Compliance and Regulatory
March 26, 2024
On February 29, 2024, in Black v. Unum Life Insurance Company of America, the Federal District Court for the Northern District of Texas granted in part the motion for summary judgment by Black (the plaintiff), determining that Unum (the defendant) failed to provide a full and fair review of plaintiff’s long-term disability claim. The court remanded the matter back to the defendant to review the claim in line with ERISA requirements.
The plaintiff received long-term disability claims through her employer under a plan administered by the defendant. In September 2021, the defendant denied a claim submitted by the plaintiff, asserting that the plaintiff was no longer disabled. The defendant stated that it reviewed the medical records and talked with the treating medical providers as part of its review. The plaintiff appealed the denial. The defendant’s employee, a nurse, determined that there was no medical disagreement among the plaintiff’s physicians regarding her functionality and denied the claim on appeal. The defendant declined to review the claim denial again, so the plaintiff filed the lawsuit, alleging that the defendant failed to provide a full and fair review of her claim as ERISA requires.
The court applied a substantial compliance standard when evaluating the defendant’s review. Under ERISA, an appeal of an adverse determination of a claim based upon medical judgment must include consultation with a medical professional with training and experience in the field of medicine involved in the medical judgment. The medical professional cannot be the same person who was consulted for the original determination. Since the initial denial was based on a review of medical records and consultations with the plaintiff’s doctors, the court concluded that the initial denial was based on medical judgment. However, the court determined that the nurse who conducted the appeal review deferred to the opinions of the doctors in the original review. In addition, the nurse was not qualified to conduct the appeal review because she did not have the appropriate experience and training. Accordingly, the court determined that the defendant failed to substantially comply with ERISA requirements.
Employers that offer long-term disability benefits to their employees should be aware of ERISA claim review and appeal requirements and take steps to ensure that the applicable procedures for their long-term disability plans comply with ERISA’s requirements, including conferring with their disability carriers on the subject, where applicable.
On March 18, 2024, HHS’ Office of Civil Rights (OCR) issued an updated bulletin modifying its previous guidance issued in December of 2022 on the use of third-party online tracking technologies by HIPAA-regulated entities, which include covered entities (such as group health plans) and business associates.
OCR generally defines tracking technology as a script or code on a website or mobile app used to gather information about users or their actions as they interact with a website or mobile app. After information is collected from websites or mobile apps, it is then analyzed by the website owners, mobile app owners, or third parties to gain insights about users’ online activities. While OCR has acknowledged through its guidance that such insights can be used in beneficial ways to help improve care or the patient experience, to improve the utility of webpages and apps, or to efficiently allocate resources, it has also expressed its concerns about the potential misuse of tracking data to promote misinformation, identity theft, stalking, and harassment.
OCR has expressed concern about covered entities and business associates relying on third-party tracking technologies rather than technologies developed internally. Therefore, the bulletin is primarily concerned with regulated entities’ obligations when using third-party tracking technologies that send information directly to those third parties that may continue to track users and gather information about them even after they navigate away from the original website to other websites.
The bulletin update clarifies that no PHI is accessed when the tracking technology connects the IP address of a user’s device with a visit to a webpage addressing specific health conditions, so long as the visit to the webpage is not related to an individual’s past, present, or future health, healthcare, or payment for healthcare. For instance, when a user visits a hospital’s website to find visiting hours, employment opportunities, or other such general information, no access to PHI occurs. Additionally, there is no access to PHI when an individual accesses a HIPAA-regulated entity’s landing page by mistake, nor is there access when a student is conducting academic research.
While OCR has not provided an official reason for this modification, it does come in the midst of an ongoing lawsuit brought by the American Hospital Association along with the Texas Hospital Association, Texas Health Resources, and United Regional Health Care System, alleging that OCR exceeded its statutory authority in the original guidance by interpreting the definition of individually identifiable health information too broadly when applied to individuals’ access to unauthenticated webpages.
Other than the change announced on March 18, 2024, the original guidance, through which OCR has determined that tracking technologies have access to PHI where they can access information regarding an individual who is seeking medical services (e.g., seeking treatment options for a health condition, scheduling an appointment, or using a symptom tracker tool), remains substantially the same, meaning that HIPAA-regulated entities still need to have a business associate agreement with any third-party technology vendor it uses or a HIPAA compliant authorization for the sharing of the information.
In February 2024, HHS and the National Institute of Standards and Technology (NIST) released an updated cybersecurity resource guide to help HIPAA-regulated entities, which include group health plans and their business associates, comply with the HIPAA Security Rule (the Security Rule). This practical guide is organized into five main sections, followed by a wide variety of related resources in the appendices.
Section 1, the introduction, explains the purpose of the guide and outlines its contents. Specifically, the guide is designed to assist regulated entities in their understanding and implementation of the Security Rule but does not replace, modify, or supersede the Security Rule itself. The guide provides a brief overview of the Security Rule, information on assessing and managing cybersecurity risks, and considerations for implementing an information security program.
Section 2 provides a brief overview of the Security Rule, which all regulated entities must comply with. The Security Rule focuses on safeguarding electronic protected health information (ePHI). The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. Each regulated entity must develop a compliance approach that is tailored to their size, environment, and circumstances.
Sections 3 and 4 focus on risk assessment and management, which provide the foundation for a regulated entity’s Security Rule compliance efforts and the protection of ePHI. A risk assessment identifies conditions where ePHI could be used or disclosed without proper authorization, improperly modified, or made unavailable when needed. As explained in the guide, a regulated entity’s risk assessment process requires an understanding of where ePHI is created, received, maintained, processed, and transmitted, including by portable computing devices, remote workers, and service providers (e.g., cloud service providers). A regulated entity should identify all reasonably anticipated threats to ePHI (e.g., via phishing, ransomware, or insiders) and any vulnerabilities (e.g., in an information system) that could be exploited. The regulated entity should determine the likelihood of a vulnerability being exploited and the risk level and potential impacts.
The risk management process requires regulated entities to implement policies and procedures to prevent, detect, contain, and correct security violations. Ultimately, the regulated entity’s risk assessment processes should inform its decisions regarding the implementation of necessary security measures to reduce risks to ePHI. The risk assessment and management processes should be documented, including the analyses, decisions, and any adjustments to security controls.
Finally, Section 5 provides guidance to help regulated entities comply with security standards and implementation specifications required by the Security Rule. The guidance, which is presented in tabular format, specifies key activities, descriptions, and sample questions for each standard that a regulated entity can review “through the lens of its own organization.”
Group health plans and business associates may find the updated NIST guide (and significant resources referenced in the appendices) very useful for understanding and complying with the Security Rule. These regulated entities should work with their information technology support teams to determine if their current risk assessment and management procedures are adequately tailored to address potential cybersecurity threats to ePHI.
Implementing the HIPAA Security Rule: A Cybersecurity Resource Guide (NIST SP 800-66r2) »
On January 31, 2024, the US District Court for the Northern District of California (the court) filed a ruling on motions for summary judgement in Zavislak v. Netflix, Inc., determining, among other issues, that an ERISA health plan beneficiary is not entitled to receive copies of all plan documents under ERISA Section 104.
In this case, Zavislak (the plaintiff), as a covered beneficiary (the spouse of an employee/participant) of the self-funded ERISA health plan sponsored by Netflix, Inc. (the defendant), requested copies of various health plan documents, including the Plan Document (capitalized here to indicate that it is a reference to the Plan Document required by ERISA, as opposed to other documents, generically referred to as plan documents, that could refer to various other documents relating to the plan and its operation), a TPA agreement, and any other documents related to making benefit determinations under the plan. The plaintiff received no response to their January 2021 request and sent another request in February 2022. At that point, the defendant began to provide responsive documents, and the plaintiff asked for more documents, including certain administrative services agreements between the plan’s TPA and claims administrators. The defendant refused to provide the additional documents. The plaintiff eventually filed suit against the defendant and requested the maximum penalties under ERISA Section 502(c)(1) of $110 per day for the failure to provide requested plan documents.
The court noted that the Ninth Circuit Court of Appeals (Ninth Circuit), which includes California, narrowly interprets the disclosure requirements of Section 104. Specifically, the court quoted the Ninth Circuit in that “the documents contemplated by § 104(b)(4) [those that must be disclosed] are those that allow the individual participant [to] know exactly where he stands with respect to the plan—what benefits he may be entitled to, what circumstances may preclude him from obtaining benefits, what procedures he must follow to obtain benefits, and who are the persons to whom the management and investment of his plan funds have been entrusted.” And, although the statute specifically mentions “contracts” as being subject to production, it does not necessarily encompass all contracts between a plan and TPAs that render services to the plan. According to the Ninth Circuit, “[d]ocuments which ‘relate only to the manner in which the plan is operated’” need not be disclosed under the statute.
