256% Increase in Large HIPAA Breaches Reported to OCR

The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) enforces the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security, and Breach Notification Rules, which set forth the requirements that HIPAA-covered entities (including health plans) and their business associates must follow to protect the privacy and security of protected health information – and the required notifications to HHS and affected individuals following a breach.

According to a recent “Dear Colleague” letter addressing the “unprecedented” cybersecurity incident impacting Change Healthcare, over the past five years, there has been a 256% increase in large breaches reported to OCR involving hacking and a 264% increase in ransomware.  Given the world we live in where cyber attacks seem to be all around us, this is not surprising.  Both the Dear Colleague letter and a subsequent set of OCR frequently asked questions state that OCR only has a “secondary” interest in group health plans and business associates who partnered with Change Healthcare, but that means there is some interest – and at some point, group health plans and their business associates may become the center of attention and need to demonstrate their compliance with the law.

Health plan fiduciaries should take note of this and take action now – not only to ensure compliance with any related notice requirements – but also to ensure updated business associate agreements are in place with all business associates.  This is also a really good time for employers and health plan fiduciaries to have conversations with all of their vendors (networks, third-party administrators, PBMs, etc.) about how they protect data, what they are doing to mitigate efforts by criminals to access confidential data, and what their process is to respond to a security incident.  Health plan fiduciaries should document this analysis and these conversations to be able to prove that they take their obligations serious.

New Lawsuit Alleges Mismanagement of Prescription Drug Benefits by ERISA Fiduciaries

A lawsuit filed on February 5, 2024 against Johnson and Johnson and its health plan fiduciaries (U.S.D.C. – New Jersey, 24-cv-00671) is a good reminder that the fiduciary duties that exist under the Employee Retirement Income Security Act of 1974 (“ERISA”) do not just apply to qualified retirement plans.  They apply to ERISA health and welfare plans too.  There is likely a very strong “rest of the story” to the allegations in this lawsuit and Defendants will no doubt vigorously dispute and defend this case, but the allegations in this new Class Action Complaint give employers and their plan fiduciaries much to think about.

ERISA provides that anyone who exercises discretionary authority or discretionary control respecting management of an ERISA plan, or exercises any authority or control respecting management or disposition of plan assets, is a “fiduciary.”  Thus, the persons who select and monitor a plan’s service providers are likely fiduciaries.  Examples of service providers for a group medical plan would include a plan’s network, third-party administrator, pharmacy benefit manager, and consultant/broker.

A fiduciary of an ERISA plan has significant fiduciary duties including the “duty of prudence,” which requires a fiduciary to act “with the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent man acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims.”  Generally, this duty likely requires fiduciaries to engage in a prudent process to evaluate and monitor service providers.  Fiduciaries are typically very good at doing this on the qualified retirement plan side, but are not always as good or thorough on the health and welfare plan side (or at least not as good at documenting their good work).

The Plaintiffs in the Johnson and Johnson case allege the Defendant fiduciaries breached their fiduciary duties and mismanaged the plan’s prescription-drug benefits, which cost the plans and their employees millions of dollars in the form of:

  1. higher payments for prescription drugs;
  2. higher premiums;
  3. higher deductibles;
  4. higher coinsurance;
  5. higher copays; and
  6. lower wages or limited wage growth.

Among the allegations in the Class Action Complaint, Plaintiffs allege that someone with a 90-pill prescription for one generic drug could fill that prescription without insurance for between $28.40 – $77.41, and yet, they allege, the Defendant fiduciaries contractually agreed to have the plan pay $10,239.69 for the same 90-pill prescription.

At its core, the lawsuit appears to be fundamentally about whether the Defendant fiduciaries should have done a better job of evaluating, selecting, and monitoring their pharmacy benefit manager and the related contracts.  Among other things, Plaintiffs allege that prudent fiduciaries:

  1. negotiate with their PBMs to minimize or eliminate any portion of rebates or other financial concessions from manufacturers that the PBM retains instead of passing through to the plan;
  2. ensure their PBM contract is written with sufficient precision that the PBM cannot hide or obscure these rebates without passing them through to the plan;
  3. select carefully among PBMs, analyzing their member base and each PBM’s offerings to decide which PBM and which payment model will be most beneficial and most cost-effective for their plan;
  4. negotiate favorable terms with PBMs and continually supervise their PBM’s actions to ensure that the plan is minimizing costs and maximizing outcomes for beneficiaries;
  5. retain sufficient control over their plans’ formularies to prevent the PBM from making formulary decisions that serve the PBM’s interests but not the plan’s interests;
  6. periodically attempt to renegotiate their PBM contracts and/or conduct an open RFP process to solicit proposals from other PBMs and ensure that they have the best possible deal for the plan and plan beneficiaries;
  7. ensure that any consultant that they hire to help them select and negotiate with a PBM does not have conflicts of interest that would prevent it from offering objective advice to the plan and operating a truly open RFP process;
  8. would not hire a consultant who was receiving kickbacks or other forms of compensation from the PBM it was selecting or negotiating with;
  9. exercise, and are required to exercise, independent, prudent, and impartial fiduciary judgment even on matters for which they receive advice from their consultants;
  10. will replace brand-name drugs on the formulary when lower-cost, FDA-approved generics become available; and
  11. are aware of the conflicts of interest that PBMs have in making formulary decisions.

The same “hindsight is 20/20” arguments that have been successfully made on the qualified retirement plan side (in defense of fee and investment-performance litigation) will likely be made here, but this new lawsuit gives us much to think about – not just with the way fiduciaries select and monitor PBMs but also the way fiduciaries select and monitor other medical plan service providers like networks, third-party administrators, and consultants/brokers.

New guidance answers questions for retirement plan sponsors

In late December 2023, the Internal Revenue Service provided additional guidance in the form of questions and answers (“Q&As”) with respect to certain key qualified retirement plan provisions of the Consolidated Appropriations Act, 2023, known as the SECURE 2.0 Act of 2022 (“SECURE 2.0”).

