No Surprises Act – Overview of IDR Process

The No Surprises Act (NSA) became effective on January 1, 2022.  It prohibits surprise billing in certain circumstances.  Surprise billing occurs when a patient receives an unexpected bill, often for a large amount, from an out of network (OON) provider without having a prior opportunity to select the provider.  The patient’s health plan typically does not cover the full amount of the OON charges and the provider “balance bills” the patient for the outstanding amount. The NSA targets common circumstances where surprise billing occurs, including charges for emergency services furnished by an OON provider or facility, air ambulance services furnished by an OON provider of air ambulance services, or nonemergency services furnished by an OON provider at an in-network facility.

Under the NSA the patient is effectively cut out of the billing dispute—the patient only pays the in-network cost sharing amounts, and the plan must pay under either an state All-Payer Model Agreement or other specified state law.  If there is no such Model Agreement or state law, which will often be the case, the following process applies:

Step 1. The plan must send an Initial Payment or Notice of Denial of Payment within 30 calendar days of receipt of a clean claim covered by the NSA.

Step 2. An open negotiation period must be initiated within 30 business days beginning on the day the OON provider receives either an initial payment or a notice of denial of payment.  The open notice period begins on the day on which the open negotiation notice is first sent by a party.  Care should be taken to ensure that the notice complies with specified requirements.

Step 3.  The parties must exhaust the open negotiation period.  Upon exhausting the open negotiation period, and if open negotiation is unsuccessful, either party may request resolution under the Federal Independent Dispute Resolution (IDR) process whereby a certified independent dispute resolution entity will review the case and determine the final payment amount.  The Notice of IDR Initiation must be sent to the other party and to the Departments within 4 business days after the close of the open negotiation period.  The notice must be submitted to the Departments through the Federal IDR portal at  The Notice must contain specific information including the initiating party’s preferred certified IDR entity. The non-initiating party can accept the initiating party’s preferred certified IDR entity or object and propose another certified IDR entity.

Step 4.  The non-initiating party has 3 business days to object (including conflict of interest concerns) and propose another certified IDR entity.  If the non-initiating party fails to object it will be deemed to have accepted the initiating party’s preferred certified IDR entity.

Step 5.  Within 4 business days after the date of initiation of the Federal IDR Process the initiating party must notify the Departments that the parties have agreed on a certified IDR entity, or that the Departments should randomly select a certified IDR entity. Within this period the non-initiating party must notify the Departments if it contends the Federal IDR Process is not applicable. The Departments will supply this information to the selected certified IDR entity, who must determine whether the Federal IDR Process is applicable.  The IDR timeframes will continue to apply while the applicability issue is under review.  If the selected IDR entity cannot participate the Departments will notify the parties, and they will have 3 business days to select another certified IDR entity, or, if the parties indicated that they cannot agree on a certified IDR entity, the Departments will randomly select another certified IDR entity. The NSA allows for multiple qualified claims to be considered as part of a single IDR determination (batching) when the claims involve the same provider(s), plans, items, and services, and were incurred in the same 30/90-day period.

Step 6.  If necessary, the Departments will make a random selection of a certified IDR entity within 6 business days after IDR initiation. The certified IDR entity may invoice the parties for administrative fees at the time of selection.  These fees are estimated by the Departments to be $400 on average, and within the range of $200-$500, or $268-$670 for batched claims.

Step 7.  Within 3 business days of selection, the certified IDR entity must submit an attestation that it does not have a conflict of interest and a determination that the Federal IDR Process is applicable.

Step 8.  Within 10 business days after selection of the certified IDR entity each party must submit its offer (the amount it contends should be paid to satisfy the claim) and pay the certified IDR entity fee (which will be held in a trust or escrow account by the certified IDR entity), and the administrative fee which is a separate paid to the Departments.  An offer will not be considered received by the certified IDR entity until the certified IDR entity fee and the administrative fee have been paid.  The offer must include both a dollar amount and a percentage of the QPA (which is the median of the contracted rates recognized by the plan for the same or similar item or service that is provided by a provider in the same or similar specialty and provided in the same geographic region).  Different QPAs should be provided if applicable for batched claims. If a party fails to make a timely or complete offer the certified IDR entity will select the other party’s offer as the final payment amount.

Step 9.  Within 30 business days after the date of its selection the certified IDR entity must determine the payment amount (the parties may continue to negotiate up to the time the certified IDR entity makes its determination, in which case the initiating party has 3 business days to notify the entity and the departments of the agreement).  The certified IDR entity must select one of the offers submitted and notify the parties and the Departments of its decision.  The certified IDR entity must consider “credible” information submitted by the parties which relate to the offers, and which are not prohibited (usual and customary rates, billed charges, and Medicare rates).  Additional information (different for air ambulance and non-air ambulance items and services) may be considered such as training, experience, quality of outcomes, market share, acuity of the patient, teaching status, case mix, scope of services, and good faith effort by the provider to enter into network arrangements.

Step 10.  Any amount due from one party to the other party must be paid within 30 calendar days after the determination by the certified IDR entity. The certified IDR entity must refund the prevailing party’s certified IDR entity fee paid within 30 business days after the determination. The certified IDR entity’s decision is binding upon the parties unless there is fraud or evidence of intentional misrepresentation of material facts to the certified IDR entity.

Here are some other general rules related to the IDR process:

Cooling off period.  The party that initiated the Federal IDR Process may not submit a subsequent Notice of IDR Initiation involving the same other party with respect to a claim for the same or similar item or service that was the subject of the initial Notice of IDR Initiation during the 90-calendar-day suspension period following the determination.

Extensions.  May be made for good cause in extenuating circumstances (such as natural disasters).  Payment periods cannot be extended.

Recordkeeping and Reporting.  Certified IDR entities must maintain records of all claims and notices associated with the Federal IDR Process with respect to any payment determination for 6 years. Certified IDR entities must report certain data within 30 business days of the close of each month through the Federal IDR portal.  The reporting must be done to maintain certification.