Thus, the court ruled that the administrative services agreements (contracts) between the plan and its TPAs “relate only to the manner in which the plan is operated” and need not be disclosed under the statute. The court ruled that several other documents requested by the plaintiff were not required to be produced because they were included in documents that were produced by the defendant.
As to the issue of statutory penalties for failure to produce documents requested by a participant or beneficiary, the court declined to award the full $110 per day, as requested by the plaintiff, due to the suspension of deadlines by the DOL because of the COVID-19 pandemic. The court did, however, award penalties in the amount of $15 per day from the date of the first request in January 2021 to the date documents were produced in March 2022 for a total of $6,465.
In addition to the notable ruling that contracts with TPAs are not included in the documents that ERISA requires to be produced at the request of a participant or beneficiary (specifically, those contracts that “relate only to the manner in which the plan is operated”), this case is a reminder that the issue of which documents must be produced to participants and beneficiaries under ERISA may depend on where (which jurisdiction) the plan sponsor is. It also illustrates the need for plan administrators to have procedures in place for receiving and responding to requests for documents within the 30 days that ERISA allows. It would be prudent for a plan sponsor to include consultation with counsel as part of those procedures when a request for documents is received. This case went on for over three years, and the awarded statutory penalties were probably the least expensive part of the process for the defendant.
On February 29, 2024, the Federal District Court of Northern District of California denied Aetna Inc. and Aetna Life Insurance (collectively, Aetna)’s motion to dismiss a case alleging that Aetna health insurance plans discriminate against LGBTQ members seeking fertility treatment coverage by placing additional burdens on couples in same-sex partnerships.
As background, in April 2023, a participant (plaintiff) of a self-insured health plan filed a class action complaint against the plan’s administrator, Aetna, under ACA Section 1557, which prohibits health insurers from discriminating based on a number of characteristics, including sex. The plaintiff alleged that the plan discriminated against her, her wife, and other participants in similar situations based on their sexual orientation by denying them equal access to fertility treatments.
Prior to 2023, the plaintiff’s plan covered fertility treatments for enrollees who were “infertile” based on their inability to conceive after one year (or six months for older participants) of frequent, unprotected heterosexual sexual intercourse or, for women without a male partner, after 12 cycles of donor insemination (six months/six cycles for older participants). The plaintiff alleged that this provided heterosexual couples the option to establish infertility in either of the two ways while giving same-sex couples only one way to be eligible for fertility benefits. In response, the plan was amended to base its coverage determination on “egg-sperm contact” rather than intercourse or insemination, with the definition applicable to “all individuals regardless of sexual orientation or the presence/availability of a reproductive partner.”
Yet the plaintiff claimed that the plan continues to discriminate against LGBTQ members by imposing additional and more arduous prerequisites for fertility treatment access than those applicable to heterosexual couples, and the plan merely removed the references to “heterosexual” and the reference to a “woman without a male partner” in the revised policy. Specifically, the plaintiff contended that heterosexual couples could demonstrate infertility simply by representing that they had had 12 months of frequent intercourse, while same-sex couples were forced to undergo up to 12 cycles of donor insemination, in which each cycle “costs at least hundreds of dollars” and requires the patient to undergo intrusive procedures.
Aetna contended that the plaintiff’s claim of intentional discrimination under Section 1557 should be dismissed because its fertility coverage does not base its definition on a member’s sex or sexual orientation. But the court determined that the plaintiff’s allegation that access to fertility coverage is more burdensome for same-sex partners than different-sex partners was enough to support an adequate claim for adjudication. Therefore, the court denied Aetna’s motion to dismiss on this basis.
This case is in an early stage and at the district court level; courts in other jurisdictions may have ruled differently on the motion to dismiss. However, employers should be aware of the ruling and may want to review their fertility coverage with legal counsel to ensure that their benefits are drafted, offered, and administered in a nondiscriminatory manner. Employers should follow developments in this unsettled area of the law involving the application of Section 1557.
March 12, 2024
A recently filed lawsuit focuses on ERISA fiduciary obligations of employers in their role as group health plan sponsors, particularly the “duty of prudence” in selecting and monitoring health plan vendors. Specifically, the lawsuit involves a prescription drug plan’s benefits and management, including the plan’s usage of pharmacy benefit managers (PBMs). The lawsuit alleges that as a result of fiduciary failures, plan participants and beneficiaries were required to pay increased costs and premiums and thus harmed.
The case is still pending, making it difficult to ascertain the specific employer fiduciary obligation takeaways in the prescription drug context. Additionally, this lawsuit involves the use of a trust for benefit payments, which may differentiate it from other employer sponsored group health plan designs and may limit the application of any court decision. Nevertheless, the lawsuit serves as a helpful reminder for employers—particularly those sponsoring self-insured plans—to review their fiduciary obligations and maintain robust fiduciary procedures. NFP will continue to monitor the lawsuit.
In early February 2024, a class action complaint was filed against pharmaceutical company Johnson and Johnson (in its capacity as the plan sponsor of their group health and prescription drug plan) and its benefits committee (collectively, J&J). According to the complaint, J&J failed to meet ERISA fiduciary obligations in its selection of a PBM (Express Scripts) and failed to negotiate more favorable pricing terms for the plan and participants in their PBM services agreement. The complaint claims that this resulted in increased costs (e.g. higher plan premiums, deductibles, copayments, cost-sharing) thus harming participants and beneficiaries. The lawsuit raises some interesting and challenging questions regarding an employer’s obligations in selecting, monitoring, and overseeing plan vendors, including PBMs.
To help understand the allegations, it’s important to have a solid grasp of ERISA and fiduciary obligations. At a high level, ERISA was – in part – enacted to protect the interests of participants and beneficiaries of employer-sponsored welfare benefit plans (employees and their dependents in the group health plan context). ERISA sets levels of conduct for those who manage employee benefit plans and their assets, called fiduciaries. Under ERISA, employers are considered fiduciaries in their role as health plan sponsors and administrators. Certain other individuals (e.g., a person, committee, or entity) or service providers may also be named as fiduciaries in the related plan documents (at least one fiduciary must be named). An individual or service provider could also be considered a fiduciary if they exercise discretionary authority or control over the plan or its assets. Note that merely being named as a contact for the plan does not make an individual a fiduciary.
Fiduciaries have a heightened responsibility to follow certain standards when operating, administering, or making (non-settler) plan decisions, and those responsibilities are generally referred to as “fiduciary obligations” or “fiduciary duties.” Two primary duties are the duty of loyalty and the duty of prudence. The duty of loyalty requires the plan fiduciary to act in the best interests of plan participants and beneficiaries. The duty of prudence requires fiduciaries to act with the same care, skill, prudence, and diligence as a comparably knowledgeable plan fiduciary acting under similar circumstances. The duty of prudence focuses on the decision-making process as opposed to the actual results and outcomes. This focus highlights the importance of recording activities, keeping minutes of meetings and discussions, and maintaining relevant documents, reports, legal opinions, or expert advice that were considered in reaching final conclusions on plan-related decisions.
Additionally, under both duties, plan fiduciaries have an obligation to monitor plan service providers, including third-party administrators (TPAs), PBMs, or other vendors that service the plan. When considering potential service providers, fiduciaries should compare their services, experience, fees and expenses, customer references, or other information relating to the quality of services. Importantly, fiduciaries must understand the terms of any agreements entered with service providers and whether the fees and expenses to be charged to the plan are reasonable. Fiduciaries also must periodically review the performance of their service providers to ensure that they are providing the services in a manner and at a cost consistent with the agreements.
ERISA Fiduciary Compliance Obligations for Fully Insured Plans Versus Self-Insured Plans
For fully insured plans, the carrier and plan sponsor generally share fiduciary responsibility and the carrier plays a significant role in complying with the duties of loyalty and prudence. For self-insured plans, the employer plan sponsor assumes a much higher level of fiduciary duty to administer the plan prudently and in the best interest of plan participants.
To understand the allegations, it’s important to consider PBM pricing methodologies. PBMs generally receive compensation through one of three methods, as outlined below.