For 401(k) plan sponsors, here are a few items of interest:

  1. Small Financial Incentives. Something known as the “contingent benefit rule” has long provided that a plan cannot condition any other benefit (other than matching contributions) on whether an employee makes 401(k) deferrals.  Section 113(a) of SECURE 2.0 changed this to allow an employer to provide a “de minimis” financial incentive to employees to encourage them to make deferrals and save for their retirement.  One question left unanswered by SECURE 2.0 was what that means, i.e., is a “de minimis” financial incentive $50, $500, $5,000, etc.?  The new Q&As answer that by defining “de minimis” as no more than $250.  The Q&As also make it clear that employers cannot give this incentive to employees who are already making 401(k) deferrals.
  2. Terminal Illness Distributions. Section 326 of SECURE 2.0 allows a terminally ill individual to receive a distribution from a qualified retirement plan and avoid the 10% early distribution penalty that normally applies to distributions before age 59.5.  For this purpose, a terminally ill individual is someone who has been certified by a physician as having an illness or physical condition that can reasonably be expected to result in death in 84 months or less.  The new Q&As provide many additional details regarding these distributions.  Most notably, the Q&As clarify that retirement plans are not required to permit these distributions – AND plans cannot even allow the distributions unless the employee is otherwise eligible for a permissible in-service distribution.  For example, a 401(k) plan may distribute a terminally ill individual distribution to an employee who is otherwise eligible for a hardship or disability distribution.  This is a little weird because SECURE 2.0 thus provides an exception to the 10% excise tax for a distribution that is not, by itself, even allowed.
  3. SECURE 2.0 Amendment Timing. The Q&As extend the deadline for plan sponsors to amend their plans for SECURE 2.0.  Non-governmental plans now have until December 31, 2026.  Collectively bargained plans have until December 31, 2028.  And governmental plans have until December 31, 2029.
  4. Employer Contributions as Roth Contributions. SECURE 2.0 gives a plan sponsor the option to add a plan provision allowing employees to designate vested employer contributions (e.g., matching contributions) as Roth contributions.  The Q&As provide quite a few details regarding this optional feature, including clarifying that (a) any such employer contributions are excluded from wages under section 3401(a) for purposes of federal income tax withholding; and thus (b) an employee who designates an employer contribution as a Roth contribution may need to increase their withholding or make estimated tax payments to avoid an underpayment penalty.

Employee Benefit Rules – the Gifts That Keep on Giving

As employers look back at 2023 and ahead to 2024, there are so many compliance-related items to consider relating to their employee benefit plans.  The rules employers are supposed to be complying with keep growing and growing – they literally are the gifts that keep on giving (and changing).  Here are some of the key items to consider at this time:

  1. Health Plans: Gag-Clause Attestation Due December 31, 2023.  Self-funded group health plans are now prohibited from entering into an agreement with a health care provider, network, third-party administrator, or other service provider offering access to a network of providers that would directly or indirectly restrict a plan from providing provider-specific cost or quality of care information or data, through a consumer engagement tool or any other means, to (a) referring providers, (b) the plan sponsor, (c) participants, (d) beneficiaries, (e) enrollees, or (f) individuals eligible to become participants, beneficiaries, or enrollees of the plan.  There are other related requirements.  Plans must now annually submit an attestation of compliance with these requirements to the Departments of Labor, Health and Human Services, and the Treasury (collectively, the Departments).  The Centers for Medicare & Medicaid Services is collecting these on behalf of the Departments.  The first gag-clause attestation is due December 31, 2023.  Employers and/or their plan fiduciaries need to ensure this is handled asap.
  2. Retirement Plans: Increased Cash-Out Limit Option January 1.  Many defined contribution retirement plans – such as 401(k) plans – automatically cash out small account balances when a participant terminates employment.  Currently, an employer can force a terminated participant with a balance of $5,000 or less to take a distribution.  Effective January 1, 2024, plan sponsors can optionally push this to $7,000 – thereby forcing out more small account balances.  Terminated participants with small account balances often create “missing participant” issues later when plan administrators cannot find them.  Employers and/or their plan fiduciaries should consider now whether they want to increase this cash-out limit.
  3. Health Plans: Mental Health Parity Comparative Analysis Required Now.  The mental health parity rules are intended to provide people covered by group health plans that include mental health/substance-use-disorder benefits access to treatment for covered mental health conditions (such as anxiety or post-traumatic stress disorder) or substance use disorders that is comparable to treatment for covered medical/surgical conditions (such as diabetes or heart disease).  When the relevant statute was amended a few years ago, a provision was added that requires plans to perform and document a comparative analyses of the design and application of their non-quantitative treatment limitations (e.g., pre-certification or medical management standards) to demonstrate parity and provide those analyses to the Secretaries of the Departments upon request.  Employers and/or their plan fiduciaries are supposed to have already done this but this required comparative analysis is very difficult to put together and few plans have done it and/or done it correctly.  On July 25, 2023, new proposed rules were issued that, if finalized, will add a number of additional related rules and will only give plans a minimum of 10 business days to respond to a request from the government for the comparative analysis.  These proposed rules will likely be finalized in 2024 and will likely be effective in 2025.  Employers and/or their plan fiduciaries should be working on this right now.  This is absolutely critical as the comparative analysis will likely be a focus of any government inquiry or audit now and going forward.  It is very unlikely that your consultant and/or TPA will do this for you without you asking and pushing.
  4. Retirement Plans: Student Loan Matching Contributions Allowed January 1.  For plan years beginning after December 31, 2023, an employer may “match” a qualified student loan payment made by an employee outside of a qualified retirement plan up to a certain limit.  The employee must certify that the payment on the loan was made.  This is an optional addition to a retirement plan.  While employers and/or their plan fiduciaries can technically consider adding this to their plan for 2024, very few have done so so far.  Employers and/or their plan fiduciaries should discuss this optional feature with their consultant and/or recordkeeper.
  5. Health Plans: PBM Legislation Increasing Costs on Employers and Employees.  Many states have passed legislation regulating pharmacy benefit managers (PBMs), the third-party intermediaries between pharmacies and health plans.  Arkansas and Oklahoma have been on the front lines of this issue.  For example, in 2019, the Oklahoma legislature unanimously passed the Patient’s Right to Pharmacy Choice Act.  While the Act was allegedly intended to target PBMs, it also resulted in significant cost shifting to self-funded employers and their employees.  On August 15, 2023, a panel of the United States Court of Appeals for the Tenth Circuit ruled in part that several of the Act’s key provisions – including a provision that effectively prohibited an employer from incentivizing an  employee to use one pharmacy (e.g., mail order) instead of another (e.g., retail) – are preempted by the Employee Retirement Income Security Act of 1974 (ERISA).  The Oklahoma Insurance Commissioner then filed a petition for rehearing en banc asking for reconsideration.  On December 12, 2023, the Tenth Circuit entered an order stating:  “The petition for rehearing en banc was transmitted to all of the judges of the court who are in regular active service. As no member of the panel and no judge in regular active service on the court requested that the court be polled, that petition is also denied.” (emphasis added).  Thus, the challenged provisions of the Act remain preempted, which is great news for employers and employees.  New proposed legislation is being considered at the federal level, and in many states, that could have a significant impact on employers and employees.  Employers and/or their plan fiduciaries should keep a watchful eye on all proposed “PBM” legislation.
  1. Health Plans: Prescription Drug Reporting Due June 1.  The Internal Revenue Code, ERISA, and the Public Health Service Act were all previously amended to require group health plans to report certain information related to prescription drugs and other health care expenditures.  This information includes, among other things, general information regarding the plan; the 50 most-frequently-dispensed brand prescription drugs; the 50 most-costly prescription drugs by total annual spending; and the 50 prescription drugs with the greatest increase in plan expenditures over the preceding plan year.  The deadline to report for the 2023 calendar year is June 1, 2024.  Employers and/or their plan fiduciaries must keep this deadline on their radar and ensure that their plan meets the deadline.
  1. Health Plans: Online Shopping Tool Required for All Covered Items and Services Effective January 1.  The transparency in coverage final rules require non-grandfathered group health plans to make cost-sharing information available to participants, beneficiaries, and enrollees through an internet-based self-service tool and in paper form, upon request. This information was first required to be made available for plan years beginning on or after January 1, 2023, with respect to the 500 items and services identified by the Departments.  Effective for plan years beginning on or after January 1, 2024, this online shopping tool is required to include all covered items and services (not just 500 as it was in 2023).  Employers and/or their plan fiduciaries should ensure their plan is compliant with this requirement.
  2. Health Plans: Prescription Drug Machine-Readable Files.  The transparency in coverage final rules also require non-grandfathered group health plans to disclose on a public website information regarding in-network provider rates for covered items and services, out-of-network allowed amounts and billed charges for covered items and services, and negotiated rates and historical net prices for covered prescription drugs in three separate machine-readable files.  The machine-readable file requirements are applicable for plan years beginning on or after January 1, 2022.  On August 20, 2021, the Departments released FAQs announcing the deferral of enforcement regarding certain requirements, including the requirement that plans publish machine-readable files related to prescription drugs, pending further consideration by the Departments.  On September 27, 2023, the Departments announced that they have rescinded their prior decision/policy of deferring enforcement of the prescription drug machine-readable file requirement. The Departments will now address enforcement decisions on a case-by-case basis, as the facts and circumstances warrant, and also intend to develop technical requirements and an implementation timeline in future guidance.  Thus, employers and/or their plan fiduciaries need to be talking to their consultant and PBM now about compliance with the machine-readable file requirement related to prescription drugs.