Confidentiality.  Certified IDR entities must maintain confidentiality and security regarding individually identifiable health information (IIHI) and must report any breaches of confidentiality.

Revocation of Certification.  The Departments may revoke the certification of a certified IDR entity if the entity demonstrates incompetence or failure to comply with the Federal IDR Process.

Resources (including links to model notices and forms).

Additional DOL Guidance on Free Over-the-Counter COVID Tests

This is a supplement to our January 16, 2022 post on the new requirements related to health plans providing free over-the-counter COVID tests.

Last Friday (February 4), the DOL issued additional guidance on this topic, which confirms that a direct to consumer shipping program is required (if a health plan wants to be able to limit reimbursement for OON to $12, as we described in our January 16 post) and also provides a few new wrinkles:

  • At Least One Direct to Consumer Shipping Mechanism Generally Required.  “Q1: Do plans and issuers have flexibility in how they establish a direct-to-consumer shipping program and direct coverage through an in-person network in order to qualify for the safe harbor established in FAQs Part 51, Q2?  Yes. In response to questions raised by stakeholders, the Departments are revising the requirements of the safe harbor established in FAQs Part 51, Q2 to ensure that plans and issuers have significant flexibility in how they provide access to OTC COVID-19 tests under those requirements. In order to meet the requirements of the safe harbor, plans and issuers must provide direct coverage by ensuring participants, beneficiaries, and enrollees have adequate access to OTC COVID-19 tests with no upfront out-of-pocket expenditure. For this purpose, whether a plan or issuer provides adequate access through its direct coverage program will depend on the facts and circumstances, but will generally require that OTC COVID-19 tests are made available through at least one direct-to-consumer shipping mechanism and at least one in-person mechanism. [The Departments recognize that there may be some limited circumstances in which a direct coverage program could provide adequate access, and therefore satisfy the requirements of the safe harbor, without establishing both a direct-to-consumer shipping mechanism and an in-person mechanism. For example, if a small employer’s plan covers only employees who live and work in a localized area, it could be possible that distribution at a nearby location constitutes adequate access to OTC COVID-19 tests without establishing a direct-to-consumer shipping mechanism.]  “Direct coverage” may be provided through a number of mechanisms, including, but not limited to, a direct-to-consumer shipping program that allows for orders to be placed online or by telephone; the plan’s or issuer’s pharmacy network; other non-pharmacy retailers (including through distribution of coupons for enrollees to receive tests from certain retailers without cost-sharing); and alternative OTC COVID-19 test distribution sites established by, or on behalf of, the plan or issuer (such as a standalone drive-through or walk-up distribution site, including a site that operates independently of a pharmacy or other retailer).”

M&T Commentary:  To the extent that clients are not yet able to provide the direct to consumer shipping program, the bracketed language above – and the “number of mechanisms” language – is what we are going to rely on – on a very temporary basis – to say that we are complying with the safe harbor until the direct to consumer shipping program is up and running.  It is not crystal clear that this works but many other employers and PBMs are working hard to get the direct to consumer shipping program up and running since this guidance was issued so recently.  The example provided above for a “limited circumstance” involving a “small employer” whose employees “live and work in a localized area” without a consumer shipping mechanism available, cannot be used by larger employers to somehow try to bypass the direct to consumer shipping requirement.

  • Plan Participants Must Be Made Aware of Key Information.  In order to facilitate consumer access and provide for a seamless experience in obtaining OTC COVID-19 tests with no upfront out-of-pocket expenditure, plans and issuers should ensure that participants, beneficiaries, and enrollees are aware of key information needed to access OTC COVID-19 testing, such as which tests are available under the direct coverage program, and if the plan or issuer offers different mechanisms for obtaining tests under its direct coverage program, which tests are available under each mechanism.
  • Direct to Consumer Shipping Mechanism Can Take Different Shapes As Long As Individual Can Order and Get at Home.  This FAQ clarifies that a direct-to-consumer shipping mechanism is any program that provides direct coverage of OTC COVID-19 tests for participants, beneficiaries, or enrollees without requiring the individual to obtain the test at an in-person location. A direct-to-consumer shipping mechanism can include online or telephone ordering and may be provided through a pharmacy or other retailer, the plan or issuer directly, or any other entity on behalf of the plan or issuer. A direct-to-consumer shipping program does not have to provide exclusive access through one entity, as long as it allows a participant, beneficiary, or enrollee to place an order for OTC COVID-19 tests to be shipped to them directly. For example, if a plan or issuer has opted to provide direct in-person coverage of OTC COVID-19 tests through specified retailers, and those retailers maintain online platforms where individuals can also order tests to be delivered to them, the Departments will consider the plan or issuer to have provided a direct-to-consumer shipping mechanism.
  • Plan Must Pay Shipping Costs.  When providing OTC COVID-19 tests through a direct-to-consumer shipping program, plans and issuers must cover reasonable shipping costs related to covered OTC COVID-19 tests in a manner consistent with other items or products provided by the plan or issuer via mail order.
  • In Person Mechanism Must Provide Adequate Number of Locations.  When implementing an in-person mechanism, a plan or issuer must ensure that participants, beneficiaries, or enrollees have access to OTC COVID-19 tests through an adequate number of locations (which could include pharmacies and other retailers, or independent distribution sites set up by, or on behalf of, a plan or issuer). As the Departments noted in FAQs Part 51, Q2, whether there is adequate access should be determined based on all relevant facts and circumstances, such as the locality of participants, beneficiaries, or enrollees under the plan or coverage; current utilization of the plan’s or issuer’s pharmacy network by its participants, beneficiaries, or enrollees, when making such coverage available through a pharmacy network; and how the plan or issuer notifies participants, beneficiaries, or enrollees of the retail locations, distribution sites, or other mechanisms for distributing tests, as well as which tests are available under the direct coverage program.
  • Tests Must Be Used and Processed Without Involvement of a Lab or Other Health Care Provider.  To the extent a COVID-19 test is not approved or authorized to be self-administered and self-read without the involvement of a health care provider (such as a test where a consumer collects a specimen at home and sends the specimen to be processed in a laboratory), the safe harbor guidance is not applicable.
  • Temporary Supply Shortage Will Not Destroy Ability to Rely on the Safe Harbor (i.e., the $12 OON cap).  The Departments will not consider a plan or issuer to be out of compliance with the safe harbor in FAQ Part 51, Q2 if it has established a direct coverage program that meets the requirements of that safe harbor as revised by Q1 of these FAQs Part 52 but is temporarily unable to provide adequate access through the program due to a supply shortage. In that circumstance, a plan or issuer that otherwise meets the requirements of the safe harbor may continue to limit reimbursement to $12 per test (or the full cost of the test, whichever is lower) for OTC COVID-19 tests purchased outside of the direct coverage program.
  • Plan May Disallow Reimbursement for Tests Obtained from a Private Individual.  In order to further discourage problematic behaviors that could limit access to consumers, a plan or issuer may establish a policy that limits coverage of OTC COVID-19 tests purchased without the involvement of a health care provider to tests purchased from established retailers that would typically be expected to sell OTC COVID-19 tests. Specifically, plans and issuers may disallow reimbursement for tests that are purchased by a participant, beneficiary, or enrollee from a private individual via an in-person or online person-to-person sale, or from a seller that uses an online auction or resale marketplace. Such a policy could include requiring reasonable documentation of proof of purchase that clearly identifies the product and seller, such as a UPC code or other serial number, original receipt from the seller of the test, or other documentation for the OTC COVID-19 test to verify that the item qualifies for coverage under section 6001 of FFCRA, or a requirement that the participant, beneficiary, or enrollee attest that the test has not been (and will not be) reimbursed by another source (including through resale). If a plan or issuer implements a policy that disallows reimbursement for OTC COVID-19 tests from certain resellers, the plan or issuer should provide information to participants, beneficiaries, or enrollees regarding the retailers from which purchased tests are generally covered by the plan or issuer and general information about the types of resellers for which participants, beneficiaries, and enrollees are not eligible for reimbursement of purchased tests under the plan or coverage. This does not modify the requirement of FAQs Part 51, Q4 that prohibits a plan or issuer from requiring individuals to submit multiple documents or implementing numerous steps that unduly delay a participant’s, beneficiary’s, or enrollee’s access to, or reimbursement for, OTC COVID-19 tests.