At a high level, the lawsuit alleges that J&J breached its ERISA fiduciary duties in several ways, resulting in the plan – and by extension its participants – overpaying for prescription drugs. Specifically, the allegations include:
As a result of those failures, the lawsuit alleges harm to plan participants in the form of increased premium rates and cost-sharing. The complaint alleges that the increase in overall expenses relating to prescription drug costs increases premium rates, to which participants (employees) contribute. The complaint also alleges that the plan’s failure to negotiate lower drug rates caused participants to overpay for drug costs through higher copayments, cost-sharing, and co-insurance. Even though certain drugs were available at a cheaper rate from an unaffiliated pharmacy, J&J plan participants paid more for the drugs through the PBM-owned or affiliated pharmacy.
It is still quite early in the litigation process and unless and until the case reaches a final conclusion, it is impossible to ascertain how prescription drug plans and employer fiduciary duties might be affected. Perhaps other lawsuits will follow, particularly considering recently enacted transparency requirements under the Transparency in Coverage Final Rule and CAA 2021 (both generally make information concerning drug prices publicly available). Arguably, these laws provide employers with greater access to healthcare pricing information so that they can make better informed cost-conscious decisions regarding plan benefits.
In any event, employers concerned about possible litigation should ensure they are engaging in prudent fiduciary decision-making processes with respect to the selection of PBMs and other vendors. Employers speculating about the impact this lawsuit might have on their specific plan design should consult with legal counsel for advice and guidance.
As noted earlier, the J&J plan funding is distinct from the typical funding of employer-sponsored group health plans because it is funded through a voluntary employee benefits association (VEBA). A VEBA is a special tax-advantaged trust funded by employer and participant/employee contributions. This is meaningful because any funds held in such a trust – segregated from the employer’s general assets – are considered ERISA “plan assets” and subject to ERISA fiduciary protections, including the duties of loyalty and prudence. As a result, certain aspects of the case, and perhaps any resulting decision, may be limited in applicability. Thus, only time will tell if similar lawsuits will be brought against plans that are funded via a more common plan design, such as through the employer’s general assets.
At the moment, no immediate action is needed as a result of this initial court filing. That said, while this case plays out in court, employers – as ERISA plan sponsors – should carefully consider their fiduciary obligations. At a high level, employers should actively engage in a prudent process when selecting and overseeing plan service providers and vendors, including prescription drug and PBM vendors. Employers should consider that ERISA does not mandate a singular or one-size-fits-all approach to fiduciary decision making. Rather, ERISA requires employers to consider the totality of facts and circumstances of their own situation.
More specifically, in consultation with their legal counsel, employers may consider:
Importantly, with respect to prescription drugs specifically, ERISA does not require that plan fiduciaries always use the lowest cost vendor. For a variety of reasons, employers may choose not to work with non-traditional PBMs, even if they supposedly offer lower drug pricing. There are other considerations that impact the prudent actor analysis, including network access, claims processing, and drug formulary selection, all of which may be significant to plan participants.
NFP will continue to closely monitor the J&J and other notable court decisions and report on them via NFP’s Compliance Corner newsletter.
On March 6, 2024, the IRS issued an alert (IR-2024-65) to remind taxpayers and health spending plan administrators that personal expenses for general health and wellness are not considered medical care. Therefore, these expenses are not reimbursable through health FSAs, HRAs, HSAs, and MSAs.
As background, medical care expenses that are defined in Section 213(d) are generally eligible to be paid or reimbursed under health FSAs, HRAs, HSAs, and MSAs unless the expenses were reimbursed by an individual’s healthcare coverage (e.g., an employer-sponsored health insurance plan). Medical expenses under Section 213(d) are the costs of diagnosis, cure, mitigation, treatment, or prevention of disease and for the purpose of affecting any part or function of the body. Further, medical expenses must be primarily to alleviate or prevent a physical or mental disability or illness and they exclude expenses that are merely beneficial to general health.
The IRS alert explains that some companies are misrepresenting the circumstances under which food (e.g., for weight loss) and wellness expenses can be paid or reimbursed under FSAs and other health spending plans using an example. These companies erroneously advertise that a doctor’s note based merely on self-reported health information can convert non-medical food, wellness, and exercise expenses into qualified medical expenses.
However, the IRS clarifies that such a doctor’s note does not satisfy the requirement that it be related to a targeted diagnosis-specific activity or treatment, and these types of personal expenses do not qualify as medical expenses. The IRS reminds plan administrators that FSAs and other health spending plans that pay for, or reimburse, non-medical expenses are not qualified plans. Accordingly, if the plan is not qualified, all reimbursements, even reimbursements for actual medical expenses, are includible in income. The IRS frequently asked questions outline whether certain costs related to nutrition, wellness, and general health are medical expenses.
Employers who sponsor health FSAs and other spending accounts should review their vendors’ current claim adjudication factors to ensure that non-medical expenses, such as personal general health expenses, are not reimbursed through health FSAs and other spending accounts. Additionally, it is important for employers to educate their employees regarding medical expenses related to nutrition, wellness, and general health to determine whether a food or wellness expense is a medical expense.
For further information about qualified medical expenses as defined in Section 213(d), please ask your broker or consultant for a copy of the NFP publications Qualified Medical Expenses and Quick Reference Chart: HSAs, Health FSAs, and Traditional HRAs.
IRS Alert: Beware of Companies Misrepresenting Nutrition, Wellness and General Health Expenses as Medical Care for FSAs, HSAs, HRAs and MSAs »
IRS Frequently Asked Questions About Medical Expenses Related to Nutrition, Wellness, and General Health »
On February 7, 2024, in Schinnerer v. Wellstar Health, Inc., the Federal District Court for the Northern District of Georgia denied the defendant’s motion for summary judgment on the issue of failing to timely provide a COBRA election notice. Although not a focus of this article, the court also addressed the defendant’s motion for summary judgment on the plaintiff’s False Claims Act retaliatory termination claim, which was granted.
The plaintiff was an employee of the defendant from May 2020 to October 2021, when his employment was terminated. Prior to his termination, the plaintiff was placed on administrative leave from May 18, 2021, until he was terminated. During the administrative leave, the plaintiff had no access to the defendant’s systems. Also, during the leave, the defendant changed his residence. Because he had no access to the defendant’s systems, the plaintiff could not change his address in the system, so he called the defendant’s human resources department and gave them his new address in August 2021.
Upon the plaintiff’s termination, a COBRA election notice was sent by the defendant’s COBRA administrator by first-class mail to the plaintiff’s address in the defendant’s system, which was the plaintiff’s former address. Since the notice was not sent to his current address, the plaintiff did not receive the election notice until months after his termination.
COBRA regulations do not require actual delivery of COBRA notices to the intended recipient. Rather, the regulations require that notices be sent in a manner “reasonably calculated to ensure actual receipt.” Defendant contended that they had met that standard and filed their summary judgment motion (judgment without a trial) based on that contention. But the court denied the defendant’s motion for summary judgment, observing that it could not conclude as a matter of law that mailing the notice to the wrong address after being informed of the correct address “months before” counts as “reasonably calculated to ensure actual receipt.”
Summary judgment on this issue does not end the case — it only means that there will now be a trial (unless the parties settle first) on the timeliness of the COBRA notice question. But the result does act as a reminder for plan sponsors/administrators to keep employees’ records up to date in all their systems and to pass that information to vendors who use the information to complete their tasks. Failure to do so can result in time-consuming and costly litigation. One way to avoid this situation is by confirming departing employees’ current addresses in writing and correcting the information immediately in the system if it does not match.
Schinnerer v. Wellstar Health, Inc., 2024 WL 476960 (N.D. Ga. 2024) »
The DOL's Advisory Council on Employee Welfare and Pension Benefit Plans (the Council) recently issued a report examining the scope and impact of limitations on long-term disability (LTD) benefits for mental health and substance use disorder (MH/SUD) conditions. The report highlights the lack of parity in duration limits for coverage of MH/SUD as compared to medical/surgical conditions under LTD benefit plans and makes recommendations to address this disparity.
LTD insurance coverage protects employees by providing income replacement if sickness or injury prevents them from working for a prolonged period. State insurance laws regulate disability insurance, including LTD insurance. However, only one state, Vermont, currently requires mental health parity in disability insurance. Notably, the federal MHPAEA, which requires parity for coverage of medical/surgical and MH/SUD conditions, applies only to medical benefits and not disability benefits.
