. Other times you may have to edit out a majority of the speech and just use a clip. However you envision your event, make sure you watch these videos a few times to determine how you want to use them.

REHEARSE!

You cannot rehearse too much. If you are doing a live show, you will need to make sure all your speakers know how to access the event, know when they will be seen on screen, who is interacting with the audience. If you are doing a prerecorded show you will need to watch it many times to find the best places to put the logos, making sure the videos line up well, that your program is clear to the audience. Finally, for a hybrid event, you will need your live speakers to know how to get “backstage” to be on camera, when they will be on camera and making sure the prerecorded part fits in with the live part. The more you rehearse, the more flawless your event will be because you will be able to pick up little details you may not have thought of before.

CREATING VISUALS

This may not seem like a big deal, but many events have a lot more visuals than it seems. From the slideshow before the event, title graphics for each speaker, logos in the corner, incorporating images while a speaker is talking. Make sure you stay on theme with all your images to tie the whole event together. Creating visual may not seem necessary, but they certainly add a nice touch to the event.

If your event was prerecorded or mostly recorded, event day should be smooth! Check in with your speakers, make sure they are set, send your step-by-step instructions to the attendees so it is easy for them to log on, have one or two people available by phone and email to help with any technical issues, etc.

While we are all excited to go back to in person events, that will be another learning curve with now having many more hybrid events and making sure the virtual attendees still enjoy the event. The event world is forever changing and we will always do our best to keep up!

REESE TOSHACH
reese@poweredbyprofessionals.com

Technology Matters to Nonprofits: The Impact of Falling Behind the Technology Curve

Technology Matters to Nonprofits

My wife was recently notified by our wireless provider that her smartphone will no longer be supported. A couple of years ago, when she needed a new cell phone, we made the decision to save some money by buying an older, but not obsolete, model phone. “There’s no reason to spend all that extra money for the latest, greatest model when this one will work just fine,” we reasoned.

Most of us as consumers can relate to this story. Things seem to be changing faster than ever. My teenage children cannot believe that when they were born, we had to take pictures of them using actual cameras because none of us yet had smartphones with built-in cameras. How many movie plots would fall completely apart in a world like today in which smartphones are so ubiquitous?

But are things changing faster than ever? Without question!

In fact, the speed of technological advancement is said to be exponential, not linear. One scholar, Ray Kurzweil, refers to the phenomenon as“The Law of Accelerating Returns”.

The graphic here displays the advancements of technology on a historical timeline:

accelerating growth in technology chart

Source: Asgard Human Venture Capital for Artificial Intelligence

The idea of keeping pace with this speed of technological change is daunting to any of us individually, but even more so to a nonprofit organization. As a firm that has worked exclusively with nonprofits for nearly three decades, JMT knows that nonprofit organizations tend to lag behind the technology adaptation curve. This lag results in part from simple resource constraints, but primarily from the Overhead Myth’, or the false conception that financial ratios are the sole indicator of nonprofit performance.

This mindset essentially boils down to the idea that as much money as possible should be spent on programs, not infrastructure. The noble intention behind the ideal of that statement was taken to the extreme and became insidious in the nonprofit culture, to the point that there was an almost palpable fear of spending money on anything that is not direct program activity. There has been an organized effort by thought leaders, such as Guide Star, and even foundations who fund nonprofits, such as Virginia G. Piper Charitable Trust, for several years to change the mindset and the culture of nonprofits with regard to infrastructure spending. We believe the lag in technology adaptation by nonprofits is shrinking, though there will always be at least some gap.

The combination of the exponential speed of technological evolution and the gap in nonprofit adaptation creates a risk that falls under the category of the ‘nonprofit starvation cycle’, which is discussed in detail by JMT’s friends at BDO LLP in this benchmarking surveyThe ability to grow and serve more people is constrained by a lack of infrastructure spending. Paradoxically, the very outcome nonprofits are trying to avoid —less impact on the community– by spending too much on “overhead” becomes the reality when too little is spent on infrastructure!

While my wife and I are merely annoyed that we spent money on dated technology and are now facing the need to buy a new cell phone, it could be disastrous for a nonprofit to make the same mistake with a mission critical system such as a financial management/ERP or a Donor Management system.

I just returned from a technology conference in which it was announced that an ERP system will be using machine learning to automatically scan the general ledger for anomalies and irregularities in journal entries. I’m sure that this amazing feature will one day be something we all assume is part of any ERP, just as we all assume a cell phone has a camera. Don’t be fooled by solutions with recognizable brand names and years in the marketplace—many of them are powered by older generations of technology. It still works, but how long before those solutions will be obsolete and outdated like my wife’s smartphone?

We’d love the opportunity to learn more about your technology needs and how we can help support your organization’s growth and ability to serve others. To chat with one of our nonprofit experts, contact us here.

Post Author Photo

Andy Harleman

DIRECTOR OF SALES, JMT CONSULTING

In the mid-90’s, Andy helped found a nonprofit organization serving people with developmental disabilities in the St. Louis, MO area. There, he served as Administrative Director until departing to start a small business. In 2006, Andy found an opportunity to join a consulting firm which was dedicated to the nonprofit sector. This firm was then acquired by JMT Consulting Group in 2008. In the more than a decade of being part of the JMT Team, Andy has helped hundreds of nonprofit organizations more effectively deliver their services to the community.

JMT

Cerini Nonprofit Connection: Technology Solutions for Nonprofits

Join Ken Cerini and guest Michael Halperin of Solarus Technologies, Inc. for our monthly nonprofit webinar series!

When: February 17, 2021 | 12:00pm – 12:45pm

Topic: Technology Solutions for Nonprofits

They will cover:

  • Technology issues facing nonprofits
  • Ways to better manage your team remotely
  • How to ensure you are getting the most of your technology budget

Register here! 

 

Our Next Guest

Michael Halperin

Senior Vice President of Business and Acquisitions

About Our Guest

Michael Halperin is the Senior Vice President of Business and Acquisitions at Solarus Technologies, Inc., which provides outsourced managed services to clients nationally. While on the Board of Directors at Habitat for Humanity, Michael met Matthew Nikravesh, the President and Co-Founder of Solarus Technologies. It became clear that Michael would be a great fit for Solarus and was hired to be an integral part of Solarus’s executive team. Michael is presently President and Chairman of the Board for Habitat For Humanity Nassau. Michael also holds board seats with both Girls Inc. of Long Island and Spirit of Huntington Art Center. Michael is passionate about hockey, enjoys being outdoors, and has a deep appreciation for music and art. His teenage daughter shares his love for art and together, they have amassed an eclectic art collection from all over the world in their home on Long Island.

Nonprofit Governance Bootcamp – What Your Board Needs To Know (Part 1)

Our Guest Speaker David Goldstein will discuss:
– Fiduciary Duties Of Board Members And Officers Under New York Law
– Potential Personal Liability Of Board Members And Officers For Breach Of Duty
– Governance Legal Requirements That Every Nonprofit Needs To Know
– The Impact Of The Pandemic On Nonprofit Governance
– A Roadmap For Governance Compliance

Register here!