IRS guidance provides breathing room for implementing SECURE 2.0 Act catch-up contribution rule

As you probably already know, qualified retirement plans are permitted, but are not required, to allow participants who are age 50 or older to make additional elective deferrals (including designated Roth contributions), known as “catch-up” contributions.  For most plans, the catch-up contribution limit for 2023 is $7,500.

Last year, President Biden signed into law far-reaching retirement plan legislation known as SECURE 2.0 Act that included many new rules for employers and their qualified requirement plans.  One of the new rules, Section 603 of the SECURE 2.0 Act, specifically targets catch-up contributions.  This new rule generally provides that effective January 1, 2024, plan participants age 50 or older who earn more than $145,000 annually and who decide to make catch-up contributions must do so on a Roth basis, using after-tax money.

Although seemingly straightforward, this new rule creates administrative complexities that made its implementation difficult for plan sponsors.  For instance, employee benefit professionals recognized that in order to comply with the new rule, plan sponsors needed to quickly identify those participants age 50 or older who earned more than $145,000 the previous year and potentially adjust their payroll systems and plans.

IRS delays implementation deadline by two years

Just last Friday, the IRS released Notice 2023-62, “Guidance on Section 603 of the SECURE 2.0 Act with Respect to Catch-Up Contributions,” that provides welcome guidance on the new catch-up contribution rules.  Most importantly, the Notice grants a two-year delay in the provision’s effective date so catch-up contributions can now be made on a pre-tax basis through 2025, regardless of income.  This new transition period provides plan sponsors breathing room to implement the new catch-up contribution rules.

The Notice’s comment period runs through October 24, 2023, after which time the Treasury Department and the IRS intend to issue further guidance on Section 603 of the SECURE 2.0 Act.

McAfee & Taft’s Employee Benefits & Executive Compensation attorneys will continue to monitor for updates to SECURE 2.0 Act and consider their impact on plan sponsors and their plans.

401(k) Matching for Student Loan Payments Finally Arrives

In this economic environment, employers are doing almost anything to attract and retain a quality workforce. Improving the suite of employee benefit offerings, sometimes without incurring major new expenditures, is top of mind for many.

Enter SECURE 2.0, which includes a long-awaited 401(k) feature that has sparked employer interest for years.

What is it?

The new legislation lets employers treat an employee’s payments toward student loan debt as if they were 401(k) contributions. Employers are permitted to make “matching contributions” into the employee’s plan account even though the employee didn’t contribute anything to the plan. This is a discretionary feature and is not required.

Why would an employer consider adding this feature to its plan?

This could be a win-win for employees and employers. Employees are incentivized to pay down a potentially large student loan debt burden while simultaneously saving for retirement. Employees would not have to choose between paying down student loans and, on the other hand, making 401(k) deferrals in order to receive the match.

For employers, although it might mean making a matching contribution when it otherwise would not (for example, if an employee chose to make loan payments rather than elective deferrals), it would almost certainly be a unique benefit offering, and the matching contributions are deductible in the same manner as a traditional match.

Only “qualified student loan payments” count.

Matching contributions may only be made on account of a qualified student loan payment. That’s defined as a payment made by an employee in repayment of a qualified education loan incurred by the employee to pay qualified higher education expenses.

The amount of student loan payments that may be matched cannot be greater than the normal Code § 402(g) limit for the year (for 2023, that’s $22,500), reduced by any regular elective deferrals the employee makes during that plan year.

A qualified student loan payment generally must meet the requirements of Code § 221(d)(1). The loan must be incurred solely to pay qualified higher education expenses:

  1. which are incurred on behalf of the taxpayer, or his spouse or dependent, as of the time the indebtedness was incurred,
  2. which are paid or incurred within a reasonable period of time before or after the indebtedness is incurred, and
  3. which are attributable to education furnished during a period during which the recipient was an eligible student (which is a defined term).