According to the report, most employer-sponsored LTD plans fund benefits through the purchase of insurance and do not require employee contributions. Significantly, insured LTD benefits typically have a 24-month limit on the duration of benefits for disabilities resulting from MH/SUD conditions, while benefits for disabilities due to other medical conditions generally continue until retirement age. According to industry sources cited in the report, only 1% of group disability policies sold in the US do not have MH/SUD limitations.
To better understand the rationale for and prevalence and effects of the LTD benefit limitations, including whether certain health conditions have been misclassified as being subject to such limitations, the Council sought testimony from numerous medical and industry experts and stakeholders. Several testified regarding the difficulty of assessing MH/SUD claims to make a disability determination and the misclassification of MH/SUD conditions leading to claim denials. Numerous individuals viewed the current lack of parity requirements for disability benefits as discriminatory.
Other stakeholders testified regarding employer sensitivity to cost when purchasing an LTD policy and the difficulty of assessing the cost of a policy without MH/SUD duration limitations (due to the small percentage of such policies currently issued). They noted that most insurers offer policies without MH/SUD benefit limitations, although these are neither promoted by brokers nor chosen by employers. In contrast, a retiree of Vermont’s insurance department indicated that the state’s implementation of a parity requirement had little impact on the cost or frequency of disability policies.
The Council, upon consideration of the testimonials and available data, concluded the report by recommending the DOL to take the following actions to address the current mental health disparity in LTD insurance benefits:
The Council’s recommendations are only advisory; the DOL has the discretion to determine whether to adopt any of these measures. However, in recent years, the DOL has focused on mental health parity enforcement with respect to group health plans. Accordingly, the DOL’s consideration and possible implementation of the report’s parity recommendations with respect to LTD benefits would seem consistent with their current priorities.
Employers that offer LTD benefits to their employees should be aware of this report and monitor for further developments. Employers should also make sure they are complying with MHPAEA requirements applicable to their group health plan benefits.
In February 2024, the DOL issued several revised FMLA Fact Sheets to help employers better understand their compliance obligations under the FMLA. One such fact sheet is Fact Sheet #28J, which discusses how FMLA requirements are applied to airline flight crew employees, as it may be difficult for employers to easily calculate eligibility and leave entitlement for these employees.
Pilots, co-pilots, flight attendants, flight engineers, and flight navigators are all considered to be airline flight crew for purposes of FMLA compliance. Due to the unique nature of these positions, the FMLA’s standard eligibility, leave calculation, and recordkeeping requirements apply differently and, thus, Fact Sheet #28J outlines how employers should handle FMLA for these employees.
Eligibility. To determine eligibility, during the 12 months prior to requested leave, the airline flight crew employee must have worked or been paid for “not less than 60 percent of the applicable total monthly guarantee – or its equivalent – and not less than 504 duty hours.” The applicable total monthly guarantee is the minimum number of hours an employer has agreed to schedule the employee during the previous 12 months. Duty hours are the number of hours the employee has worked or been paid during the previous 12 months. However, duty hours do not include vacation, medical, or sick leave, or personal commute time.
Calculation of Leave. Unlike traditional employees who have up to 12 workweeks of leave under FMLA, the workweek for airline flight crew employees is based on a six-day workweek, so eligible employees may receive up to 72 days (six days x 12 weeks). Qualifying leave due to military caregiver leave provides up to 156 days (six days x 26 weeks). This leave allowance is more complex to calculate, so the fact sheet provides examples that employers can use to calculate both traditional and intermittent leave.
Recordkeeping. To support the unique eligibility calculation, employers must maintain additional documentation, including support for the applicable monthly guarantee and records of actual hours worked or paid.
Employers who are subject to the FMLA and employ airline flight crews should review their current administrative practices to ensure their employees’ leave eligibility and usage are calculated correctly, as outlined in the fact sheet.
February 27, 2024
On January 17, 2024, HHS released its Annual Update of the HHS Poverty Guidelines for 2024. The notice provides an annual update on poverty guidelines based on the prior calendar year’s increase in prices as measured by the Consumer Price Index. These guidelines are used, in part, to help determine eligibility for federal programs such as Medicaid and to determine eligibility for subsidies in the individual marketplace. Further, these guidelines impact employers who use the Federal Poverty Line (FPL) safe harbor to determine affordability under the ACA’s employer mandate.
The FPL safe harbor uses the federal poverty line for a one-person household (for its respective geographic location) multiplied by the affordability threshold for the respective year; that total is then divided by 12 to derive the maximum self-only cost-share per month. For plan years beginning between January and June of a calendar year, plan sponsors can rely on the prior calendar year’s federal poverty line for the FPL safe harbor calculation since the annual update generally occurs after the plan year has already begun.
The 2024 federal poverty line for a one-person household in the 48 contiguous states and the District of Columbia is $15,060; the poverty guideline increases by $5,380 for each additional household member. In Alaska, the poverty guideline is $18,810 for a one-person household and increases by $6,730 for each additional household member. In Hawaii, the poverty guideline is $17,310 for a one-person household and increases by $6,190 for each additional household member.
For example, using the federal poverty line for the 48 contiguous states, the maximum self-only monthly cost-share should not exceed $105.29 for employers using the FPL safe harbor.
Employers who use the FPL safe harbor should be mindful of the 2024 update, although they can continue to rely on 2023 guidelines through June 2024 if desired. For further information regarding affordability and the ACA’s employer mandate, employers should contact their NFP consultant for a copy of our ACA Resources toolkit.
On February 9, 2024, in Watson v. EMC Corp., the US Court of Appeals for the Tenth Circuit ruled that an employer may be liable for the value of group life insurance benefits that would have been available under an insured policy absent the employer’s failure to adequately inform the employee of the plan’s conversion requirements.
The plaintiff in this case, Marie Watson, sued EMC Corporation, her husband’s former employer, for leading her husband to believe his basic life insurance coverage remained in force following the termination of his employment. EMC’s group life insurance policy was issued by MetLife. EMC was an ERISA plan fiduciary with a duty to act in the interests of participants and beneficiaries. Ms. Watson’s husband, Thayne Watson, was insured under the group plan for basic life insurance benefits totaling $663,000.
Mr. Watson was a participant under EMC’s group life plan for many years before accepting a voluntary separation plan (VSP) in 2015. Under the VSP, Mr. Watson stopped working for EMC, but EMC continued to pay him without interruption to his employee benefits through November 24, 2016. At the end of the VSP, Mr. Watson emailed EMC to ensure his benefits would remain in place. EMC informed Mr. Watson that his benefits would remain active and that he would be billed by EMC’s payroll vendor ADP to continue benefits. Nine months later, Mr. Watson unexpectedly passed away. He paid all bills sent to him by ADP prior to his death.
Following Mr. Watson’s passing, MetLife denied Ms. Watson’s beneficiary claim based on a failure to convert his group life insurance coverage to individual coverage at the end of the VSP period. Ms. Watson sued EMC for an ERISA breach of fiduciary duty, alleging that EMC provided misleading information, which led to Mr. Watson’s failure to convert his group life insurance coverage to an individual policy. The district court found in EMC’s favor, reasoning that because Mr. Watson failed to convert or pay any premiums on converted coverage, there was no policy under which Ms. Watson could recover.
On appeal, the Tenth Circuit found that even though no benefits were due under the terms of the group life insurance plan (because coverage had ended prior to Mr. Watson’s death) or an individual policy (because Mr. Watson did not convert his group coverage to an individual policy), Ms. Watson may be able to recover under ERISA’s equitable remedy. Specifically, in addition to offering plan beneficiaries the right to recover benefits due under the terms of a plan, ERISA also offers a “catchall” equitable relief for beneficiaries harmed by breaches of fiduciary duties. The Tenth Circuit sent the case back to the district court to consider Ms. Watson’s claim for breach of fiduciary duty under ERISA’s equitable relief provision separately, regardless of whether benefits are due under the terms of either the group plan or a converted individual policy.
The Tenth Circuit’s ruling here is not unique. Rather, it aligns with other circuit courts that have addressed similar issues and found that ERISA can provide monetary relief for breaches of fiduciary duties even when there is no claim for benefits under the terms of the plan. While not a final judgment against EMC, the Watson case serves as yet another illustration of the risk imposed by inaccurate or incomplete communications with employees on life insurance coverage. ERISA plan sponsors should always take great care to adequately communicate with plan participants about when group life insurance coverage terminates under the terms of the plan, including any conversion options.