Unanimous Supreme Court Holds Retirement Plan Fiduciaries Must Monitor and Remove All Imprudent Investment Options

Last week, on January 24, the United States Supreme Court issued its much-anticipated decision in Hughes v. Northwestern University (“Hughes”), unanimously holding that retirement plan fiduciaries have a duty to continuously monitor retirement plan investment options and to remove all imprudent ones.  In its opinion, the Supreme Court made it clear that if there are imprudent investment options in a retirement plan (such as a 401(k) plan), plan fiduciaries cannot ignore them just because there are other prudent investment options.

Northwestern University offers two defined contribution retirement plans for its eligible employees.  Like many other similar plans, the plans’ fiduciaries select the investment options from which participating employees can choose to invest their retirement plan savings.  The plaintiffs in Hughes allege that the Northwestern University plan fiduciaries breached their duty of prudence under the Employee Retirement Income Security Act of 1974 (“ERISA”) by: (1) failing to monitor and control the fees paid by the plans for recordkeeping, resulting in unreasonably high costs to plan participants; (2) offering a number of mutual funds and annuities in the form of “retail” share classes that carried higher fees than those charged by identical “institutional” share classes; and (3) offering too many investment options (over 400) and thereby causing participants to be confused and make poor investment decisions.

The lower court (U.S. Court of Appeals for the Seventh Circuit) had dismissed the plaintiffs’ allegations because the court determined that the Northwestern University fiduciaries had provided an adequate array of choices, including the types of low-cost funds the plaintiffs wanted.  In the lower court’s view, the fact that participants could have chosen lower-cost funds destroyed any claim that the defendants had breached their fiduciary duty by leaving imprudent options in the plans.  In effect, the lower court determined that it did not matter that there were “bad” investment options in the plans’ investment menu – because there were also “good” ones that participants could have chosen during the relevant time.

In its decision, the Supreme Court unanimously rejected this participant-choice rationale – and made it crystal clear that ERISA requires plan fiduciaries to continuously monitor all plan investments and to remove any imprudent ones.

While the Supreme Court’s decision in Hughes is important, the Court did not address the arguably more-important issue that many in the employee benefits community had been hoping the Court would address:  What does a plaintiff in an ERISA excessive fee case have to plead in their complaint to survive a motion to dismiss?  In the past week, since the Hughes decision was issued, commentators are all over the place guessing about what the Court’s decision means for this important question.  Some commentators think the Hughes decision will make it more difficult for plaintiffs to bring these types of lawsuits.  Other commentators think the opposite.  Unfortunately, the opportunity has passed, for now, for the Court to resolve this question and lower courts will continue to struggle with it.

Free Over-the-Counter COVID Tests (if you can find them)

The Families First Coronavirus Response Act (FFCRA) was enacted on March 18, 2020, and generally requires group health plans to provide benefits for certain items and services related to COVID-19 testing when those items or services are furnished on or after March 18, 2020 and during the applicable emergency period.  Plans must provide this coverage without imposing any cost-sharing requirements (including deductibles, copayments, and coinsurance), prior authorization, or medical management requirements.

Less than 10 days later, the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) amended the FFCRA to include a broader range of diagnostic items and services that plans must cover without any cost-sharing requirements, prior authorizations, or other medical management requirements.