It also includes loans to refinance loans that meet the above requirements. It does not include a loan from a relative or a loan from a retirement plan.

For verification, employers must have the employee certify, at least annually, that the employee’s loan payments were made to a qualifying loan.

What are “qualified higher education expenses?”

These are generally expenses related to enrollment or attendance at an eligible postsecondary school. Very generally, it includes (1) tuition and fees; (2) books, supplies, and equipment; and (3) room and board. Other related items can potentially be included as well, like computers and internet service, but the expenses are only qualified higher education expenses if the student is enrolled at least half-time.

Although the rules for determining “qualified student loan payments” and “qualified higher education expenses” seem complex, employers are permitted to rely on the employee certification that the loan meets these requirements. Employers would be wise to distribute information on these rules with the certification so employees can make an informed decision, but the requirements should be familiar since they are similar to those for the student loan interest deduction on employees’ personal tax returns.

As of right now, it appears that the employee certification is sufficient to protect the plan’s qualified status, but guidance from the IRS confirming that piece would be welcome.

Would this hurt the plan’s nondiscrimination testing?

No. Congress included special nondiscrimination testing rules to ensure student loan matches would not hurt testing. Plans are permitted to test separately the employees who receive a regular match from those who receive a student loan match. More guidance from the IRS on this piece would also be welcome.

Are there any other important things to know?

Here are a few:

  • The matching contribution for student loan payments must be the same as for elective deferrals.
  • Employees receiving the student loan match must otherwise be eligible to participate in the plan and receive a regular match.
  • All employees eligible to receive a regular match must also be eligible to receive a student loan match.
  • The student loan match must vest in the same manner as a regular match.
  • After the effective date, this feature can be implemented into 401(k), 403(b), SIMPLE IRA, and 457(b) plans (including plans sponsored by governmental employers). However, existing plans will almost certainly need to be amended before implementation.

When can this be implemented?

This new feature can be effective for plan years beginning after December 31, 2023. For plans with a calendar year plan year, that means no sooner than January 1, 2024. The IRS will most likely promulgate regulations to tighten up these rules closer to the effective date (and hopefully before).

That’s a long time from now. What can we do now?

If 2024 is too long to wait, employers could consider implementing a student loan reimbursement program. Buried in the CARES Act from 2020, Congress expanded the rules for qualified education assistance programs. Those programs typically reimburse employees for these same types of education-related expenses, but Congress expanded the program to also permit reimbursements for student loan payments made before January 1, 2026. An employer’s reimbursement of student loan payments can be made to the employee on a tax-free basis up to $5,250 per year.

However, there are various requirements under Code § 127 that must be met before implementing a student loan reimbursement program. For example, employers should have a program document in place, and the design can be affected for employers that already have a qualified education assistance program in place.

Important, New, Year-End Changes Impacting Employers and their Employee Benefit Plans

While many were out last week finishing up their last-minute Christmas shopping, Congress passed the highly-anticipated retirement plan legislation known as “SECURE Act 2.0” and the U.S. Departments of Labor, Health and Human Services, and Treasury (the “Departments”) issued good-faith relief from the troublesome prescription-drug reporting that is otherwise due December 27, 2022.  There are too many provisions to cover comprehensively (SECURE Act 2.0, by itself, is hundreds of pages long), but the following provides a summary of various highlights.

New Retirement Plans Laws

SECURE Act 2.0 includes a number of new rules and opportunities for employers and their qualified retirement plans, including:

  1. Increased Age for Required Minimum Distributions. The current age at which a qualified retirement plan must start forcing distributions for many participants is age 72.  For any individual who attains age 72 after December 31, 2022, and age 73 before January 1, 2033, the new applicable age is 73.  For an individual who attains age 74 after December 31, 2032, the applicable age is 75.
  2. Increased Catch-Up Contribution Limit for Ages 60-63. For 2022, participants who were at least 50 years old were able to save an additional $6,500 (on top of the $20,500 limit that applied to all participants).  This limit increases to $7,500 for 2023.  Starting with the 2025 tax year, SECURE Act 2.0 pushes the limit even further for individuals between the ages of 60-63 to the greater of (a) $10,000, or (b) 150% of the regular catch-up amount for 2024.
  3. Catch-Up Contributions = Roth. For tax years after December 31, 2023, catch-up contributions (for those ages 50 or older) must be made on a Roth basis, except for an eligible participant whose wages for the preceding calendar year do not exceed $145,000 (indexed for inflation).
  4. Student Loan Payments Outside Retirement Plan Can Be Matched Inside Retirement Plan. For plan years beginning after December 31, 2023, an employer may “match” a qualified student loan payment made by the employee outside the plan up to a certain limit.  The employee must certify that the payment on the loan was made.  The Secretary of the Treasury must permit employers to establish reasonable procedures for an employee to claim these matching contributions, including an annual deadline for an employee to make a claim.
  5. Employers Can Give Small Gift Cards to Employees to Incentivize 401(k) Deferrals. Employers can give employees a de minimis financial incentive outside of the retirement plan (such as a gift card) to encourage employees to make 401(k) deferrals within the plan.
  6. New Emergency 401(k) Distribution Feature. For plan years beginning after December 31, 2023, a retirement plan participant can take – generally, once every three years – a penalty-free distribution of up to $1,000 for emergency personal or family expenses.  This new emergency distribution can be repaid to the plan within three years.
  7. Part-Time Workers Eligible Earlier. A qualified retirement plan must now generally allow a part-time employee to make 401(k) deferrals if they have completed 500 hours of service in two consecutive 12-month periods.
  8. New Emergency Savings Accounts. A sponsor of a defined contribution retirement plan can include in its plan an emergency savings account for non-highly compensated employees, and can fund such accounts through automatic enrollment.  Contributions to these accounts are capped at $2,500 and must be funded after-tax with Roth contributions.  Participants must be allowed to withdraw funds at least once per calendar month.
  9. New Retirement Savings Lost and Found. Within two years, the U.S. Department of Labor must establish an online searchable database to be known as the “Retirement Savings Lost and Found”.  This will allow an individual to search for information and locate the administrator of any plan for which the participant is or was a participant or beneficiary.
  10. Increased Mandatory Distribution Limit. Currently a retirement plan sponsor can distribute a terminated participant’s account, without the participant’s consent, if their balance does not exceed $5,000.  SECURE Act 2.0 pushes this to $7,000.
  11. New Distribution Available for Victims of Domestic Abuse. On or after January 1, 2024, a domestic abuse victim can take a qualifying distribution of up to the lesser of (a) $10,000; or (b) 50% of their vested plan account balance.  A distribution qualifies if it is made within the one-year period beginning when the individual is a victim of domestic abuse by a spouse or domestic partner.  Any such distributed amount may be repaid to the plan.
  12. Matching & Nonelective Contributions Can Be Treated as Roth Contributions. A qualified retirement plan may allow employees to designate employer matching contributions or nonelective contribution as Roth contributions.
  13. New 401(k) Plans Must Have Automatic Enrollment. A new retirement plan will not be treated as a qualified 401(k) plan unless the plan contains an “eligible automatic enrollment feature” that automatically enrolls participants at a 3% minimum deferral amount and then increases the automatic-deferral percentage by 1% each year thereafter (up to 10% for plan years ending before 2025 and 15% for plan years thereafter).  Existing retirement plans, governmental plans, and church plans are exempt from this requirement.
  14. Changes to Saver’s Match. An eligible individual who makes qualified retirement savings contributions for a tax year will potentially qualify for a matching contribution that will be paid to the retirement plan by the federal government.  The amount of the matching contribution will be as much as 50% of elective deferrals that do not exceed $2,000.  The calculation is tricky and the amount of the potential match phases out based on income.
  15. Indian Tribal Government Domestic Relations Orders. Under SECURE Act 2.0, a domestic relations order issued by an Indian tribal government may qualify as a “qualified domestic relations order” just like a domestic relations order of a State.