On February 12, 2024, the IRS released Revenue Procedure 2024-14, which in part provides indexing adjustments for penalties under the ACA employer mandate. As a reminder, the ACA requires applicable large employers (ALEs), those with 50 or more full-time employees (FTEs) and full-time equivalent employees, to offer affordable minimum value (MV) coverage to all FTEs and their dependents or risk a penalty.
Notably, the employer mandate penalty amounts for 2025 are reduced from the 2024 penalty amounts. For plan years beginning on or after January 1, 2025, the annual penalties are calculated as follows:
Both penalties, although commonly expressed as annual amounts, are assessed monthly.
ALEs should regularly verify that employees who generally work at least 30 hours per week are offered affordable MV coverage to avoid ACA employer mandate penalties. The IRS uses Letter 226-J to inform employers of their potential liability for such penalties. Employers should promptly review and respond to any IRS Letter-226-J they receive and consult with counsel as necessary.
For further information regarding the ACA employer mandate and penalties, please ask your broker or consultant for a copy of the following NFP publication ACA: Employer Mandate Penalties and Affordability.
On February 14, 2024, the HHS Office for Civil Rights (OCR) released two annual reports to Congress summarizing the agency's key HIPAA enforcement activities during the 2022 calendar year as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The first report, HIPAA Privacy, Security, and Breach Notification Rule Compliance, identifies the number of complaints received, the method by which those complaints were resolved, and other OCR HIPAA compliance enforcement activities. The second report, Breaches of Unsecured Protected Health Information, identifies the number and nature of breaches of unsecured protected health information (PHI) that were reported to the HHS and the actions taken in response to the breaches.
Highlights from the HIPAA Privacy, Security, and Breach Notification Rule Compliance report are as follows:
The Breaches of Unsecured Protected Health Information report noted that 77% of the reported breaches that occurred in 2022 and affected 500 or more individuals were hacking/IT incidents — 58% of the reported large breaches involving 500 or more individuals involved network servers. Accordingly, the report emphasized a continued need for increased compliance with the HIPAA Security Rule in such areas as risk analysis and risk management, audit controls, and information system activity review.
These annual reports are an important reminder of the agency's HIPAA compliance enforcement activities. So, it is crucial that employers are educated in overall HIPAA rules and review their HIPAA policies and procedures, as well as their security policies and procedures for handling electronic PHI.
Press Release »
Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance for CY 2022 »
Annual Report to Congress on Breaches of Unsecured Protected Health Information for CY 2022 »
On February 9, 2024, the IRS updated its frequently asked questions (FAQs) for the premium tax credit. These FAQs superseded earlier FAQs that were posted on February 24, 2022. Nine existing FAQs were updated, and four new FAQs were added. Among other items, the FAQs explain the basics of the premium tax credit, the eligibility requirements, and how the affordability of employer coverage affects eligibility.
The updates include the addition of a new section, “Affordability of employer coverage for employees and for family members of employees,” with new FAQs 12, 13, 14 and 22. FAQs 12, 13 and 14 document that coverage is affordable to an individual (making the individual not eligible for the credit) if they are offered coverage under more than one employer’s plan and either of those plans are affordable to the individual as an employee or family member. FAQ 13 sums up the changes:
“Q13. What if I receive an offer of coverage from multiple employers?
A13. If you receive offers of coverage from multiple employers, whether the coverage is offered by your employer or someone else’s employer, you are generally considered to have an offer of affordable coverage if at least one of the offers of coverage is affordable for you.”
New FAQ 22 clarified the treatment of Individual Coverage Health Reimbursement Arrangements (ICHRAs). The response explains that if an employer offers an ICHRA, the employee is not allowed a premium tax credit for marketplace coverage unless 1) the ICHRA is considered unaffordable and 2) the employee opts out of receiving reimbursements under the ICHRA. As referenced in the response, the IRS has issued specific rules for determining when an ICHRA is considered affordable.
The IRS notes that guidance, including FAQs, that is not reported in an Internal Revenue Bulletin will not be relied on, used, or cited as precedents by service personnel in the disposition of cases. But taxpayers “who show that they relied in good faith on an FAQ and that their reliance was reasonable based on all the facts and circumstances will not be subject to a penalty that provides a reasonable cause standard for relief, including a negligence penalty or other accuracy-related penalty, to the extent that reliance results in an underpayment of tax.”
Employers that sponsor group health plans and are subject to the employer mandate should be aware of these FAQ updates.
February 13, 2024
On February 2, 2024, the DOL, HHS, and IRS (the departments) issued FAQ guidance on the implementation of certain requirements under the Transparency in Coverage (TiC) Final Rules. This FAQ clarifies the participant cost-sharing tool compliance requirements where a plan is providing cost estimates based on claims data, but there is extremely low utilization of the item or service at issue.
As background, the TiC Final Rule issued in October 2020 requires non-grandfathered group health plans to disclose certain data, such as in-network (INN) provider negotiated rates and historical out-of-network (OON) allowed amounts, to the public via machine-readable files posted to a website. (See the October 10, 2023, edition of Compliance Corner for additional information.) Additionally, these plans must provide participants with personalized cost-sharing information for covered services via an online self-service tool, in paper form (upon request), as well as over the phone. The rule has phased-in effective dates from 2022 to 2024, with all items and services required to be available via an online self-service tool for plan years beginning in 2024.
Under the cost-sharing tool requirement, plans must disclose the following cost-sharing information at the request of a participant:
In this FAQ, the departments recognize that in certain limited circumstances, plans and insurers may not be able to provide accurate cost-sharing estimates as required by the TiC Final Rules for items and services with extremely low utilization rates. The departments advise that they are likely to exercise discretion, on a case-by-case basis, not to bring enforcement actions against plans and insurers that fail to include in their self-service tool or fail to provide over-the-phone cost-sharing information for items and services for which a cost estimate for such items and services would need to be based on past claims data and for which there have been fewer than 20 different claims in total over the past three years. For these items and services, the plan or insurers should indicate on the self-service tool that the item or service is covered but that a specific cost estimate is not available according to the TiC Final Rules because of insufficient data. The self-service tool should also encourage the enrollees to contact the plan or insurer for more information on applicable cost-sharing requirements. Where the participant or beneficiary reaches out to the plan directly (rather than using the self‑service tool), the plan should provide all available relevant information (e.g., information available on the SBC).
Employers that sponsor non-grandfathered group health plans should be aware of the recently released FAQ. For further information regarding the cost-sharing tool or other TiC or CAA 2021 requirements, employers should contact their NFP consultant for a copy of our Transparency and CAA 2021 Obligations of Group Health Plans publication.
On December 5, 2023, in Ian C. v. United Healthcare Ins. Co., the Tenth Circuit Court of Appeals (Tenth Circuit) reversed the district court’s ruling that the defendant’s claim denial was not arbitrary and capricious because the defendant did not provide a “full and fair review” of the plaintiff’s claims.
The plaintiff was a participant covered by an employer-sponsored group health plan. The plaintiff’s son underwent inpatient residential treatment for mental health and substance abuse issues, and the plaintiff submitted claims to the plan on behalf of his son. The defendant, UnitedHealthcare Insurance Company, was the claims fiduciary for the plan and was responsible for determining whether the plan would cover the treatment. After approving coverage for the first two weeks of treatment, the defendant determined that further treatment was medically unnecessary and denied coverage. The plaintiff exhausted the plan’s appeals process, but the appeal reviewers supported the defendant’s determination that further coverage was unnecessary. The plaintiff then took the defendant to court, where the court found for the defendant. The plaintiff then appealed to the Tenth Circuit.
The Tenth Circuit applied an arbitrary and capricious standard to the defendant’s denials. Under ERISA, which governs employer-sponsored group health plans, the plan can authorize the plan administrator to determine benefits on a discretionary basis, which is the case here. Accordingly, the arbitrary and capricious standard is a deferential standard that will uphold the administrator’s decisions so long as they are made on a reasoned basis and are supported by substantial evidence. In addition, under ERISA, the administrator must provide a full and fair review of claims, in which the administrator must consider the claimant’s evidence and consider all grounds for coverage raised by the claimant.
Applying this standard to the defendant’s initial denial, the Tenth Circuit determined that the defendant failed to consider evidence provided by the plaintiff that supported their claim for coverage and did not consider all the grounds for coverage put forth by the claimant. The arbitrary and capricious standard also requires that administrative appeals of adverse decisions provide a full and fair review, which means that the appeal must reevaluate the claims with a clean slate. Despite the presence of the evidence in the record that supported the plaintiff’s grounds for coverage, the subsequent denials deferred to the initial reviewer’s findings. After making these determinations, the Tenth Circuit concluded that the defendant’s actions were arbitrary and capricious and remanded the matter back to the district court for further deliberation.