Then, in June 2020, the Departments of Labor, Health and Human Services, and the Treasury (collectively, the Departments) issued guidance stating that plans are required to cover COVID-19 tests intended for at-home testing, when the testing is ordered by an attending health care provider who has determined that the test is medically appropriate.  The Departments noted, at that time, that the Food and Drug Administration (FDA) had not yet authorized any COVID-19 diagnostic tests to be completely used and processed at home.  Since that time, however, the FDA has authorized additional diagnostic tests for COVID-19, including tests that can be self-administered and self-read at home.  These COVID-19 tests are now available over-the-counter (if you can find them) through pharmacies, retail stores, and online retailers (OTC Tests).

Last week, on January 10, 2022, the Departments issued updated guidance stating that the requirement for health plans to cover free OTC Tests is no longer limited to situations in which the individual has an order from a health care provider.  This updated guidance provides the following details:

  1. Free OTC Tests must be provided on or after January 15, 2022 through the end of the public health emergency.
  2. Plans are still not required to provide coverage for COVID-19 tests (including OTC Tests) that are for employment purposes (e.g., testing required under an employer return-to-work policy), as opposed to tests for diagnosis or treatment of COVID-19. Please note, however, that the employer may nonetheless be required to pay for such testing under applicable state law.
  3. A plan cannot limit coverage to OTC Tests that are provided through preferred pharmacies. A plan may, however, arrange for direct coverage of OTC Tests through its pharmacy network and a direct-to-consumer shipping program, and then otherwise limit reimbursement outside of the plan’s arrangement to $12 per test.  This reference to a “direct” arrangement means the participant (which, for this article, includes beneficiaries and other enrollees) is not required to seek post-purchase reimbursement, i.e., the plan must pay the pharmacy or retailer directly with no up-front cost to the participant.  While many plans are looking to set up such an arrangement and direct employees to get their OTC Tests through a preferred network provider (after negotiating a discounted rate from the provider), there is some concern among employers that such an arrangement will result in increased volume and thus increased costs.
  4. If a plan sets up the direct arrangement described above and then only pays $12 for OTC Tests that are obtained outside of the direct arrangement, the $12 per test must be calculated based on the number of tests in a package.
  5. If a plan sets up the direct arrangement described above, plans cannot impose any prior authorization or other medical management requirements on participants, and must take reasonable steps to ensure that participants have adequate access to OTC Tests through an adequate number of retail locations (including both in-person and online).
  6. If a plan sets up the direct arrangement described above, plans must ensure that participants are aware of key information needed to access OTC Tests, such as dates of availability of the direct coverage program and participating retailers or other locations.
  7. Plans can limit the number of OTC Tests covered for each participant, beneficiary, or enrollee to 8 tests per 30-day period or per-calendar month. Please note for example, that if a family has six members covered by the plan, this means the plan must pay for 48 OTC Tests per month.  For employers with a significant workforce, the financial projections – even assuming some actuarial reductions for likely usage – are staggering.
  8. A plan can require an attestation, such as a signature on a brief attestation document, that the OTC Test (a) was purchased by the participant for personal use, not for employment purposes; (b) has not been (and will not be) reimbursed by another source; and (c) is not for resale.

New Health Plan Disclosure Requirements Should Bring More Transparency

Ten years ago, the United States Department of Labor (“DOL”) published a final regulation under the Employee Retirement Income Security Act of 1974 (“ERISA”), which required retirement plan service providers to disclose information about the service provider’s compensation and potential conflicts of interest. Under that regulation, covered service providers to retirement plans are required to disclose: (a) the services they provide to the retirement plan; (b) all “direct compensation” (i.e., directly from the plan) the service provider, its affiliate or a subcontractor reasonably expects to receive in connection with their services; (c) all “indirect” compensation (generally, compensation from some source other than the plan or the plan sponsor) the service provider, its affiliate, or a subcontractor reasonably expects to receive; (d) any related-parties compensation that will be paid among the service provider, an affiliate, or a subcontractor that is set on a commissions, soft-dollar, finder’s-fee, or other similar basis; and (e) certain other information.

Largely as a result of this regulation, retirement plan fiduciaries know (or should know) exactly who is getting paid, how much, and why for services provided to their retirement plans. There are (or should be) no secrets. This allows retirement plan fiduciaries to have a very clear understanding of any potential conflicts of interest.

Unfortunately, because of the absence of similar rules, this has not always been the case for health plan fiduciaries. On the health plan side, the rules have not required the same level of disclosure and thus health plan fiduciaries have not always had the same level of insight into every type and amount of compensation that their service providers may be receiving. For example, some brokers or consultants might have previously received undisclosed “book of business” or “5500” bonuses, based on the overall volume of business that they have placed with a certain provider – without any clear requirement to disclose such compensation to their employer clients.  Thus, many health plan fiduciaries have not able to assess all potential conflicts of interest.

Because of new rules that became effective December 27, 2021, the health plan side of the business is changing. The Consolidated Appropriations Act, 2021 (the CAA), amended ERISA effective December 27, 2021 to require certain service providers to group health plans to disclose specified information to a responsible plan fiduciary about the direct – and indirect – compensation that the service provider expects to receive in connection with services to the plan. The new disclosure requirements apply to persons who provide “brokerage services” or “consulting” to ERISA-covered group health plans who expect to receive $1,000 or more in direct or indirect compensation. The disclosures are intended to provide plan fiduciaries with sufficient information to assess the reasonableness of the compensation to be received (before it is received) and any potential conflicts of interest.