Please note that the applicability of these provisions may vary based on the type of qualified retirement plan, e.g., 401(a) plan, governmental plan, church plan, etc.  Also, please remember this is just a summary – there are numerous details regarding each of these new rules and opportunities.

Prescription Drug Reporting: Good-Faith Relief and Extended Grace Period

The Internal Revenue Code, the Employee Retirement Income Security Act of 1974, and the Public Health Service Act were all previously amended to require group health plans to report certain information related to prescription drugs and other health care expenditures.  This information includes, among other things, general information regarding the plan; the 50 most-frequently-dispensed brand prescription drugs; the 50 most-costly prescription drugs by total annual spending; and the 50 prescription drugs with the greatest increase in plan expenditures over the preceding plan year.

Under prior guidance, the deadline to report this information for the 2020 and 2021 reference years is December 27, 2022.  Last Friday, December 23, 2022, the Departments issued much-needed relief stating they will not take enforcement action with respect to any plan that uses a good faith, reasonable interpretation of the regulations and the Prescription Drug Data Collection (RxDC) Reporting Instructions in making its submission.  The Departments are also providing a submission grace period through January 31, 2023, and will not consider a plan to be out of compliance with these requirements provided that a good faith submission of 2020 and 2021 data is made on or before January 31, 2023.

How Changes to the “Family Glitch” Affect Workplace Health Plans

The IRS finalized new rules that change eligibility requirements for the premium tax credit (PTC) created under the Affordable Care Act. It is now easier for an employee’s family members to enroll in subsidized health insurance through an exchange. Related guidance creates a new mid-year cafeteria plan election change event to help family members move to subsidized exchange coverage. 


The PTC was created to subsidize health insurance obtained through an exchange. Generally, household income must be between 100-400% of the federal poverty line to qualify for a PTC. But, if an employee is eligible for a workplace health plan that offers “affordable” self-only coverage and provides minimum value, no family members are eligible for a PTC. Coverage is affordable if the employee premium for self-only coverage does not exceed 9.12% of household income in 2023. 

Put simply, the cost of family coverage is not considered to determine whether a workplace health plan is affordable. If the cost of employee-only coverage is affordable, the entire family is ineligible for a PTC. Industry insiders informally termed this the “family glitch.” 

New Regulations

Now, solely for purposes of claiming the PTC, if the employee cost for family coverage is not affordable, the employee may claim a PTC to subsidize insurance obtained through an exchange for family members.

This change only affects a family’s eligibility for the PTC – the rules for assessing an employer shared responsibility payment (ESRP) did not change. ESRP liability continues to be measured solely against the cost of self-only coverage. Premiums for family coverage may exceed the affordability threshold without risking ESRP exposure. 

These rules are effective for tax years beginning after December 31, 2022. 

Cafeteria Plan Change

Generally, employers must have a cafeteria plan to permit employees to pay premiums on a pre-tax basis. Cafeteria plans also dictate when employees may make mid-year election changes. Now, non-calendar year cafeteria plans may permit family members to drop coverage mid-year and enroll in exchange coverage. This change is optional. 

Note that many cafeteria plans permit all election changes that are permitted by law, which means the cafeteria plan might automatically permit this new mid-year election change when it becomes effective. Employers should review their plan to ensure it will be operated consistent with its terms. 

The new cafeteria plan rules are effective as of January 1, 2023.

Overturning of Roe v. Wade creates challenging legal issues for self-funded health plan sponsors

On Friday, June 24, 2022, the U.S. Supreme Court issued its decision in Dobbs v. Jackson Women’s Health Organization, and overruled Roe v. Wade and Planned Parenthood of Southeastern Pa. v. Casey.  In doing so, the Court held that the U.S. Constitution “does not prohibit the citizens of each State from regulating or prohibiting abortion.”

While abortions remain legal in a number of states (California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nevada, New Jersey, New Mexico, New York, Oregon, Pennsylvania, Rhode Island, Vermont, Washington and Wisconsin), as many as 26 states are expected to ban or limit access to abortions now or in the future.

Oklahoma, for example, generally makes it a felony for a physician to administer or assist with an abortion.  21 Okla. Stat. § 861.  Oklahoma also recently enacted the Oklahoma Heartbeat Act (“OHA”), which establishes a private civil cause of action as follows:  “Any person, other than the state, its political subdivisions, and any officer or employee of a state or local governmental entity in this state, may bring a civil action against any person who . . . Knowingly engages in conduct that aids or abets the performance or inducement of an abortion including paying for or reimbursing the costs of an abortion through insurance or otherwise . . . . “  63 Okla. Stat. § 1-745.39(A)(2) (emphasis added).

