Implications of HIPPA Legislations for Business

The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has various implications for the field of business continuity. Although the act more directly impacts Healthcare Organizations, most employers must also navigate through the highly complex regulations, striving for compliance. Health care reform, specifically portability of health insurance and accompanying patient information, was the catalyst for the bill. Patient privacy and the security of electronic records have proven the most direct and significant challenge for the business continuity profession.




Health care reform advocates during the mid 1990’s, expressed concern over the large numbers of uninsured employees and the lack of coverage for certain medical conditions. Prior to that time, if an employee changed employment, the insurance company at the new place of employment was not required to cover pre-existing conditions or health issues which existed prior to taking the new job. The gaps in coverage for selected chronic medical conditions created severe hardships on the working poor. Congress passed HIPAA to address portability of health insurance and, at the same time, added administrative requirements for efficiency improvements in the existing system, which improved the probability of the legislation’s success. HIPAA legislation has far reaching implications for disparate functions of many organizations. HIPAA provisions impact healthcare organizations, Federal and State agencies, private health plans, healthcare providers, and other companies who store or process healthcare data.



Concerns over the electronic storage of confidential medical records prompted Congress to add security provisions to the HIPPA legislation. The United States Department for Health and Human Services (HHS) proposed the security rule in 1998 which requires covered organizations to secure the integrity, confidentiality, and availability of medical records. Organizations storing healthcare data were given responsibility for developing security standards for medical records stored and transmitted electronically.



In an effort to ensure compliance, HHS suggested an internal control structure over information systems including technical, administrative, and physical controls. Also, organizations must perform an effective threat assessment and identify key vulnerabilities to the integrity and security of medical data, ensuring that an adequate disaster recovery plan is in place. Organizations must also provide adequate safeguards against unauthorized access and usage of medical records. Finally, organizations must establish compliance programs for their staff. Business continuity and disaster recovery professionals are uniquely qualified to assist with the development, maintenance and testing of HIPAA compliance programs related to the privacy and security rules.



Recognizing the potential for loss of confidential information, Congress incorporated provisions for individuals into HIPAA. HHS developed regulations and issued the final privacy rule provisions in 2004. The regulation covers all types of medical data associated specifically with individual patients, including past and present physical and mental health records and any personal information which would identify the patient or employee including social security numbers. The privacy rule defines situations in which medical information may be accessed within the organization or released to third parties. Patients must sign an authorization form detailing who will use the information and how it will be used before healthcare organizations may release their information.



The consequences of HIPAA non-compliance can be substantial, potentially resulting in large fines (up to $250,000) civil litigation, and as much as a ten year prison term for negligent or intentional violations of the HIPAA legislation. However, organizations should be more concerned about other losses, which are difficult to calculate, such as erosion of patient trust if confidentiality or security breaches occur. Some organizations, especially healthcare organizations, rely on trust as the driver for brand equity with patients or customers. Damage to brand equity, although sometimes difficult to measure, could be another side effect of privacy or security failures.



An organization developing a HIPAA privacy and security program should first develop a policy defining the scope, objectives and roles for all participants in the program. Executive management participation and sponsorship are vital for the success of the program and should specifically be defined in the policy. Management should target the policy to the users in order to achieve understanding and accountability for responsibilities included in the policy.



Organizations developing or maintaining a HIPAA compliant information technology security program should next perform a risk assessment, consistent with business continuity practices, to determine areas of vulnerability. Demands for access to information from a variety of sources including patients, doctors, healthcare providers and employees has created the need for an holistic strategy for data security which can be easily adapted as new technologies emerge. The threat to the organization could come from unauthorized access from inside or outside the organization. The risks are use of medical records by unapproved users possible resulting in fines, civil litigation, or negative publicity.



When performing a risk assessment for HIPAA compliance with privacy and security rules, the organization should identify the confidential records included in the population. Next, specific threats to the assets should be identified and, finally, the probability of the threats occurring should be evaluated. Management should also perform a cost-benefit analysis based on the information derived from the risk assessment and make decisions on risk mitigation strategies.