About 10 days ago, the DOL issued Field Assistance Bulletin 2021-03 (“New FAB”) to clarify some important aspects of the new CAA requirement:

  1. Look to Retirement Plan Rules. The disclosure requirements for health plans are not identical to the requirements for retirement plans, but the New FAB provides that health plan fiduciaries can look to the retirement plan regulation and its requirements when evaluating what kind of information to expect and request from their health plan brokers and consultants.  Thus, health plan fiduciaries should ask their service providers to disclose the same level of detailed information that is required of retirement plan service providers.
  2. Insured and Self-Funded. The new health plan disclosure requirements apply to fully-insured and self-funded group health plans.
  3. Applies to Limited Scope Dental and Vision. The new disclosure requirements apply to limited scope dental and vision plans – not just group health plans.
  4. Not Just Licensed “Brokers” or “Consultants.” The new disclosure requirements apply to providers of “brokerage services” and “consulting” services. The FAB makes it clear that just because a service provider does not call itself a “consultant” or charge a “consulting” fee does not determine whether they have to comply with the new disclosure requirements. The DOL expects reasonable and good faith efforts. Service providers who reasonably expect to receive indirect compensation from third parties in connection with advice, recommendations, or referrals for any of the listed services, should comply with the new disclosure requirements and not try to label themselves as something other than a broker or consultant merely to avoid the rules.
  5. December 27, 2021. The new requirements apply to contracts entered into, renewed, or extended on or after December 27, 2021.

These new disclosure requirements should bring more transparency to the health plan side of employee benefits and allow plan fiduciaries to know and understand all the ways, direct and indirect, that everyone is getting paid. This will allow fiduciaries to identify and assess conflicts of interest.

New Health Plan Guidance Regarding Transparency Regulations and Last Year’s Budget Act

Late last Friday afternoon, the Departments of Labor, Health and Human Services, and the Treasury, issued some new frequently asked questions (FAQs) regarding implementation of the transparency in coverage (TIC) regulations and the Consolidated Appropriations Act of 2021 (CAA).

You might recall that the TIC regulations require group health plans to publish three machine-readable files for plan years beginning on or after January 1, 2022.  The TIC regulations also require an online shopping tool in plan years beginning on or after January 1, 2023.  Please see this blog article for a quick reminder of the TIC regulations:

You might also recall that the CAA imposes significant requirements on group health plans, including the No Surprises Act (NSA).  The NSA applies for plan years beginning on or after January 1, 2022.  Please see this blog article for a quick reminder of the CAA:

Last Friday’s FAQs provide important guidance regarding the TIC regulations and the CAA.  Here is a quick summary of some of the major points:

  1. Enforcement of Machine-Readable File Requirements.  The government intends to enforce the requirement that plans publish the three machine-readable files for plan years beginning on or after January 1, 2022 – subject to two exceptions:
    1. No Enforcement of Machine-Readable File Requirement Related to Prescription Drugs.  The third machine-readable file that must be disclosed under the TIC regulations requires disclosure of information related to prescription drugs.  The FAQs indicate that the government recognizes the overlapping requirements (issued after the TIC regulations) contained in the CAA – and intends to evaluate whether the prescription drug machine-readable file requirement remains appropriate.
    2. July 1, 2022 Delayed Enforcement Date for Machine-Readable File #1 and File #2.  The TIC regulations require disclosure of machine-readable files for in-network rates and out-of-network allowed amounts and billed charges, for plan years beginning on or after January 1, 2022.  The government is basically delaying enforcement of this rule until July 1, 2022.  For plans that have a plan year in 2022 that begins after July 1, 2022, this is not helpful.
  2. Self-Service Price Comparison Requirements.  The government recognizes that the TIC regulations require an online shopping tool for plan years beginning on or after January 1, 2023 – and the CAA also has similar-but-separate  requirements.  The government believes these requirements are duplicative except the CAA imposes an additional requirement that pricing information be available by telephone also, upon request.  The government intends to propose rulemaking requiring the same pricing information that is available online and in paper form (under the TIC regulations) will also be required by telephone.  Additionally, the government will not enforce the CAA price comparison requirements until the plan year beginning on or after January 1, 2023 – to align the compliance date of the TIC regulations with the compliance date of the CAA.
  3. ID Card Requirements Applicable to Plan Years On or After January 1, 2022.  The CAA requires plans to include on any physical or electronic ID card issued to participants and beneficiaries any applicable deductibles, any applicable out-of-pocket maximums, and a telephone number and a website address for individuals to seek consumer assistance.  These requirements apply for plan years on or after January 1, 2022.  The FAQs provide:
    1. No Regulations Coming.  The government does not intend to issue regulations addressing the ID card requirements prior to the effective date.
    2. Good Faith Is the Standard.  Until such guidance is ultimately issued, the government expects a good-faith, reasonable interpretation of the law.  This means:
      1. The information on ID cards must be reasonably designed and implemented to provide the required information to all participants, beneficiaries, and enrollees.
      2. The government will consider each of the specific data elements included on relevant ID cards; whether any data element required, but not included on the face of an ID card, is made available through information that is provided on the ID card, as well as the mode by which any information absent from the card is made available; and the date by which a plan makes required information available on ID cards.  As an example, the government would deem a plan to be in good-faith compliance where the plan includes on any physical or electronic ID card the following:
        1. the applicable major medical deductibles and out-of-pocket maximum;
        2. telephone number;
        3. website address for individuals to seek consumer assistance and access additional applicable deductibles and maximum out-of-pocket limits (additional limits could also be provided on a website accessed through a Quick Response code on the ID card or through a hyperlink in the case of a digital ID card).
  4. Advanced EOBs Effective Date Delayed.  The CAA requires an advanced EOB in certain circumstances for plan years on or after January 1, 2022.
    1. No Regulations Coming.  The government does not intend to issue regulations addressed the advanced EOB requirement prior to the effective date.
    2. But No Enforcement.  Because the government understands the complexity involved in the advanced EOB and related requirements, the government will not enforce this rule – so plans do not need to provide an advanced EOB for plan years beginning on or after January 1, 2022.
  5. No Gag Clauses.  As to the CAA requirements that generally prohibit plans from entering into an agreement that restricts the plan from disclosing cost and quality of care information, which were effective December 27, 2020, the government does not intend to issue regulations anytime soon – but does expect compliance.
  6. Provider Directory Requirements.  The CAA requires plans to establish a process to update and verify the accuracy of provider directory information, among other things.  These provisions apply for plan years beginning on or after January 1, 2022.  The government does not intend to issue regulations on these requirements any time soon.  Plans are expected to implement these provisions using a good faith, reasonable interpretation of the requirements, but this appears to require plans to financially stand behind any incorrect information given to plan participants.
  7. Deferred Disclosure Deadline for Pharmacy and Other Information.  The CAA requires plans to report certain prescription drug expense and other information to the government (e.g., 50 most frequently dispensed drugs; total number of paid claims for each drug; etc.) by December 27, 2021 – and then annually by June 1 (beginning June 1, 2022).  The government is not going to enforce the first deadline of December 27, 2021 or the second of June 1, 2022.  The government encourages plans to be working towards compliance by December 27, 2022 (for 2020 and 2021 data).