As applied to employers and their self-funded group health plans, laws like the OHA create very difficult questions, including:

  • Can an employer’s self-funded group health plan pay for an employee to get an abortion in another state that permits abortions – or is the employer and/or its plan administrator subject to criminal and/or civil actions by doing so?
  • Can an employer or its self-funded group health plan pay for an employee to travel to another state that permits abortions – or is the employer and/or its plan administrator subject to criminal and/or civil actions by doing so?
  • Should abortion-related travel benefits be provided through an employer’s existing self-funded group health plan, or can they be provided separately?
  • Can abortion-related travel expenses be provided through an employee-assistance program (EAP) without making the EAP a group health plan?
  • If an employer provides travel benefits so that an employee can get an abortion in another state, must the employer also provide travel benefits for non-abortion-related medical procedures or mental health conditions?
  • Are there dollar limits on the amount that an employer can pay for abortion-related travel expenses?

I. Employer Liability Under State Law?

Suppose that an employer with a self-funded group health plan has employees in Oklahoma and California.  Suppose that Oklahoma prohibits the provision of abortion benefits to any plan members.  Also suppose that California mandates that a benefit plan must provide abortion benefits to all of its members.  If the employer’s group health plan provides abortion benefits, it may arguably be violating the laws of Oklahoma.  If it does not provide abortion benefits, it may be violating the laws of California.  If the plan does not permit abortion benefits, but it nevertheless provides them to a California employee, then plan assets are being wasted in violation of the terms of the plan.  If the plan pays for abortion benefits for California employees but not for Oklahoma employees, then plan members are being treated differently, perhaps in violation of federal regulations.  See 29 C.F.R. § 2560.503-1(b)(5) (requiring that “the plan provisions [must be] applied consistently with respect to similarly situated claimants”).

Congress sought to avoid these kinds of problems by eliminating state regulation in this field, and by instead “establishing [federal] standards of conduct, responsibility, and obligation for fiduciaries of employee benefit plans, and by providing for appropriate remedies, sanctions, and ready access to the Federal courts.”  29 U.S.C. § 1001(b)  This goal is effectuated in various provisions of the Employee Retirement Income Security Act of 1974 (“ERISA”).

A. ERISA Preemption of State Laws, Generally

ERISA relieves plan fiduciaries from the aforementioned quandaries by generally preempting state law.  29 U.S.C. § 1144.  Federal preemption is a concept rooted in Article VI, Clause 2 of the U.S. Constitution (the Supremacy Clause), which states that “This Constitution, and the Laws of the United States which shall be made in Pursuance thereof [i.e., ERISA] … shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, anything in the Constitution or Laws of any State to the Contrary notwithstanding.”

In keeping with this, ERISA states that “the provisions of this subchapter and subchapter III [of ERISA] shall supersede any and all State laws insofar as they may now or hereafter relate to any employee benefit plan….”  29 U.S.C. § 1144(a).  ERISA defines “The term ‘State law’ [to include] all laws, decisions, rules, regulations, or other State action having the effect of law, of any State.”  ERISA thus preempts not only state statutory law, but also state regulations, executive and administrative action, etc. if the state law “relates to” an ERISA-regulated plan.  The Supreme Court held long ago that ERISA preempts state lawsuits involving plan benefits.  See Metro. Life Ins. Co. v. Taylor, 481 U.S. 58, 67 (1987) (“Accordingly, this suit, though it purports to raise only state law claims, is necessarily federal in character [under ERISA] by virtue of the clearly manifested intent of Congress. It, therefore, ‘arise[s] under the . . . laws . . . of the United States,’ 28 U.S.C. § 1331, and is removable to federal court by the defendants, 28 U.S.C. § 1441(b), emphasis added); Pilot Life Ins. Co. v. Dedeaux, 481 U.S. 41, 57 (1987) (“we conclude that [plaintiff’s] state law suit asserting improper processing of a claim for benefits under an ERISA-regulated plan is not saved by [29 U.S.C. § 1144(b)(2)(A)], and therefore is preempted by [29 U.S.C. § 1144(a)], emphasis added).

States cannot “capture” self-funded ERISA plans and subject them to state regulation.  ERISA states that:

Neither an employee benefit plan described in section 1003(a) of this title …, nor any trust established under such a plan, shall be deemed to be an insurance company or other insurer, … or to be engaged in the business of insurance … for purposes of any law of any State purporting to regulate insurance companies, insurance contracts….

29 U.S.C. § 1144(b)(2)(A).  The Supreme Court explained the impact of this provision (known as the “deemer clause”) as follows:

We read the deemer clause to exempt self-funded ERISA plans from state laws that “regulat[e] insurance” within the meaning of the saving clause. By forbidding States to deem employee benefit plans “to be an insurance company or other insurer . . . or to be engaged in the business of insurance,” the deemer clause relieves plans from state laws “purporting to regulate insurance.” As a result, self-funded ERISA plans are exempt from state regulation insofar as that regulation “relate[s] to” the plans.  State laws directed toward the plans are preempted because they relate to an employee benefit plan but are not “saved” because they do not regulate insurance. State laws that directly regulate insurance are “saved” but do not reach self-funded employee benefit plans because the plans may not be deemed to be insurance companies, other insurers, or engaged in the business of insurance for purposes of such state laws. On the other hand, employee benefit plans that are insured are subject to indirect state insurance regulation. An insurance company that insures a plan remains an insurer for purposes of state laws “purporting to regulate insurance” after application of the deemer clause. The insurance company is therefore not relieved from state insurance regulation. The ERISA plan is consequently bound by state insurance regulations insofar as they apply to the plan’s insurer.

FMC Corp. v. Holliday, 498 U.S. 52, 62 (1990) (emphasis added).

The Supreme Court’s recent decision in Rutledge v. Pharm. Care Mgt. Ass’n explains that laws having a coercive effect on ERISA plans are preempted:

ERISA is therefore primarily concerned with preempting laws that require providers to structure benefit plans in particular ways, such as by requiring payment of specific benefits … or by binding plan administrators to specific rules for determining beneficiary status ….  A state law may also be subject to preemption if “acute, albeit indirect, economic effects of the state law force an ERISA plan to adopt a certain scheme of substantive coverage.”  … As a shorthand for these considerations, this Court asks whether a state law “governs a central matter of plan administration or interferes with nationally uniform plan administration.” Ibid. (internal quotation marks and ellipsis omitted). If it does, it is preempted.

141 S. Ct. 474, 480 (2020) (emphasis added).

B. ERISA Preemption of State Abortion Laws?

ERISA preemption is not without limits.  There are significant and very relevant exceptions.  For example, ERISA does not preempt “any generally applicable criminal law of a State.”  29 U.S.C. § 1144(b)(4).  Thus, any criminal law that does not specifically target benefit plans, but is instead “generally applicable,” is not preempted by ERISA.