An appropriate set of internal controls are part of the risk mitigation strategy resulting from the risk assessment process. Generally accepted standards for implementing internal controls over information systems surrounding the HIPAA process, include the following:



Access Controls-Personnel may access a system only with authorized privileges.

Integrity-Health data may be revised only by users granted access by system

administrators.

Privacy Controls-Protection from intentional or unintentional disclosure of

medical information.

Accountability-Information systems provide an audit trail of users’ activity

within the system.

Authentication-Users are properly identified through use of a user ID and

password.



Information technology management, in cooperation with the internal audit department, should identify gaps between controls that are in place and controls that should be in place. Management should then develop action plans to address internal control gaps.



The strategy for information technology security has changed recently from perimeter based strategies to inside intrusion based strategies. Data security professionals, in the past, have focused on creating robust protections from external attack while assuming that once users are authenticated inside the network, they are within the “circle of trust”. However, research recently conducted by Federal Bureau of Investigation indicates otherwise, citing 50% of attacks as originating from within the organization.



An additional challenge is increased usage of wireless devices, creating the ability to connect to the network at virtually anyplace at any time with a variety of devices. The definition of what is actually inside or outside the network has transformed due to sophisticated hackers. Gaining access through a wireless access point, a hacker can establish a decoy site and lure users to log in. The hacker can then gain access to the computer and steal passwords needed to access the corporate network.



Best practices for security professionals indicate a variety of measures which can be undertaken to secure the inner network. The data security department should define user groups and define the relationships between these groups. The data security department should enforce the defined roles and perform regular audits to ensure compliance is maintained. As business operations change, the data security department should re-evaluate the defined security roles and relationships.



In addition to developing internal controls over information systems, organizations covered by HIPAA are required to develop business continuity and disaster recovery plans covering health care data. High availability of information is a primary consideration when developing recovery strategies for medical information. During a disaster situation, medical personnel and patients are more likely to require immediate access to healthcare data than at any other time. System downtimes in the healthcare environment also require quick recovery times. Additionally, companies managing healthcare data are required to guarantee continuous operations while performing scheduled maintenance to healthcare systems.



Continuity strategies for healthcare data will likely include more sophisticated continuity solutions than other less mission critical applications. Organizations often deploy offsite data centers with identical configurations designed to mirror critical healthcare data. If network system outages occur, the users are automatically rerouted to the offsite data center. Network clustering can also be used by HIPAA organizations to provide failover and load balancing technology, also improving network availability statistics. A group of physically connected computers, running a common set of applications is available to users. If one node of the system is unavailable due to system downtime, another node takes over, eliminating critical points of failure for the system.



The business continuity and disaster recovery plans covering the HIPAA privacy and security rules should also include the standard elements of all BCP plans including identification of critical functions, crisis teams, vendor information, communications information, equipment information, vital records information and any other information necessary to recover operations. Crisis management plans along with incident response plans and plans for crisis communications should also be included. The business continuity and disaster recovery plans developed for the HIPAA privacy and security rules should be tested on at least an annual basis. Action plans should be developed for any gaps identified during the audit process.



Countries outside the United States, including those in Europe, consider health care data along with all other personal information when addressing privacy regulations. The regulations in European countries regarding privacy of personal information are more stringent than the HIPAA requirements, creating legal issues for some international companies. The European Union forbids transfer of personal data to non-compliant countries such as the United States and enforces the prohibition through the blocking of all data and through civil and criminal sanctions. The United States Department of Commerce and the European Union have developed “safe harbor principles” to address differences in data protection rules. Companies may become certified under the safe harbor rules and avoid disruption in data flow between the United States and European countries.