Employers should make sure that their plans’ appeals process considers all of the evidence provided by claimants and all grounds that the claimants put forth to justify coverage.
The IRS recently released the updated Publication 969: Health Savings Accounts and Other Tax-Favored Health Plans for use in preparing 2023 tax returns. This publication provides information about consumer-directed healthcare vehicles such as Health Savings Accounts (HSAs), Medical Savings Accounts (MSAs), Flexible Spending Arrangements (FSAs) and Health Reimbursement Arrangements (HRAs).
The update includes reminders on important guidance and other provisions for these plans, including:
Sunsetting of COVID-19 relief for HDHPs. In accordance with the COVID-19 public health emergency, the IRS released Notice 2020-15, which allowed HDHPs to provide COVID-19 testing and other treatment benefits without a deductible or below the applicable HDHP minimum deductible without jeopardizing HSA eligibility. After the announced end of the COVID-19 emergency in May of 2023, the IRS released Notice 2023-37, which made the 2020 relief applicable only for plan years ending on or before December 31, 2024. Additionally, Notice 2023-37 clarified that COVID-19 testing would be treated as preventive care under HSA eligibility rules where the testing was designated with an “A” or “B” rating by the United States Preventive Services Task Force.
Telehealth and other remote care service provisions. HDHPs may have a $0 deductible for telehealth and other remote care services for plan years beginning before 2022, months beginning after March 2022 and before 2023, and plan years beginning after 2022 and before 2025. Also, an “eligible individual” remains eligible to make contributions to their Health Savings Account (HSA) even if the individual has coverage outside of the HDHP during these periods for telehealth and other remote care services.
Surprise billing for emergency services or air ambulance services. For plan years beginning after 2021, HDHPs may provide benefits under federal and state anti-“surprise billing” laws with a $0 deductible without affecting HSA eligibility. Also, an HSA-eligible individual will remain HSA-eligible even if the individual receives anti-"surprise billing” benefits outside of the HDHP.
Insulin products. For plan years beginning after 2022, HDHPs may have a $0 deductible for selected insulin products without affecting HSA eligibility.
COVID-19 home testing and personal protective equipment (PPE). The cost of home testing for COVID-19 and the costs of PPE, such as masks, hand sanitizer and sanitizing wipes, for the primary purpose of preventing the spread of COVID-19 are eligible medical expenses that can be paid or reimbursed under health FSAs, HSAs, HRAs and MSAs.
Over-the-counter (OTC) medicine. OTC medicine (whether or not prescribed) and menstrual care products are treated as medical care for amounts paid after 2019 and, as such, are eligible expenses for FSAs, HSAs, HRAs, and MSAs.
On February 8, 2024, HHS released a final rule modifying the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations under 42 CFR Part 2 (referred to as “Part 2”). The final rule implements confidentiality rules required under the CARES Act to align certain aspects of Part 2 with HIPAA rules.
The final rule implements many of the proposed modifications originally published in the December 2, 2022, Notice of Proposed Rulemaking (NPRM), which we discussed in a prior Compliance Corner article. Among other items, these changes include the following:
In addition to the changes from the NPRM, the final rule further modifies Part 2 in the following ways:
Persons subject to the rule must comply within two years of publication of the final rule. HHS will develop guidance on how to comply with the new requirements. Group health plan sponsors should be aware of the final rule and consult with their insurers or service providers regarding implementing the changes to Part 2 record protections.
January 30, 2024
In January, the DOL issued five fact sheets that focus on different aspects of the FMLA.
Fact Sheet 28D explains employers’ obligations to provide employees with information about their FMLA rights and responsibilities. The FMLA requires employers to distribute the following notices to employees who request leave that could qualify as FMLA leave: the General Notice; the Eligibility Notice; the Rights and Responsibilities Notice; and the Designation Notice. The fact sheet describes the function of each notice, as well as the appropriate time to distribute them. The fact sheet also reminds employers of the consequences of failing to provide the notices and notes that the FMLA does not preclude any requirements imposed by state law.
Fact Sheet 28E explains how employees request FMLA leave. To start, the fact sheet summarizes who is eligible for FMLA leave and the reasons for which eligible employees can take this leave. The fact sheet then reminds employees to follow procedures for requesting leave as outlined in their employers’ leave policies. Although an employee does not have to state that they are seeking FMLA leave, they should provide the employer with enough information to allow the employer to conclude that the leave is FMLA leave and designate it accordingly. In any event, the fact sheet reminds employees that they should provide at least 30 days’ notice, if possible. The fact sheet also reminds employees of the consequences of failing to provide a proper request for FMLA leave and notes that the FMLA does not preclude any requirements imposed by state law.
Fact Sheet 28H explains the four options that employers may use to establish the 12-month period for taking FMLA leave for most leave reasons. The fact sheet reminds employers that eligible employees may use up to 12 workweeks of FMLA leave in a defined 12-month period or “leave year.” The four options for establishing the leave year are:
Fact sheet 28I explains how to count the amount of leave available and the amount of leave used under the FMLA. The fact sheet states that an employee’s entitlement to FMLA leave may be converted from workweeks to an hourly equivalent, a process based on the employee’s total normally scheduled hours. The fact sheet provides examples and highlights special rules for situations when it is physically impossible for an employee using intermittent leave or working a reduced leave schedule to begin or end work midway through a shift, as well as rules for airline flight crews.
Finally, Fact Sheet 28L explains the amount of FMLA leave available to spouses who work for the same employer. Under the FMLA, spouse means a husband or wife as defined or recognized in the state where the individual was married, including individuals in a common-law marriage and married same-sex couples. Under the FMLA, spouses who work for the same employer share the total number of workweeks of FMLA leave available for certain reasons:
Spouses may each use a total of 12 workweeks of FMLA leave in a leave year for:
The fact sheet provides examples of how this is administered.
Covered employers with eligible employees should be aware of these fact sheets.
Fact Sheet 28D »
Fact Sheet 28E »
Fact Sheet 28H »
Fact Sheet 28I »
Fact Sheet 28L »
On December 19, 2023, the US Court of Appeals for the Eleventh Circuit (the Eleventh Circuit) filed an opinion in W.A. Griffin, MD v. Blue Cross Blue Shield Healthcare Plan of Georgia, Inc., per curiam, affirming the decision of the district court that an assignment of benefits by a patient to a medical provider did not include sufficiently explicit language to transfer the right to bring nonpayment, statutory penalty suits under ERISA.
Plaintiff W.A. Griffin (Griffin) is a medical provider who sued Blue Cross Blue Shield (BCBS) under ERISA Section 502(c)(1)(B), seeking statutory penalties of up to $100 per day for failing to comply with requests to provide plan documents. Griffin had obtained an assignment of benefits from a patient and claimed a derivative right to sue BCBS under that assignment. The district court dismissed Griffin’s complaint and the Eleventh Circuit affirmed that dismissal.
As in South Coast Specialty Surgery Center, Inc. v. Blue Cross of California dba Anthem Blue Cross (the South Coast case), reported in the Compliance Corner article on January 17, 2024, the Eleventh Circuit quoted itself from a 2021 opinion that a healthcare provider “may obtain derivative standing for payment of medical benefits through a written assignment from a plan participant or beneficiary.”
The Eleventh Circuit also reiterated that a written assignment of the right to recover benefits provided by an ERISA plan does not necessarily transfer the right to pursue nonpayment claims, including statutory penalties. This case, therefore, turned on whether the assignment of benefits gives Griffin the right to bring both payment and nonpayment (breach of fiduciary duties and statutory penalties) claims.
The Eleventh Circuit concluded that the assignment upon which Griffin relied did not include sufficiently explicit language to transfer the right to bring nonpayment, statutory penalty suits under ERISA. In the South Coast case, the provider was allowed to submit claims to the plan administrator and to sue the administrator when the administrator declined to pay. But in Griffin, the provider could not sue the administrator for failing to comply with a request for plan documents.
In a second case brought by Griffin, also based on an assignment of benefits and decided two days later, the Eleventh Circuit found that the health plan contained an express anti-assignment provision prohibiting participants from assigning benefits to third parties. Holding that an “unambiguous anti-assignment provision in an ERISA-governed welfare benefit plan is valid and enforceable,” the Eleventh Circuit affirmed the district court’s dismissal of Griffin’s case.