And The Hits Just Keep on Coming: New DOL Guidance on Cybersecurity

Today, the DOL announced new guidance for plan sponsors, plan fiduciaries, record keepers and plan participants on best practices for maintaining cybersecurity, including tips on how to protect retirement benefits.  This is the first time the department’s Employee Benefits Security Administration (EBSA) has issued cybersecurity guidance.

Below is what they released today with web links – and some quick-read bullet points for you below:

  1. Tips for Hiring a Service Provider with Strong Cybersecurity Practices
    • Plan sponsors should use service providers that follow strong cybersecurity practices.
    • Look for service providers that follow a recognized standard for information security and use an outside (third-party) auditor to review and validate cybersecurity.
    • Ask the service provider how it validates its practices, and what levels of security standards it has met and implemented. Look for contract provisions that give you the right to review audit results demonstrating compliance with the standard.
    • Find out if the service provider has any insurance policies that would cover losses caused by cybersecurity and identity theft breaches (including breaches caused by internal threats, such as misconduct by the service provider’s own employees or contractors, and breaches caused by external threats, such as a third party hijacking a plan participants’ account).
    • When you contract with a service provider, make sure that the contract requires ongoing compliance with cybersecurity and information security standards – and beware of contract provisions that limit the service provider’s responsibility for IT security breaches.  You should check to make sure you know what requirements your recordkeeper puts on plan participants in order for the participant’s account to be made whole by the recordkeeper if there is a theft (e.g., do they require two-factor authentication in order for the recordkeeper’s “guarantee” to apply?).
    • They identified a list of contractual provisions that your contract with service providers should contain.
    • I would go over this at your next plan committee meeting with your recordkeeper and any other service providers – and document the review in your minutes.
  2. Cybersecurity Program Best Practices
    • ERISA-covered plans often hold millions of dollars or more in assets and maintain personal data on participants, which can make them tempting targets for cyber-criminals. Responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks.
    • States that plan service providers should “conduct prudent annual risk assessments” and “[h]ave a reliable annual third party audit of security controls.”
    • Outlines what makes a prudent, well-documented cybersecurity program.
    • Again, ask your recordkeeper to provide a summary of how their program meets these standards – so your plan committee can be aware of that and document it for their minutes.
  3. Online Security Tips for Retirement Plan Participants
    • I would consider having your recordkeeper send tip sheet to plan participants asap.
  4. DOL Press Release

DOL Issued FAQs and Four Model COBRAs Yesterday – Take Action Right Now

Yesterday (April 7), the Department of Labor issued a series of frequently asked questions (“FAQs”) regarding the COBRA provisions of the American Rescue Plan of 2021 (“ARP”) – along with four model COBRA notices.  The FAQs clarify a number of issues.  Employers need to take action right now.

You might recall that on March 11, 2021, President Biden signed the ARP, which subsidizes the full COBRA premium for certain individuals for periods of coverage from April 1, 2021 through September 30, 2021.  To qualify for this free COBRA, individuals must: (1) have a COBRA-qualifying event that is a reduction in hours or an involuntary termination of employment; (2) elect COBRA coverage; (3) not be eligible for Medicare; and (4) not be eligible for coverage under any other group health plan (e.g., their new employer’s plan or their spouse’s plan).  As discussed in our March 15th blog post, this free coverage is also available to qualifying individuals who already lost coverage and who could have had COBRA coverage during the period from April 1, 2021 to September 30, 2021 (“Expired COBRA Participants”).  Expired COBRA Participants likely include individuals who lost coverage going all the way back to November 2019.

The ARP also imposes new related notice obligations and deadlines on employers.  The model notices issued yesterday are intended to help employers meet their obligations.

You might also recall that in late February, before the ARP, the Department of Labor released EBSA Disaster Relief Notice 2021-01 (“Notice 2021-01”), which extended (among other things) the deadlines for individuals to elect COBRA and pay for COBRA – by essentially giving every COBRA qualified beneficiary their own one-year period to make such an election or payment.  And that notice also has different notice obligations.

All of these rules, requirements, and notices make all of this way too complicated right now.  The following is an attempt to provide a quick summary and some recommendations:

  1. Employees Have One Year to Elect and Pay for COBRA

Notice 2021-01 provides disaster-related relief that extends, among other things, the deadline for qualified beneficiaries to elect and pay for COBRA.  Normally, qualified beneficiaries generally have 60 days to elect COBRA coverage.  For the period beginning March 1, 2020 through the end of the National Emergency (which is ongoing and we have no idea when it will end), Notice 2021-01 disregards the normal 60-day election period, and gives qualified beneficiaries until the earlier of (a) one year from the date they would normally have to elect COBRA, or (b) 60 days after the announced end of the National Emergency (the end of the “Outbreak Period”).  For example, if a qualified beneficiary would have been required to make a COBRA election by March 1, 2020 (the end of the normal 60-day election period), Notice 2021-01 delays that requirement until February 28, 2021, which is the earlier of one year from March 1, 2020 or the end of the Outbreak Period.

This extension works the same way with the COBRA premium payment deadline – and certain other deadlines like the normal 30-day deadline (under HIPAA special enrollment) to notify a plan and elect coverage due to a marriage, birth, or adoption.