HIPAA privacy and security rules offer innumerable opportunities for business continuity and information technology professionals to enhance existing information technology security structures and business continuity and disaster recovery plans. Additional investment in technology to ensure security and privacy over medical records not only serves a purpose for compliance, but also protects the brand equity of the business by avoiding costly public relations disasters. HIPAA compliance is actually part of a best practices information technology environment and most of the technologies and procedures should already be in place for other business reasons. Rapidly advancing information technologies will require continuous adjustments to data security and business continuity strategies to guarantee continued compliance with HIPAA privacy and security rules.

Enterprise Risk Management

Traditional risk management, or risk handled by each separate business function or unit has become obsolete due to several factors. The fiercely competitive market with complicated supply chain arrangements increases the impact of any business interruption. Catastrophic events, such as the recent Hurricane Katrina disaster, illustrates that a company’s customer or supplier base can evaporate overnight. Risks are ever changing and corporations must adjust as new situations develop. Risk management by subject matter experts inside silos of finance, insurance, operations, and the legal department do not consider organization wide risks. Enterprise Risk Management is gradually becoming the standard for companies worldwide as the preferred method to manage organizational risk.


In the past, the one focus for risk management has been on financial risks such as interest rate or market trading risks. The portfolio manager, for example, would manage the organization’s investments based on management’s risk tolerance. The goal of the portfolio manager would be to maximize shareholder value by diversification of assets. Additionally, the credit department would evaluate customer’s credit history to determine if sales should be made to this customer.

Another traditional function for risk management is hazards management which would include insurance of facilities, business interruption insurance, director’s and officer’s liability insurance, etc. The corporation typically has a department or an individual charged with evaluating exposure to insurable losses. This individual is responsible for reducing to an acceptable level, the corporation’s exposure to uninsured losses.

Marketing and sales departments, along with operations departments of the company consider risks when evaluating business opportunities. Examples include decisions such as whether to increase production capacity due to an increase in forecasted demand or whether to purchase additional locations in order to increase revenues and market share. The return on investment is usually used as a benchmark for these decisions.

Regulatory risk is often handled by the legal department. The types of regulatory issues considered depend on the industry. For example a bank is heavily regulated by many federal agencies. Another type of regulatory risk currently in the news includes regulations covered by the Sarbanes Oxley Act of 2002 which covers Corporate Governance, and also imposes new reporting and attestation standards concerning internal controls over financial reporting.



One advantage of using the silo approach to risk management is that the personnel departments are experts in their field. However, most risks cross multiple departments of the company. For example, the fire affecting the supply for handsets for Nokia and Ericsson handsets affected operations including purchasing, logistics, marketing, sales and financial risks related to degradation in access to capital markets due to loss of market share. Additionally, regulatory issues could also have been affected since publicly traded companies are required to disclose relationships with major suppliers in their public filings with the Securities and Exchange Commission. Considering each of these risks separately in a silo would not account for the interrelationship between the variables. A problem with supply chain management led to problems with supplying the product and consequently brand image and ultimately a lower market share and a drop in stock value and a loss to the shareholders.




An alternative to the traditional silo approach is an overall organizational approach to risk management, often referred to as Enterprise Risk Management (ERM), adopted by many progressive corporations today. The goal of ERM is to maximize shareholder value by developing an executive level all risks approach. Risks are measured in terms of their impact on the company, not on the impact to each individual silo such as the investment portfolio or the marketing department. The emphasis the financial markets place on consistently meeting earnings expectations has further increased the pressure for organizations to adopt ERM, which is uniquely suited to meeting this requirement.



Risks are constantly evolving and changing including technological failures, natural disasters, terrorist acts. These events, which appear to increase in intensity, frequency, and magnitude over time mandate that corporations re-evaluate their approach to risk management in order to ensure their organization’s continued operations. For example, until the fall of 2005 no one could have imagined the magnitude of a disaster such as Hurricane Katrina hitting the United States and more importantly the lack of coordinated preparation and response by government officials.



FEMA, the Federal Emergency Management Agency was strongly criticized during this disaster for lack of preparation and analysis of risks along with other federal agencies. A lack of integration of risk analysis among the various federal, state, and local agencies was also evident. Failures, such as this disaster rightly cause all emergency agencies and businesses to re-evaluate their risk management programs to ensure that they are as well prepared as possible.