As mentioned above, ERISA also does not preempt state laws that “regulate insurance.”  A state might, for example, be able to require an insurance company to include or not include certain provisions in its insurance policies, including group health insurance policies that fund ERISA-regulated plans (so-called “fully-insured plans”).  But a state cannot similarly regulate the terms and content of a self-funded plan.  Self-funded ERISA plans have the broadest possible protection under ERISA preemption.

The problem with the varying state abortion laws (the ones that exist now and the ones that are sure to be enacted in the future) and ERISA preemption is that even if a state law should be preempted by ERISA, it may take years and multiple layers of courts to definitively determine that a law is preempted.  So, the answer to the question at the beginning of this article  — namely, “Can an employer or plan administrator be subject to criminal or civil actions for paying for an abortion or related travel expenses?” – may be yes, at least until a court says otherwise.

Based on what we know about ERISA preemption, if a state has a law making it a crime for anyone to pay for or reimburse the costs of an abortion, it would be very difficult to argue that ERISA preempts said law as applied to self-funded ERISA plans because the law is generally applicable to everyone – and not just ERISA plan administrators.

On the other hand, laws like the OHA – which provide for a civil cause of action against anyone who pays for or reimburses the costs of an abortion – are likely preempted by ERISA as it relates to ERISA self-funded group health plans.  Thus, it is likely permissible for an ERISA self-funded group health plan to (a) pay for an employee to receive an abortion in a state where it is legal; and/or (b) pay for travel-related expenses to said state.  But states and private litigants may disagree, and ERISA plan administrators and fiduciaries might have to spend time and money litigating about these issues.  And courts may ultimately disagree also.  ERISA preemption does not appear to be getting stronger.  Courts and legislative bodies are using Rutledge (holding an Arkansas state PBM law was not preempted) to essentially argue that ERISA does not preempt anything.  All that to say, even if there are good ERISA preemption arguments, it is risky to ignore state laws.

It is important to keep in mind the obvious:  a plan cannot pay for medical care that is not covered by the plan.  So, if you are an ERISA plan administrator or other fiduciary and you want to provide coverage for abortion expenses and/or abortion-related travel expenses, take a look at your plan document to see what it says.  If your plan does not currently provide this coverage, you cannot provide the coverage – unless the settlor of the plan amends the plan document.  If your plan document is silent but you want to make it clear that your plan pays for an abortion (in a state where it is legal) or related travel expenses, then you should have the settlor of the plan amend your plan document.

II. Beyond ERISA Preemption Issues:  Other Compliance Challenges

There are numerous issues and considerations beyond the state law issues described above – far too many for this article.  But here are some quick thoughts regarding other related issues:

  1. Amending existing health plan may be the best option. If an employer wants to provide coverage for (a) abortion expenses in a state where it is legal; and/or (b) abortion-related travel expenses (e.g., transportation) to another state where it is legal, the likely best way to do that will be to amend the employer’s existing self-funded health plan.  Including these benefits in the employer’s existing self-funded plan will give the hopeful protection of ERISA preemption described above, and it will likely prevent the employer from needing to create a separate stand-alone HIPAA policy, COBRA notice packet, etc. – because the existing plan should already have those in place.
  2. Amending existing health plan = only participating employees.  If an employer amends their existing group health plan to provide coverage for abortion-related travel expenses, they cannot provide these benefits for all employees, i.e., only those employees who are eligible and participating in the current plan may receive these benefits.  If an employer pays benefits from the plan for non-participating employees, the employer will violate the exclusive benefit rule and breach their fiduciary duties.
  3. Amending existing health plan = Mental health parity challenges.  You may recall that the Mental Health Parity rules generally require mental health and substance use disorder benefits to have parity with the plan’s medical surgical benefits.  If an employer’s plan provides coverage for abortion-related travel expenses, but does not provide coverage for mental-health-related travel expenses, the employer may accidentally bust the Mental Health Parity rules.  Thus, it may be best to provide a certain level of travel-related expenses for any covered services (e.g., outside of a certain geographic area) without specifying that they are only for abortion-related travel expenses.  This may also minimize the risk of having the travel-expense benefit challenged under state law because it could theoretically be used for any covered benefit. News media outlets are reporting, for example, that Target will have such a broad travel reimbursement policy, which is reported to include travel for mental health, cardiac care, and other services that are not available near employees’ homes.
  4. Creating a stand-alone plan with only travel benefits likely busts multiple ACA rules. If an employer creates a new stand-alone benefit plan to pay travel benefits on a tax-favored basis, separate from their existing health plan, and if it provides nothing other than travel benefits, it would likely be deemed to violate certain provisions of the Affordable Care Act.  For this reason, it is likely better to add these benefits to the existing, robust group health plan. Even if these benefits are provided on an after-tax basis, this likely still creates these issues.
  5. Employers might be able to create an excepted benefit EAP.  Notwithstanding the comments above, it might be possible to create a stand-alone employee assistance plan (EAP) to pay for travel expenses.  This would allow the employer to provide travel expenses to all employees (not just those covered by the existing self-funded plan).  But there are also risks with this approach – namely, whether providing these benefits would provide significant medical care, based on existing DOL guidance, and trigger all of the normal ERISA-plan obligations.  This could depend on whether the employer currently offer an EAP and, if so, what kinds of benefits are currently offered under the EAP.
  6. Talk to the PBM.  An employer should talk to the pharmacy benefit manager (PBM) for their plan and find out what abortion-related drugs participants have access to, especially through mail order – and especially if they have employees in states that make an abortion illegal.
  7. Multi-state employers: state laws.  If an employer has employees in multiple states, the employer should be sure to know and understand the state laws in all of the states in which they have employees.
  8. City and local ordinances.  There are various cities and municipalities that have either already passed local laws regarding abortion (e.g., Lebanon, Ohio) or are considering them.  We understand there are more than 45 cities that currently have such laws.  Employers will need to be mindful of these local laws and will need to think through any preemption issues.
  9. Tax considerations.  There are limits on the amount of travel benefits that can be provided either under an existing group health plan or separately (through one of the structures mentioned above) on a tax-free basis.  An employer will need to be sure to understand those limits and work with their administrator and/or payroll team to ensure compliance.  Certain expenses cannot generally be paid on a tax-free basis, such as meals.