  1. You Should Notify Affected Individuals of the One-Year COBRA Extension

For any individual who could benefit from the one-year extension described above, Notice 2021-01 states that plan administrators may need to revise their previously-issued COBRA election notice that was given to the individual before the recent extension – so that affected individuals are aware of their rights.  Thus, you likely need to determine who lost coverage and qualified for COBRA on or after March 1, 2020 and determine who needs to be sent a revised/updated notice that explains the one-year extension.

You need to do the same thing for anyone who could benefit from the same extended deadline to pay their COBRA premiums.

On a related note, Notice 2021-01 also indicates that plans should consider ways to ensure that participants who are losing coverage under their group health plans are made aware of other coverage options that may be available to them, including the opportunity to obtain coverage through the Health Insurance Marketplace in their state.

  1. You Should Consider Sending a General Notice to All Participants Explaining the One-Year Extension

You should consider sending a general notice to all plan participants explaining the one-year extension under Notice 202101 – so that participants understand their rights as it relates to HIPAA special enrollment, COBRA, and claims and appeal deadlines (which also have the same one-year extension).  You likely do not know all of the potential HIPAA special enrollment events that your employees may have already experienced, or will experience, so a general notice would notify a broader group than the targeted COBRA notices mentioned above under #2.

  1. Free COBRA Applies to All Group Health Plans – Except FSAs

The FAQs issued yesterday confirm that the free COBRA applies to all group health plans (except FSAs), including excepted benefits (e.g., dental).

  1. For Those Losing Coverage Between April 1, 2021 – September 30, 2021, You Need to Give Them a Notice Regarding the Free COBRA

The ARP requires employers to send a general notice to all qualified beneficiaries who have a qualifying event that is a reduction in hours or an involuntary termination of employment from April 1, 2021 through September 30, 2021.  This notice may be provided separately or with the COBRA election notice following a COBRA qualifying event.  There are specific requirements regarding what the notice must contain.

The DOL provided a model election notice for this yesterday, which you can find here:

  1. You Need to Send A Notice by May 31, 2021 to Qualifying Individuals Who Had A COBRA Event Before April 1, 2021 – Including Expired COBRA Participants

As mentioned above, certain Expired COBRA Participants – who lost coverage prior to April 1, 2021 and who either did not elect COBRA when it was first offered or who elected COBRA but then dropped the coverage – are also entitled to the free COBRA provided by the ARP.  These Expired COBRA Participants must receive a notice of the extended COBRA election period informing them of this free coverage opportunity.

For anyone else who qualifies for the free COBRA and who had a qualifying event before April 1, 2021, they too must receive a notice of their right to the free COBRA.

The notice must be provided to these individuals by May 31, 2021.  These individuals then have 60 days after the notice is provided to elect the free COBRA.

The DOL also provided a model notice for this, which you can also find at

  1. Free COBRA Reimbursed Directly to the Employer

Individuals who qualify for the free COBRA coverage do not have to pay any of the COBRA premium for the period of coverage from April 1, 2021 through September 30, 2021.  The premium is reimbursed directly to the employer through a COBRA premium assistance credit.

  1. No One-Year Extension of Deadline to Elect Free COBRA

For the individuals described above under #6, as mentioned they have 60 days after receiving the required notice to elect free COBRA.  The guidance issued yesterday makes it clear that this 60-day deadline is a real 60-day deadline, i.e., the one-year extension described above under #1 does not extend the 60-day deadline to elect free COBRA under the ARP.

  1. Don’t Forget to Amend Your Plan for All of the Above

You likely need to amend your plan to reflect all of the above, i.e., the one-year extension and the free COBRA.  Also, please don’t forget that you likely need to amend your plan to provide that COVID vaccinations are provided free with no cost sharing.  We have seen several plans lately that amended their terms last year to reflect free COVID testing but have not yet been amended to reflect the required free COVID vaccine benefit.

COBRA is Now Free and Very Complicated

Late last week, President Biden signed the American Rescue Plan Act of 2021 (“ARPA”), which makes COBRA continuation coverage free for certain qualifying-individuals and their families from April 1, 2021 to September 30, 2021.  This free coverage is available to those who lose group health plan coverage because either:

  1. they are terminated (not including resignations); or
  2. their hours are reduced.

So, all you have to do is remember this for those who become eligible for COBRA for one of these two reasons from April 1, 2021 to September 30, 2021, right?  No, it is not that easy.  This free coverage is also available to those who already lost coverage because of one of these two reasons and who could have had COBRA coverage during the period from April 1, 2021 to September 30, 2021 (“Expired COBRA Participants”).  Expired COBRA Participants would include those who either failed to elect COBRA coverage during their normal 60-day (but now-expired) election period and those who elected COBRA coverage but discontinued that coverage before April 1, 2021.  Expired COBRA Participants would likely include individuals going all the way back to November of 2019.

New Election Period.  Expired COBRA Participants have a new 60-day election period that begins April 1, 2021 to newly-elect COBRA, but this does not extend their normal COBRA period (e.g., if they were entitled to 18 months of COBRA because of a termination of employment that occurred in November of 2019, their coverage would still expire April 2021).

New Notice Requirement.  Employers are required to notify the individuals described above of this new free coverage and its availability, including Expired COBRA Participants.  The ARPA requires the federal government to issue a model notice for this purpose by April 10, 2021.

Bottom Line.  We suggest you immediately get with your COBRA administrator and make sure they are on top of these new rules.  You will want to identify individuals who could have been entitled to COBRA (because of job loss or reduction in hours) during the period from April 1, 2021 to September 30, 2021 – including Expired COBRA Participants – because you are going to have to give them a new notice and a new election period.  Given the very complicated guidance (DOL Notice 2021-01) we received a few weeks ago that basically gives every COBRA-qualifying individual their own one-year extended period to elect COBRA coverage, and that guidance’s own notice requirements (in addition to that described above), COBRA is now free and very complicated.