One valuable aspect of ERM is the ability to address risks not previously identified by traditional risk management performed in “silos”. For example ERM was implemented at NASA following the February 1, 2003 Space Shuttle Challenger disaster. The Space Shuttle disintegrated shortly after takeoff, killing all seven astronauts on board. Agency officials determined that part of the cause of the disaster was a breakdown in communications between various parts of the agency. The NASA Chief Information Officer met with information security personnel and business managers, determined enterprise wide risks, many previously unidentified and developed strategies to mitigate them. One risk identified was lack of consistency in data security policies which could have led to a serious breech.



A more sophisticated method of evaluating investment opportunities is another decisive advantage of ERM. Decision making methods utilizing ERM can be woven into the corporate culture allowing organizations to avoid poor investments while allowing riskier investments with potentially higher returns if analysis supports the decision. One method used by financial services organizations to analyze the risks associated with trading activities is VAR or Value at Risk. Non-financial services firms also utilize ERM when evaluating projects. One example is aerospace supplier Rockwell Collins, whose implementation of ERM was so successful the firm was named the best managed aerospace firm by Forbes in 2004. Rockwell Collins reviewed each project using risk analysis principles.




Enterprise Risk Management has been adopted by many corporations with good reputations for exceptional leadership. Competitive pressures in the financial markets have forced corporations to strive for maximum performance which can be achieved through utilizing the more sophisticated ERM tool and abandoning traditional risk management methods. Risk tolerance can be adjusted to planned levels allowing for investment in projects with higher return on investments. Additionally, corporations can anticipate risks by considering the organization as a whole and the relationship between risk factors. ERM will enable corporations to maximize shareholder value while managing risk at tolerable levels.

The Halo Effect for Marketing Products

The Halo Effect of Associated Brands




Will the brand equity of ABC Car Rental Group, Inc. (ABC) create a halo effect on the new market the company intends to enter? Scott Brown is optimistic of success and has persuaded key allies within ABC’s executive management group to champion his cause. The “halo effect” as Scott Brown, the Executive Vice President of Marketing, explained, involves leveraging the popularity and image of one brand to enhance the value of another brand. Scott illustrated the halo effect by citing the example of Apple computers increased sales due to the popularity of the IPod music player. ABC’s executive management staff believed that the “halo effect” justified entering a new business venture.



ABC traditionally targets the leisure traveler in vacation destinations such as Florida and Hawaii. Customers often write letters to corporate headquarters praising ABC location staff for assisting them with a personal emergency situation during their vacation. Additionally, ABC offers an incentive bonus award to employees for offering suggestions for improvements to company operations. Rental agents from many locations have submitted suggestions that ABC offer travel arrangements information. The rental car agent is the first point of contact for many travelers in an unfamiliar location. Many customers arriving at the rental counter from the airport request assistance from the agents. Additionally, on line reservations agents have submitted suggestions that ABC offer travel information for customers.



ABC performed consumer research to determine the type and scope of the travel assistance which would benefit ABC customers. The marketing department identified several areas of assistance including tickets to theater or sporting events, travel directions, nanny services, suggestions for restaurants, technical assistance with computers, translation services, lost cell phones or blackberries, shopping suggestions, and information on local attractions. The marketing department developed a suggested package which would fulfill most of these needs. ABC rental car customers could pay an extra charge for the services of a personal concierge for their visit to a vacation destination. The personalized package could be designed on line when the reservation is made or on site when the reservation is paid for. Changes to the package can be made at any time and flexibility is emphasized. Combined with ABC’s partnership with key airlines, ABC is positioned to align itself as the traveler’s vacation solution.



The marketing department will market the new Smart Concierge or Speedy Concierge service along with the Smart and Speedy brands on the web sites and in other advertising venues. ABC will train telephone reservations agents as well as counter agents to answer questions concerning the new service. The ABC Application Development Department is currently developing Software to capture and manage the new information. A 24 hour telephone service will answer calls about the service and handle any emergency situations.