Although the ultimate outcomes of these decisions differ, the takeaway is that medical providers may generally submit claims and sue the plan administrator for the payment of claims through an assignment of benefits. However, an assignment of benefits does not convey a participant’s (patient’s) right to sue to enforce nonpayment claims (such as the failure to abide by fiduciary duties like providing plan documents upon request) unless the assignment has specific wording to that effect.
Although insurers and TPAs typically address claims on behalf of a group health plan, plan sponsors should be aware of these recent decisions and the provisions of their plan documents regarding the limitations of participants’ assignment of benefits to healthcare providers.
W.A. Griffin, MD v. Blue Cross Blue Shield Healthcare Plan of Georgia, Inc. »
January 17, 2024
On January 9, 2024, the DOL announced its final rule on worker classification for purposes of the Fair Labor Standards Act (FLSA).
The FLSA became law in 1938 and established the federal minimum wage, overtime pay requirements, and other protections for employees. However, the FLSA defines “employee” very generally as “any individual employed by an employer.” Accordingly, a multifactor test eventually emerged in the federal courts to determine whether a worker was an employee subject to the FLSA or, in the alternative, an “independent contractor,” to whom FLSA protections would not apply.
The DOL ultimately adopted a substantially similar version of this test – called the “economic realities” test – which applied six factors, equally weighed, to the question of worker classification:
In early January 2021, the DOL under President Trump issued regulations identifying just two of these – control over the work and the opportunity for profit and loss – as the two “core” factors for classifying workers, with other factors playing a secondary role in the analysis at best.
Set to go into effect on March 11, 2024, this new rule rescinds and replaces this “core factor” rule with the six-factor “economic realities” test, essentially restoring the traditional framework for worker classification used for decades before 2021.
While this change applies to the determination of employee status under the FLSA, there is an indirect yet still significant impact on similar analyses undertaken by employee benefit plans for purposes of determining employee status under ERISA or the Internal Revenue Code (e.g., for determining employer shared responsibility penalties) which also generally employ multifactor standards similar to that reinstated by the DOL for purposes of FLSA application. Employers should be aware of the issuance of the final rule and consult with employment law counsel if they have any concerns regarding the proper classification of their workers.
Federal Register: Public Inspection – Combined Filings »
Fact Sheet 13: Employment Relationship Under the Fair Labor Standards Act (FLSA) »
On January 11, 2024, the DOL published a final rule adjusting civil monetary penalties under ERISA. The annual adjustments relate to a wide range of compliance issues and are based on the percentage increase in the consumer price index for all urban consumers (CPI-U) from October of the preceding year. The DOL last adjusted certain penalties under ERISA in January of 2023.
Highlights of the 2024 penalties that may be levied against sponsors of ERISA-covered plans include:
These adjusted amounts are effective for penalties assessed after January 15, 2024, for violations that occurred after November 2, 2015. The DOL will continue to adjust penalties no later than January 15 of each year and will post any changes to penalties on its website.
To avoid the imposition of penalties, employers should ensure ERISA compliance for all benefit plans and stay updated on ERISA’s requirements. For more information on the new penalties, including the complete list of changed penalties, please consult the final rule linked below.
On January 10, 2024, the Ninth Circuit Court of Appeals (the Ninth Circuit) ruled that an assignment of benefits includes the right of South Coast Specialty Surgery Center, Inc. (South Coast) to sue Blue Cross of California dba Anthem Blue Cross (Anthem) under ERISA Section 502(a) for Anthem’s alleged failure to fully reimburse the costs of medical services provided to South Coast’s patients. The Ninth Circuit reversed the district court’s dismissal of South Coast’s claim and remanded the case to the district court for further action.
Prior to 2019, South Coast submitted claims for services provided to Anthem participants and received payment from Anthem pursuant to assignments of benefits, which South Coast required patients to sign as a condition of treatment. The relevant wording of the assignment read, “I hereby authorize my insurance company to pay by check made payable and mailed directly to (South Coast) for the medical and surgical benefits allowable, and otherwise payable to me under my current insurance policy, as payment toward the total charges for the services rendered. I understand that as a courtesy to me, (South Coast) will file a claim with my insurance company on my behalf.” In 2019, however, Anthem instituted a “prepayment review“ process, which significantly curtailed its coverage for the costs of South Coast’s procedures. South Coast alleges that Anthem failed to follow ERISA plan requirements and failed to provide appropriate benefits for approximately 150 claims, resulting in a potential shortfall exceeding $5.4 million.
ERISA allows plan participants, plan beneficiaries, and plan fiduciaries to sue insurers and plan administrators but South Coast is not a plan participant, beneficiary, or fiduciary in the Anthem plans. The district court ruled that the assignment of benefits gave South Coast the right to bill Anthem directly, but the assignment did not include the right to sue to enforce collection. The Ninth Circuit, however, concluded that “an assignment of the right to receive benefits generally includes the right to sue for nonpayment of benefits,” a conclusion, the Ninth Circuit said, that aligns with its prior opinions as well as other circuits’ opinions. But the Ninth Circuit noted they were not holding that all assignments of the right to benefits – regardless of who made the assignment and who received it – necessarily confer the right to sue under ERISA. Rather, the decision was limited to whether Section 502(a) of ERISA permits a healthcare provider to bring a suit seeking the payment of benefits when it has been given a valid assignment to do so.
Although carriers and TPAs typically address claims for most group health plans, employers may want to be aware of this decision.
South Carolina Specialty Surgical Center, Inc. v Blue Cross of California dba Anthem Blue Cross »
Recently, HHS released a set of FAQs concerning an individual’s right to access health information. HIPAA requires covered entities, which include insurers and self-insured group health plans, to provide individuals with access to their protected health information (PHI), such as medical records, information related to enrollment, payment, or claims adjudication, and other records used by the covered entity to make decisions about those individuals. This right of access includes the right to obtain copies (paper or electronic) of the PHI and the right to direct the covered entity to transmit copies of the PHI to persons or entities designated by the individual. This right of access remains for as long as the covered entity maintains the PHI, and it extends to archived material too.
The new guidance clarifies details concerning this right of access. First, the guidance confirms that a covered entity can charge the requesting individual a fee for providing the PHI. However, that fee can only include the cost of the labor for creating and delivering the PHI (not for searching and retrieving, or reviewing the PHI), supplies (although this does not allow the covered entity to require the individual to purchase portable media), and postage. Covered entities cannot pass on the costs they may pay to business associates for creating or delivering the PHI, nor can they pass on costs authorized by state-authorized fees. The guidance provides several methods for calculating the fee, including an “actual costs” method, an “average costs" method, and a “flat fee" method. Covered entities must provide an estimate of the fee to the requesting individual before fulfilling their request.
Although the covered entity can impose these fees, the guidance asserts that covered entities should provide PHI to requesting individuals free of charge, especially in cases where the individual may not be able to afford the fees. The guidance also states that if the individual can access the PHI electronically via a certified electronic health record technology (CEHRT) established by the covered entity, then the covered entity should not charge a fee for that access.
The guidance also clarifies the individual’s right to send PHI directly to a third party. If an individual submits a written request to a covered entity that clearly identifies where and to whom the PHI should be sent, then the covered entity is obliged to send the PHI to that third party. The individual’s personal representative, as determined by state law, also has the right to direct a covered entity on behalf of the individual.
The covered entity may rely on the information provided in writing by the individual about the identity of the designated person and where to send the PHI for purposes of verification of the designated third party as an authorized recipient. However, they must implement reasonable safeguards in otherwise carrying out the request, such as taking reasonable steps to verify the identity of the individual making the access request and to enter the correct information into the covered entity's system, as well as safeguarding the PHI in transit to the third party.
The covered entity is obligated to notify the individual and HHS of any breach that occurs when it provides the PHI to a third party and comply with other breach notification obligations imposed by HIPAA. However, the covered entity is not responsible for breaches that occur when transmitting the PHI to a third party if it does so in an unsecured manner as directed by the individual (after being warned of the risks). The covered entity is also not responsible for any breaches that occur once the PHI is delivered to the third party.
The guidance also clarifies what information is subject to this right of access. As mentioned above, the individual has access to a large amount of data (collectively, this data is referred to as “designated record sets”). Examples of this type of information include certain quality assessment or improvement records, patient safety activity records, or business planning, development, and management records that are used for business decisions more generally rather than to make decisions about individuals. Note that individuals do not have a right to access information about the individual compiled in reasonable anticipation of, or for use in, a legal proceeding (but the individual retains the right to access the underlying PHI from the designated record set(s) about the individual used to generate the litigation information).