For assistance in navigating these complex legal issues, please contact your McAfee & Taft Employee Benefits attorney.

No Surprises Act – Overview of IDR Process

The No Surprises Act (NSA) became effective on January 1, 2022.  It prohibits surprise billing in certain circumstances.  Surprise billing occurs when a patient receives an unexpected bill, often for a large amount, from an out of network (OON) provider without having a prior opportunity to select the provider.  The patient’s health plan typically does not cover the full amount of the OON charges and the provider “balance bills” the patient for the outstanding amount. The NSA targets common circumstances where surprise billing occurs, including charges for emergency services furnished by an OON provider or facility, air ambulance services furnished by an OON provider of air ambulance services, or nonemergency services furnished by an OON provider at an in-network facility.

Under the NSA the patient is effectively cut out of the billing dispute—the patient only pays the in-network cost sharing amounts, and the plan must pay under either an state All-Payer Model Agreement or other specified state law.  If there is no such Model Agreement or state law, which will often be the case, the following process applies:

Step 1. The plan must send an Initial Payment or Notice of Denial of Payment within 30 calendar days of receipt of a clean claim covered by the NSA.

Step 2. An open negotiation period must be initiated within 30 business days beginning on the day the OON provider receives either an initial payment or a notice of denial of payment.  The open notice period begins on the day on which the open negotiation notice is first sent by a party.  Care should be taken to ensure that the notice complies with specified requirements.

Step 3.  The parties must exhaust the open negotiation period.  Upon exhausting the open negotiation period, and if open negotiation is unsuccessful, either party may request resolution under the Federal Independent Dispute Resolution (IDR) process whereby a certified independent dispute resolution entity will review the case and determine the final payment amount.  The Notice of IDR Initiation must be sent to the other party and to the Departments within 4 business days after the close of the open negotiation period.  The notice must be submitted to the Departments through the Federal IDR portal at https://www.nsa-idr.cms.gov.  The Notice must contain specific information including the initiating party’s preferred certified IDR entity. The non-initiating party can accept the initiating party’s preferred certified IDR entity or object and propose another certified IDR entity.

Step 4.  The non-initiating party has 3 business days to object (including conflict of interest concerns) and propose another certified IDR entity.  If the non-initiating party fails to object it will be deemed to have accepted the initiating party’s preferred certified IDR entity.

Step 5.  Within 4 business days after the date of initiation of the Federal IDR Process the initiating party must notify the Departments that the parties have agreed on a certified IDR entity, or that the Departments should randomly select a certified IDR entity. Within this period the non-initiating party must notify the Departments if it contends the Federal IDR Process is not applicable. The Departments will supply this information to the selected certified IDR entity, who must determine whether the Federal IDR Process is applicable.  The IDR timeframes will continue to apply while the applicability issue is under review.  If the selected IDR entity cannot participate the Departments will notify the parties, and they will have 3 business days to select another certified IDR entity, or, if the parties indicated that they cannot agree on a certified IDR entity, the Departments will randomly select another certified IDR entity. The NSA allows for multiple qualified claims to be considered as part of a single IDR determination (batching) when the claims involve the same provider(s), plans, items, and services, and were incurred in the same 30/90-day period.

Step 6.  If necessary, the Departments will make a random selection of a certified IDR entity within 6 business days after IDR initiation. The certified IDR entity may invoice the parties for administrative fees at the time of selection.  These fees are estimated by the Departments to be $400 on average, and within the range of $200-$500, or $268-$670 for batched claims.

Step 7.  Within 3 business days of selection, the certified IDR entity must submit an attestation that it does not have a conflict of interest and a determination that the Federal IDR Process is applicable.

Step 8.  Within 10 business days after selection of the certified IDR entity each party must submit its offer (the amount it contends should be paid to satisfy the claim) and pay the certified IDR entity fee (which will be held in a trust or escrow account by the certified IDR entity), and the administrative fee which is a separate paid to the Departments.  An offer will not be considered received by the certified IDR entity until the certified IDR entity fee and the administrative fee have been paid.  The offer must include both a dollar amount and a percentage of the QPA (which is the median of the contracted rates recognized by the plan for the same or similar item or service that is provided by a provider in the same or similar specialty and provided in the same geographic region).  Different QPAs should be provided if applicable for batched claims. If a party fails to make a timely or complete offer the certified IDR entity will select the other party’s offer as the final payment amount.

Step 9.  Within 30 business days after the date of its selection the certified IDR entity must determine the payment amount (the parties may continue to negotiate up to the time the certified IDR entity makes its determination, in which case the initiating party has 3 business days to notify the entity and the departments of the agreement).  The certified IDR entity must select one of the offers submitted and notify the parties and the Departments of its decision.  The certified IDR entity must consider “credible” information submitted by the parties which relate to the offers, and which are not prohibited (usual and customary rates, billed charges, and Medicare rates).  Additional information (different for air ambulance and non-air ambulance items and services) may be considered such as training, experience, quality of outcomes, market share, acuity of the patient, teaching status, case mix, scope of services, and good faith effort by the provider to enter into network arrangements.

Step 10.  Any amount due from one party to the other party must be paid within 30 calendar days after the determination by the certified IDR entity. The certified IDR entity must refund the prevailing party’s certified IDR entity fee paid within 30 business days after the determination. The certified IDR entity’s decision is binding upon the parties unless there is fraud or evidence of intentional misrepresentation of material facts to the certified IDR entity.

Here are some other general rules related to the IDR process:

Cooling off period.  The party that initiated the Federal IDR Process may not submit a subsequent Notice of IDR Initiation involving the same other party with respect to a claim for the same or similar item or service that was the subject of the initial Notice of IDR Initiation during the 90-calendar-day suspension period following the determination.

Extensions.  May be made for good cause in extenuating circumstances (such as natural disasters).  Payment periods cannot be extended.

Recordkeeping and Reporting.  Certified IDR entities must maintain records of all claims and notices associated with the Federal IDR Process with respect to any payment determination for 6 years. Certified IDR entities must report certain data within 30 business days of the close of each month through the Federal IDR portal.  The reporting must be done to maintain certification.

Confidentiality.  Certified IDR entities must maintain confidentiality and security regarding individually identifiable health information (IIHI) and must report any breaches of confidentiality.

Revocation of Certification.  The Departments may revoke the certification of a certified IDR entity if the entity demonstrates incompetence or failure to comply with the Federal IDR Process.

Resources (including links to model notices and forms).