Training for personal concierges for each city will be developed along with job responsibilities. The key to the training and job responsibilities will be emphasizing the personal touch, mentioned in customer letters to headquarters year after year. The personal touch distinguishes ABC from the competition and creates a market niche for the company in an increasingly competitive market.



Conversely, Enterprise, the market share leader in the rental car industry targets off airport locations, traditionally lower cost due to lower rental costs for the locations and less taxes and fees added by airport and city authorities. Consumers have also realized that rental rates are cheaper outside of airport areas and have in some cases switched to off airport locations. Hertz, another market leader in the industry, is also targeting off airport locations, creating an even greater need for ABC to create a market niche and brand loyalty through creative means.



As Scott Brown, EVP of marketing said “The Smart and Speedy brands, will associate our new concierge service with our Smart Every Time motto” in the consumer’s mind and create synergy between the two services.” Consumers create memories through experiencing vacation memories with their families by attending the theater, dining at prestigious restaurants, or viewing sporting events. These positive memories, arranged by a personal concierge, will enhance brand loyalty for the Value and Speedy brands and the concierge services. The revenue generated from the new service is projected to increase revenues and net income and ultimately our market share price.



CFO, Steve Smith, agreed that increased revenue from added services would be beneficial to ABC and its shareholders, assuming the customers are satisfied with the service, and the service generates above minimum threshold returns on investment. However, he expressed some reservations concerning the risks of utilizing the “halo” strategy. If problems emerge with execution of the concierge venture in the initial stages, consumers could become dissatisfied and discontinue usage of the service. The logistics of implementing such a service are daunting and include software development, implementation, and development, employee screening, hiring and training, and marketing development.



In addition John Thompson, Vice President of Risk Management was concerned that as customers utilize the concierge service unexpected issues could arise which erode brand loyalty. An example could be software down time issue, causing the system to be inaccessible for an indeterminate amount of time. Unanticipated usage of the system could cause inadequate planning for the number of personnel needed to service the customer. Complications could occur involving customers’ vacation plans, creating animosity toward ABC. If tickets are promised to a Broadway plan and at the last moment are not available, customers will inevitably be disappointed. Legal issues could result from arranging events for customers resulting in personal injury to the customer or his family.



However, the Business Continuity Coordinator, Michelle Thompson, mentioned that risks referred to above can be reduced to an acceptable level through the risk assessment process and the development of business continuity plans. Risks will be identified and controlled when possible, transferred through the use of insurance or other methods, and mitigated. The Risk Management group will investigate and purchase insurance coverage necessary to cover the service. Software designed for the concierge program will be housed off-site at a secure site and will have a redundant server in a geographically dispersed site. Staffing levels for the concierge position will be determined by pre-booked reservations data available in ABC’s online reservations system.



The benefits of increased share value outweigh the risks associated with the new concierge service according to ABC executive staff. The synergies of the two services, both rental car and concierge services, complement each other and provide the traveler with a solution to their travel problems by a familiar and trusted provider in an unknown city. Careful planning by all functional areas of the company will create the opportunity the enhance shareholder value for ABC.

New Year's Resolutions for Small Businesses

Even if the economy isn’t helpful, businesses can start planning now on how to improve their operations.




“The main goal is to manage cash flow more efficiently,” says Leigh Lones, Risk Director, Bibby Financial Services, a factoring company. “With some forward thinking and planning, businesses can implement important changes to their operations to improve their bottom lines, even if the economy remains lifeless.”



10 New Year’s Resolutions for Businesses



1. Pay your employees first, they are your highest priority and don’t forget the IRS – keep current with payroll taxes.



2. Pay attention to the credit worthiness of your customers so you are confident your will get your money. Remember a sale is not a sale until you have been paid.



3. Limit the amount of business you do with any one customer so you aren’t left penniless if they run into trouble and are unable to pay.