Covered entities may deny a request for information compiled in reasonable anticipation of, or for use in, a legal proceeding, included in psychotherapy notes, or determined by a licensed healthcare professional to be reasonably likely to endanger the physical safety of the individual or someone else if it is provided. The guidance stresses that these are very limited circumstances and that covered entities are generally obliged to provide requested information.
Finally, the guidance discusses the timelines within which a covered entity must provide the requested information. Under the HIPAA Privacy Rule, a covered entity must act on an individual's request for access no later than 30 calendar days after receipt of the request. If the covered entity is not able to act within this timeframe, the entity may have up to an additional 30 calendar days as long as it provides the individual – within that initial 30-day period – with a written statement of the reasons for the delay and the date by which the entity will complete its action on the request. The 30-day clock starts on the date that the covered entity receives a request for access. The guidance also stresses that the 30-day deadline is an outer limit and that HHS expects covered entities to provide requested information sooner than that.
Although insurers and TPAs for self-insured group health plans typically address requests regarding an individual’s access to health information, plan sponsors should be aware of this guidance.
The IRS recently published the 2024 IRS Publication 15-B, the Employer's Tax Guide to Fringe Benefits. This publication provides an overview of the taxation of fringe benefits and applicable exclusion, valuation, withholding, and reporting rules.
The IRS updates Publication 15-B each year to reflect any recent legislative and regulatory developments. Additionally, the publication provides the applicable dollar limits for various benefits for 2024.
The “What’s New” section of the publication includes:
Qualified parking exclusion and commuter transportation benefit. The monthly exclusion for qualified parking is $315, and the monthly exclusion for commuter highway vehicle transportation and transit passes is $315 in 2024.
Contribution limits for health FSAs. For plan years beginning in 2024, a cafeteria plan may not allow employees to request salary reduction contributions to health FSAs greater than $3,200.
The complete list of the IRS-released 2024 inflation-adjusted limits was covered in the December 5, 2023, edition of Compliance Corner.
Additionally, the publication includes important reminders, including additional permitted mid-election changes for health coverage under a cafeteria plan (Notice 2014-55).
Employers should be aware of the availability of the 2024 Publication 15-B.
January 03, 2024
On December 13, 2023, the US Court of Appeals for the Eleventh Circuit (Eleventh Circuit) held in Lapham v. Walgreen Co., that to prove Family and Medical Leave Act (FMLA) retaliation or interference claims, an employee must establish that an adverse employment decision was because of an FMLA leave request, not just motivated by the request.
Plaintiff Doris Lapham worked for Walgreens in various roles and at multiple store locations for over a decade. Between 2011 and 2016, Ms. Lapham took intermittent FMLA leave to care for her disabled son. During that same period, Ms. Lapham received poor to average performance evaluations. In early 2017, Ms. Lapham was placed on a sixty-day Performance Improvement Plan, which is required for all of Walgreens’ employees who score below a certain level on performance evaluations. Around the same time, Ms. Lapham submitted a request for intermittent FMLA leave over the next 12 months, similar to her previous requests.
While the FMLA leave request was pending, Ms. Lapham’s manager discussed Ms. Lapham’s poor work performance with Walgreens’ HR, citing instances of her disregarding instructions, lying to management, and sabotaging the store. That HR discussion included a reference to the pending FMLA leave request. Walgreens’ HR instructed Ms. Lapham’s manager to properly document instances of insubordination and refrain from disciplining Ms. Lapham for any attendance issues until the FMLA leave request was approved or denied. Soon thereafter, Walgreens terminated Ms. Lapham’s employment, citing poor performance, insubordination, and dishonesty. Ms. Lapham’s FMLA leave request was denied based on the termination.
Ms. Lapham then sued her former employer, alleging FMLA retaliation and interference, arguing that her FMLA leave request was a motivating factor in Walgreens’ decision to terminate her employment. The Eleventh Circuit ruled in favor of Walgreens, finding that in order to succeed on an FMLA claim of retaliation or interference, an employee must prove the employment termination was because of the leave request (or “but-for”), not merely a motivating factor. It’s important to note that this standard differs among federal courts across the country — some courts apply a more lenient “motivating factor” standard, making it easier for employees to succeed on FMLA interference or retaliation claims.
The Lapham case serves as a good reminder to employers to have clear and consistent FMLA leave processes. Supervisors, managers, or other employer-designated agents handling FMLA leave requests must be trained to not interfere with an employee’s right to seek FMLA leave. Beginning with an employee’s initial inquiry, communications regarding leave should be documented in a way that prevents any misunderstanding between employer and employee. Especially given the varying standards for proving FMLA claims, any contemporaneous employee disciplinary actions should be reviewed with employment law counsel.
On December 20, 2023, the DOL proposed rescinding a 2018 rule that created alternative criteria that could be used to determine whether a group or association of employers could establish an association health plan (AHP). The rule allows employers without a commonality of interest to form AHPs if they are in the same state or metropolitan area. Further, AHPs can form for the primary purpose of providing benefits (something that was prohibited before 2018) if they can show a “substantial business purpose,” which includes minimal proof — anything from setting business standards and practices to publishing a newsletter. Importantly, the 2018 rule also allows an AHP to cover non-employees (sole proprietors, independent contractors, partners, and other businesses without any employees).
However, in 2019, the US District Court for the District of Columbia, in New York v. DOL, invalidated the 2018 rule. The court concluded that the DOL did not reasonably interpret ERISA and that the primary provisions of the 2018 rule must be invalidated. Those primary provisions are the expanded definition of “commonality of interest” and the inclusion of working owners. Specifically, the court stated that the commonality of interest expansion in the 2018 rule failed to meaningfully limit the types of associations that could qualify as sponsors of an ERISA plan. In addition, because ERISA is meant to regulate benefit plans that arise from employment relationships, the inclusion of working owners impermissibly expanded ERISA’s regulation to plans outside of such employment relationships. The court concluded that the rule ignored ERISA’s definitions and structure, case law, and ERISA’s 40-year history of excluding employers without employees. Accordingly, the court remanded the matter back to the DOL.
The DOL states that the 2018 rule was never fully implemented, and the department is not aware of any existing AHP formed based on the rule. Accordingly, the DOL proposes to “rescind in full the 2018 rule to resolve any uncertainty regarding the status of the standards established under the rule, allow for a reexamination of the criteria for a group or association of employers to be able to sponsor an AHP, and ensure that guidance being provided to the regulated community is in alignment with ERISA’s text, purposes and policies.”
Employers who are considering creating an AHP should be aware of this proposal. The deadline to submit comments is February 20, 2024.
US Department of Labor, Press Release
FederalRegister.gov, Rule Proposal: Definition of Employer – Association Health Plans
On December 21, 2023, the IRS, DOL, and HHS (collectively, the agencies) issued a final rule related to fees established by the No Surprises Act for the federal independent dispute resolution (IDR) process under the Consolidated Appropriations Act, 2021 (CAA). The IDR process comes into play when health plans and issuers and providers, facilities and providers of air ambulance services cannot agree on an appropriate payment for out-of-network items and services. Two types of fees apply to the process: an administrative fee paid to the applicable federal agency and a fee paid to the certified IDR entity.
The final rule, finalizing the proposed rule from September 2023, amends the existing regulations following an August 3, 2023, Texas court case (Texas Medical Association v. HHS; see August 15, 2023, NFP Compliance Corner article) that set aside an increase in IDR fees that were established without official regulatory action. The final rule provides that, going forward, the administrative and IDR entity fees will be established by the agencies in notice and comment rulemaking (no more frequently than once per calendar year) rather than by guidance published annually. The CAA requires that the administrative fees paid each year should be estimated to be equal to the amount of expenditures that are estimated to be made by the agencies each year in carrying out the IDR process.
The final rule also sets the fees for disputes initiated on or after the effective date of the final rule, which is January 20, 2024. The administrative fee will be $115 per party. The certified IDR entity fee will range from $200 to $840 for single determinations and $268 to $1,173 for batched determinations. Certified IDR entities may establish an additional fee, ranging from $75 to $250 for each increment of 25 dispute line items included in a batched dispute, beginning with the 26th line item. The agencies also issued a fact sheet that summarizes the Final Rule.
Most plan sponsors rely upon their carrier or TPA to resolve out-of-network payment disputes subject to the No Surprises Act but should have a general awareness of the IDR process and related guidance.