SBA Disaster Assistance in Response to COVID-19

The U.S. Small Business Administration (SBA) is offering designated states and territories low-interest federal disaster loans for working capital to small businesses suffering substantial economic injury as a result of the Coronavirus (COVID-19). Upon a request received from a state’s or territory’s Governor, SBA will issue under its own authority, as provided by the Coronavirus Preparedness and Response Supplemental Appropriations Act that was recently signed by the President, an Economic Injury Disaster Loan declaration.

Read more on the SBA’s website

IRS, Coronavirus (COVID-19), and High-Deductible Health Plans

On March 11, 2020, the Internal Revenue Service (IRS) released Notice 2020-15 for high deductible health plans and expenses related to 2019 novel coronavirus (COVID-19) stating that, until further guidance is released, a health plan that otherwise satisfies the requirements of a high deductible health plan (HDHP) under I.R.C. § 223(c)(2)(A) will not fail to be an HDHP merely because it provides health benefits associated with testing for and treatment of COVID-19 without a deductible, or with a deductible below the minimum deductible (self only or family) for an HDHP. Therefore, an individual covered by the HDHP will not be disqualified from being an eligible individual under § 223(c)(1) who may make tax-favored contributions to a health savings account (HSA). 

This does not modify previous guidance with respect to the requirements of an HDHP in any manner other than with respect to the relief for testing for and treatment of COVID-19. Vaccinations continue to be considered preventive care under § 223(c)(2)(C) for purposes of determining whether a health plan is an HDHP. Rather, the notice provides flexibility to HDHPs to provide health benefits for testing and treatment of COVID-19 without application of a deductible or cost sharing. Individuals participating in HDHPs or any other type of health plan should consult their particular health plan regarding the health benefits for testing and treatment of COVID-19 provided by the plan, including the potential application of any deductible or cost sharing.

Read Notice 2020-15

CDC, OSHA, and Coronavirus

In response to the COVID-19 (coronavirus) outbreak, the U.S. Centers for Disease Control (CDC) issued:

The CDC has also created the following posters for download:

Additionally, the U.S. Occupational Safety and Health Administration (OSHA) has created a COVID-19 website for workers and employers addressing the disease, providing guidance, and other resources for preventing exposure to and infection with the virus. We recommend that employers review the CDC and OSHA websites frequently, as the COVID-19 outbreak continues to develop.

Read more on the CDC


In February 2020, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released a bulletin to ensure that Heath Insurance Portability and Accountability Act (HIPAA) covered entities, and their business associates, are aware of the ways that patient information may be shared under the HIPAA Privacy Rule in an outbreak of infectious disease or other emergency situation. The bulletin also reminds covered entities that the protections of the Privacy Rule are not set aside during an emergency and discusses the following HIPAA topics:

  • Sharing patient information
    • Treatment.
    • Public health activities.
    • Disclosures to family, friends, and others involved in an individual’s care and for notification.
    • Disclosures to prevent a serious and imminent threat.
    • Disclosure to the media or others not involved in the care of the patient/notification.
    • Minimum necessary (for most disclosures, a covered entity must make reasonable efforts to limit the information disclosed to that which is the “minimum necessary” to accomplish the purpose).
  • Safeguarding patient information.
  • HIPAA’s application to only covered entities and business associates.

The bulletin also provides links to the following resources:

HIPAA and Public Health, please visit: For more information on HIPAA and Emergency Preparedness, Planning, and Response, please visit: General information on understanding the HIPAA Privacy Rule may be found at: For information regarding how Federal civil rights laws apply in an emergency, please visit:

Review the bulletin

ERISA and Actual Knowledge

On February 26, 2020, the Supreme Court of the United States (SCOTUS) unanimously determined the intersection of “actual knowledge” and prudent investments in Intel Corporation Investment Policy Committee et al. v. Sulyma, under the Employee Retirement Income Security Act (ERISA) and within retirement plan manager duties.

Under ERISA, plan fiduciaries’ (which include plan trustees, plan administrators, and members of a plan’s investment committee) primary responsibilities are to run the plan solely in the interest of participants and beneficiaries and for the exclusive purpose of providing benefits and paying plan expenses. Fiduciaries must also act prudently and must diversify the plan’s investments in order to minimize the risk of large losses. For beneficiaries, ERISA requires that they bring a lawsuit against a plan fiduciary for imprudent investments within six years; however, if the beneficiary has “actual knowledge” of the imprudent investments, then the suit must commence within three years of gaining that knowledge.

In this case, Christopher Sulyma was an Intel Corporation employee from 2010 to 2012 who sued the corporation in October 2015 claiming it violated ERISA by investing large portions of plan assets in imprudent investments, resulting in significant losses for plan participants. However, Sulyma filed his case more than three years after the administrators disclosed their investment decisions to him, so the administrators argued his claim was untimely. Although the claim was filed within six years of the alleged breaches, it was more than three years after petitioners had disclosed their investment decisions to Sulyma and thus he had actual knowledge and missed the deadline to file his suit; therefore, Intel argued there should be no suit (it was untimely).

The court held that Sulyma did not have actual knowledge of the imprudent investments triggering the three-year shortened timeframe to bring a lawsuit. The court detailed that although Sulyma visited the website that hosted the disclosures many times during his employment, he testified that he did not remember reviewing the relevant disclosures and that he was unaware of the allegedly imprudent investments while working at Intel. The court went on to clarify that, “[i]f a plaintiff is not aware of a fact, he does not have ‘actual knowledge’ of that fact however close at hand the fact might be . . .” and “As presently written [ERISA] requires more than evidence of disclosure alone. That all relevant information was disclosed to the plaintiff is no doubt relevant in judging whether he gained knowledge of that information. [But to meet ERISA’s] ‘actual knowledge’ requirement . . . the plaintiff must in fact have become aware of that information.” In other words, SCOTUS held that Sulyma could have known about the investments from the disclosures, but according to his testimony he did not and therefore did not file his lawsuit too late.

The decision took effect on February 26, 2020.

Read about ERISA fiduciary responsibilities and SCOTUS’s decision

Electronic Reporting OSHA Form 300A

The deadline for electronically reporting the Occupational Safety and Health Administration (OSHA) Form 300A data for calendar year 2019 was March 2, 2020. However, not all establishments need to submit their OSHA 300A Data. For example, those that meet any of the following criteria are not required to submit their information:

  • The establishment’s peak employment during the previous calendar year was 19 or fewer, regardless of the establishment’s industry.
  • The establishment’s industry is on this list, regardless of the size of the establishment.
  • The establishment had a peak employment of between 20 and 249 employees during the previous calendar year and the establishment’s industry is not on this list.

Note, these criteria apply at the establishment level, not to the company as a whole.

The collection of calendar year 2019 data and beyond will include the collection of each establishment’s Employer Identification Number (EIN). 

Read more about OSHA injury and illness recordkeeping and reporting requirements here