4. Bad business is worse than no business. Customers who fail to pay their bills on time should not be your customer any longer.



5. If a customer becomes undependable, change the terms to COD (cash on delivery). That way you can keep the customer and avoid the uncertainly of payment.



6. Keep an accurate and complete audit trail. Don’t do business on a handshake when the future of your company could be at stake.



7. Keep management accounts and use financial reporting. Plan how you will pay your expenses, rather than paying bills based on how much is in your checking account at that moment.



8. Cash flow counts. Focus on shortening terms with your customers and structure the pricing to coincide with those terms. If you wait 90 days to be paid that means you are financing your customer’s business. Or, if you give extended terms, get paid more.



9. Think about establishing a lending relationship when you don’t need financing; that’s the best time to ask for money. Then follow the financial reporting requirements. Make it easy for the financial institution to lend you money.



10. And naturally Bibby recommends, explore alternative lenders. You will probably be surprised to learn what’s out there. It can take time to find financing sources. Do your homework and get all of your questions answered ahead of time – before a crisis hits.


CPA Trendlines, by the Bay Street Group
via Bibby Financial Services.

New Legislation for Education for the 2009-2010 Tax Year

Following is a summary of the new legislation which will affect funding for college for the 2010-1011 school years.


Maximum Pell Grant

2009-2010 school years- $5,350 (beginning July 1, 2009)

2010-2011 school years-$5,550 (beginning July 1, 2010)

There’s also a Pell Grant program increase that will cover an additional 800,000 students.

Total number of Pell Grant available by 2010: about 7 million.



Work Study Program



Federal Work-Study program gets an additional $200 million

Enough to pay for approximately 130,000 new work-study jobs

Averaging $1,500 per job per year.



American Opportunity Tax Credit



$2,500 tax credit for postsecondary education tuition, fees, and eligible related expenses.

You get a dollar for dollar tax credit for the first $2,000

25 cents on the dollar for the next $2,000.

Textbooks and course materials included

Single filers with an Adjusted Gross Income (AGI) up to $80,000 and joint filers with an AGI up to $160,000 can claim the full tax credit. (Single filers with an AGI between $80,000 and $90,000 and joint filers with an AGI between $160,000 and $180,000 may get a partial credit.)



This credit is tax-refundable even for people who earn too little to pay taxes; low-income students and families will be able to claim up to 40% of the tax credit in the form of a tax refund. This new feature will allow approximately 4 million additional students to benefit from the program. Note: This credit does NOT apply to your 2008 taxes. It replaces the existing Hope tax credit next year, for the 2009 tax season

Tax Audits, Everyone's Worst Nightmare

Talk of an IRS audit instills fear in almost everyone. You wonder if that extra charitable contribution will trigger an audit based on some magical IRS formula. Evidently you can relax somewhat if your income is less than $200,000.


Only .96 percent of taxpayers who make under $200,000 were audited last year compared with 2.89 percent of those making more than $200,000. People with income over 1 million dollars were audited at the rate of 6.42%.

Additionally, the number of audits increased 11% from 2008 and 2009 for people making $200,000 or more and 30% for those making 1 million or more. However, for people making less than %200,000, the rate of audits did not increase.

Tax Facts for 2009

Tax Facts for 2009

The IRS updates several tax-related amounts each year to take into account the cost of living adjustments due to inflation. Here's a quick summary of all the essential tax figures for the year 2009.

Standard Deductions

Single: $5,700

Head of Household: $8,350

Married Filing Joint: $11,400

Married Filing Separately: $5,700

Qualifying Widow/Widower: $11,400

Dependent: $950-$5,700*

Additional Amount if Blind: $1,100 (for married filing joint, married filing separately, or qualifying widow); $1,400 (for single and head of household)

Additional Amount if age 65 or older: $1,100 (for married filing joint, married filing separately, or qualifying widow); $1,400 (for single and head of household).



* Dependents must calculate their standard deduction using an IRS Worksheet.