If you have any questions, including any questions about how the subsidy will be paid to the plan or plan sponsor, please let us know.

New IRS Guidance Provides Even More Flexibility for Cafeteria Plans, FSAs, and DCAPs

You might recall that in December 2020, Congress passed the year-end funding bill known as the Consolidated Appropriations Act, 2021 (“CAA”), which contained provisions that provide significant flexibility for flexible spending accounts (“FSAs”) and dependent care assistance plans (“DCAPs”) in 2020 and 2021.  Last week, on February 18, 2021, the IRS released Notice 2021-15 to clarify certain aspects of the CAA and to provide even more flexibility than that provided in the CAA.  Here is a brief overview of both the CAA and Notice 2021-15:


  1. 2020 FSA/DCAP CARRY OVER. For plan years ending in 2020, FSAs and/or DCAPs can allow participants to carryover any unused benefits for contributions remaining from 2020 in to the 2021 plan year.
  2. 2021 FSA/DCAP CARRY OVER. For plan years ending in 2021, FSAs and/or DCAPs can allow participants to carry over any unused benefits or contributions remaining from 2021 into the 2022 plan year.
  3. EXTENDED FSA/DCAP GRACE PERIOD. Employers can extend the FSA or DCAP grace period for the plan years ending in 2020 and/or 2021 to 12 months after the end of the year, with respect to unused benefits/contributions remaining at the end of the year. (This extends the permissible period for incurring claims.)
  4. POST-TERMINATION FSA REIMBURSEMENTS. Employers can allow an employee who ceases participation in the plan during calendar year 2020 or 2021 to continue to receive reimbursements from unused benefits or contributions through the end of the plan year when participation ceased (including any grace period).
  5. SPECIAL DCAP CARRY FORWARD. Typically, expenses may only be reimbursed under a DCAP for a qualifying child who has not attained age 13. Instead of the normal age 13 age limit, the CAA pushes the age limit to age 14 – during the plan year where the end of the regular enrollment period was on or before January 31, 2020 (i.e., enrollment period for 2020 plan year would have been in 2019). AND if there was an unused balance at the end of 2020, age 14 can be used in the 2021 plan year.
  6. PROSPECTIVE MODIFICATION FOR 2021 PLAN YEAR. For the plan year ending in 2021, an FSA or DCAP can allow an employee to make an election to prospectively modify the amount of employee contributions to the arrangement without regard to any change in status.
  7. PLAN AMENDMENT REQUIREMENT. A plan amendment must be adopted by the last day of the first calendar year beginning after the end of the plan year in which the amendment is effective (i.e., if amendment is effective 12/31/20, must adopt an amendment by 12/31/21).

  IRS Notice 2021-15

 IRS Notice 2021-15 restates and clarifies certain aspects of the CAA, and it also provides additional flexibility.  The following outlines most, but not all, of the Notice 2021-15 guidance.

  1. NEW CAFETERIA PLAN FLEXIBILITY. In addition to the CAA changes, this notice provides additional relief for mid-year elections for plan years ending in 2021.  Thus, a plan can allow employees to:
    • NEW ELECTION. Make a new election on a prospective basis, if the employee initially declined to elect coverage.
    • REVOKE ELECITON AND MAKE NEW ELECTION. Revoke an existing election and make a new election to enroll in different coverage prospectively.
    • REVOKE ELECTION IF OTHER COVERAGE. Revoke an existing election on a prospective basis if attest in writing that the employee is enrolled, or immediately will enroll, in other health coverage not sponsored by the employer.  Employer must get attestation.
  2. CAN LIMIT FSA/DCAP CARRYOVER. For the carryover authorized by the CAA (described above), an employer may limit the carryover to an amount less than all unused amounts and may limit the carryover to apply only up to a specified date during the plan year.
  3. EVEN IF HISTORICALLY NO CARRY OVER OR GRACE PERIOD. Even if the plan does not typically allow a carry over or have a grace period, it can be amended to add them, per the discussion above.
  4. IMPACTS HSA ELIGIBLITY. The Internal Revenue Code allows eligible individuals to establish and contribute to health savings accounts (“HSAs”).  To be an eligible individual, the individual must (among other requirements) not be covered under any health plan that is not a high-deductible health plan (“HDHP”).  Notice 2021-15 clarifies that the carryover of unused amounts to the 2021 plan year or the 2022 plan year is an extension of coverage by a plan that is not a HDHP. Thus, an individual cannot make HSA contributions during a month in which the individual participates in a general purpose FSA to which unused amounts are carried over.
  5. CAN ALLOW EMPLOYEES TO OPT OUT OF CARRYOVER. Employers may amend their plans to allow employees, on an individual basis, to opt out of the carryover or grace period to preserve HSA eligibility.
  6. CAN LIMIT GRACE PERIOD. Employer can adopt an extended grace period for incurring claims that is less than 12 months and may choose to adopt a period that ends before the last day of the plan year.
  7. CAN LIMIT POST-TERMINATION AMOUNT. For reimbursements that can occur post-termination (see #4 above under CAA discussion), the employer can limit the reimbursement available to only those salary reduction contributions made from the beginning of the plan year to the date the employee ceased to be a participant.
  8. GRACE PERIOD AND POST-TERMINATION. An employer that adopts the extended grace period may also allow employees who ceased participation earlier in the year (see #4 above under CAA discussion) to further extend the period for incurring claims, e.g., John terminated employment in 2020 and his employer extends the grace period for 2020 to the end of 2021 – which would allow John to also incur claims through the end of the extend grace period. But if the employer instead adopted the carryover (and not the extended grace period), John could not take advantage of the carryover.
  9. NORMAL RULES APPLY FOR CARRYOVERS AND GRACE PERIODS IN 2022 OR LATER. After 2022, the normal rules apply for carryovers and grace periods, e.g., the most that an employee may carryover from the 2022 plan year to 2023 is $550.