city of San Antonio


Some of our meetings have moved. View additional meetings.

File #: 16-2769   
Type: Staff Briefing - Without Ordinance
In control: Audit Committee
On agenda: 4/19/2016
Posting Language: AU15-015 HR Third Party Benefit Vendor Contract Monitoring
Attachments: 1. AU15-015 Audit of HR - Third Party Benefit Vendor Contract Monitoring
Date Ver.Action ByActionResultAction DetailsMeeting DetailsVideo
No records to display.

AUDIT COMMITTEE SUMMARY

April 19, 2016

Audit of Human Resources Department

3rd Party Benefit Vendor Contract Monitoring 

Report Issued February 2, 2016

 

Background

 

The City of San Antonio strives to provide a competitive compensation and benefit package to attract and retain a highly skilled workforce. Human Resources’ (HR) core functions include but are not limited to employee benefits and wellness that is implemented and administered by HR Employee Benefits staff. 

HR staff in partnership with Third Party Administrator (TPA) vendors are responsible for the design, administration, education, and customer service of the following programs: the self-funded indemnity health care and dental plans, fully insured Dental and Vision Plan, Life Insurance plan, Employee Assistance Program (EAP), Short and Long Term Disability Program, Wellness Program, Occupational Medical Clinic, Deferred compensation, and voluntary benefits coverage.  HR is responsible for TPA contract monitoring to ensure that the City and the vendors are in compliance with all contract terms and conditions.

Audit Objective

 

Determine if HR is properly managing and monitoring its third-party health insurance providers.

Audit Scope and Methodology

 

The audit scope included HR’s current contract monitoring processes. We reviewed contract related provisions from January 2013 through March 2015.  Audit scope did not include insurance claims. 

Audit Conclusions

 

HR management is not effectively managing and monitoring the healthcare and benefit TPA vendors.

 

                     HR is not effectively monitoring contract provisions and performance standards for healthcare and benefit TPA vendor contracts.  HR does not have formal procedures to monitor TPA contracts and controls to ensure third parties are in compliance with contractual requirements.

 

                     Business Associate Agreements (BAA) do not address current HIPAA requirements.

 

                     HR does not have controls in place to ensure changes, updates to employee and dependent personally identifiable information (PII) provided to applicable healthcare, and benefit third party vendors is accurate.

 

                     HR does not have adequate controls in place to ensure appropriate user access to electronic sensitive PII maintained on the City’s network and to actively monitor and manage TPA vendor application user access.

 

 

We made recommendations to address each of these issues.  HR management concurred with our recommendations and developed positive corrective action plans.