Personal Exemptions

Per taxpayer and dependent: $3,650



Phaseout of Personal Exemptions

The amount you can claim for personal exemptions starts to be reduced (or "phased out") once you reach certain income thresholds. If your income is within these ranges, your personal exemptions will be reduced. If your income exceeds the amounts listed below, your personal exemption is $2,433.

Single: $166,800 - $289,300

Head of Household: $208,500 - $331,000

Married Filing Joint: $250,200 - $372,700

Married Filing Separately: $125,100 - $186,350

Qualifying Widow/Widower: $250,200 - $372,700



Filing Requirement Thresholds

You are required to file a tax return if your income exceeds the combined total of your standard deduction and personal exemption. Here's the 2009 filing requirement thresholds:

Single: $9,350 ($10,750 if age 65 and over)

Head of Household: $12,000 ($13,400 if age 65 and over)

Married Filing Joint: $18,700 ($19,800 if one spouse age 65 and over; $20,900 if both spouses age 65 and over)

Married Filing Separately: $3,650 (any age)

Qualifying Widow/Widower: $18,700 ($19,800 if age 65 and older)

Retirement Plan Limits

You can save for retirement up to the maximum dollar limit. Maximum contributions vary by the type of retirement plan:

Traditional or Roth IRA: $5,000 ($6,000 if age 50 or older)

SEP IRA: $49,000

SIMPLE IRA: $11,500 ($14,000 if age 50 or older)

401(k) plan: $16,500 ($22,000 if age 50 or older)

403(b) plan: $16,500 ($22,000 if age 50 or older)

457 plan: $16,500 ($22,000 if age 50 or older)

Defined Contribution Pension: $49,000

Defined Benefit Pension: $195,000



*If you fund both a traditional and Roth IRA, your total contribution to cannot exceed $5,000 combined (or $6,000 if age 50 or older).

**SEP IRA contributions are calculated on an IRS worksheet. Your maximum contribution may be less than $49,000.

Standard Mileage Rate for 2009

You can deduct the cost of driving a vehicle for business-use, for traveling to a doctor, when relocating for a new job, or when you are engaged in charitable activities. The 2009 standard rates for mileage are:

• 55 cents per mile for business,

• 24 cents per mile for medical or moving purposes, and

• 14 cents per mile for charitable service

Sources: Internal Revenue Service, Revenue Procedure 2008-66 (pdf), IR-2008-117, IR-2008-118, and IR-2008-131.

Being Charitable in Tough Times

Charitable contributions can fall as much as 2-5% during a recession when adjusted for inflation.  How can you make sure that your favorite charity does not suffer during the current difficult financial times? As many people are faced with an uncertain financial future, we are often unwilling to give as much cash as in the past.  Fortunately, many other avenues are open to charitable givers which do not require opening the check book.

1.   Donate your professional services to your favorite charity such as accounting or legal services.
2.   Make an extra effort to clean out your closets and donate to the needy.
3.   Participate in a jog-a-thon or other charity event in which participants gather sponsors.
4.   Use your creativity and sponsor a new event for your favorite charity such as a fundraising party. Have fun while asking participants to bring items to help others.
5.   Recruit your friends to work on charity projects. 
6.   Use a credit card which contributes to a worthy cause with each purchase. 

Tax Tips

Conversion of IRA's to a Roth

The current limit for conversion of regular IRA's to Roth IRA's is $100,000 per year. However, in 2010, there is no income limit for conversion.

Advantages:

• You can create tax free income in retirement
• Makes sense if you will face the same or higher tax rates in retirement
• Bush tax cuts are due to expire in 2011, deficit makes it unlikely they will be continued
• Leave a larger legacy to your heirs
• Not required to start withdrawing money at 70 1/2
• Not counted in calculation of Social Security taxability

Disadvantages:

• Conversion increases taxable income, may boost tax bracket
• If you use the proceeds to pay the taxes, you will have fewer dollars growing
• Must have funds available to pay taxes