A Compliance Newsletter by: The Baldwin Regulatory Compliance Collaborative (BRCC)
Welcome to the latest issue of the Baldwin Bulletin – A compliance newsletter by: The Baldwin Regulatory Compliance Collaborative (BRCC). This serves as a monthly guide to important regulatory developments, legal news, and employee benefits-related industry happenings, designed to keep you abreast of the latest developments. Below, we are summarizing a digest of current news and other developments from the industry over the past few weeks, along with important interrelated and upcoming deadlines.
Telehealth Services Relief Extended for High Deductible Health Plans
The approximately $1.7 trillion spending bill package that was passed in Congress on December 23 includes several provisions impacting health and benefits coverage. Most notably, the Consolidated Appropriations Act (CAA), 2023, extends transition relief through December 31, 2024, permitting high deductible health plans to cover telehealth services without having to satisfy the plan’s deductible. The existing safe harbor, enacted as a result of the COVID-19 public health emergency, had been set to expire at the end of 2022. This provision allows for coverage for all plan years that begin prior to January 1, 2025. A McDermott+Consulting summary of key CAA, 2023 health provisions is available here.
Prescription Drug Reporting Non-Enforcement Deadline Extended
On December 22, 2022, the Departments of Labor, Health and Human Services and Treasury (Departments) issued FAQ 56, which provides a one-month non-enforcement period extension to the prescription drug (Rx) reporting deadline for the 2020 and 2021 reporting years. The submission deadline had been previously extended to December 27, 2022. Under the current guidance, a health plan or health care issuer will not be considered out of compliance as long as a good faith submission is made on or before January 31, 2023.
In addition, FAQ 56 provides some flexibility and clarification regarding reporting 2020 and 2021 data through the Health Insurance Oversight System (HIOS):
- The Departments clarify that when a reporting entity submits on behalf of more than one plan or issuer for a reference year, the reporting entity may create more than one submission for that reference year, instead of including the data of all clients within a single set of plan lists and data files for the year. These multiple submissions will be considered valid and not duplicate submissions.
- More than one reporting entity may submit the same data file type on behalf of the same plan or issuer, instead of working together to consolidate all of the plan or issuer’s data into a single data file for each type of data.
- For 2020 and 2021 data only, a reporting entity submitting the required data may, within each state and market segment, aggregate at a less granular level than that used by the reporting entity that is submitting the total annual spending data.
- Reporting on vaccines in the data files are optional for this reporting deadline.
- Reporting entities do not have to report a value for “Amounts not applied to the deductible or out-of-pocket maximum” and the “Rx Amounts not applied to the deductible or out-of- pocket maximum.” However, they should not remove these columns from data files D2 and D6 but may leave blank the data fields in these columns.
Significant 2023 Compliance Deadlines
A summary of significant compliance deadlines for 2023 is attached as we close out yet another year. For more information, see here.
2023 Health Care FSA and Other Health and Welfare Limits
Internal Revenue Service (IRS) Revenue Procedure 2022-38 provides increased limits for health care flexible spending account (FSA) contributions and related carryover amounts of $3,050 and $610, respectively, for the 2023 plan year (up from the 2022 limits of $2,850 and $570, respectively). In addition, the limit for 2023 qualified transit and parking expenses (which represents the non-taxable limits for employer-provided commuter benefit programs), increases to $300 (up from $280 in 2022).
The following is a reference tool for employers that summarizes 2023 limits applicable to health and welfare plans that are reflected either in Revenue Procedure 2022-38 or earlier guidance. Also included are the 2023 contribution limits required by employers subject to the San Francisco Health Care Security Ordinance (SFHCSO).
 Covered employers are required to make a minimum health care expenditure for most of their employees who work at least 8 hours per week within the geographic boundaries of the City. For 2023, managerial, supervisory and confidential employees earning more than $114,141 yr. (or $54.88/hr.) are exempt (for 2022, the exemption thresholds were $109,643/yr., or $52.71/hr.)
2023 Retirement Income Benefits
The Internal Revenue Service (IRS) has released Notice 2022-55, containing cost-of-living adjustments for 2023 that affect contribution limits to retirement plan accounts. The following table reflects changes to the limits applicable to most employer plans:
ACA Forms and Deadlines for 2022 Employer Reporting
The Internal Revenue Service (IRS) released the final 2022 forms for reporting under Internal Revenue Code Sections 6055 and 6056 (Forms 1094-B and 1095-B and Forms 1094-C and 1095-C). As discussed in our last newsletter, the IRS revised Form 1095-B to remove references to the individual mandate penalty in the “Instructions for Recipients” section. No other substantive changes were made to the final forms for 2022 reporting.
The IRS issued final regulations on information reporting of health insurance coverage and other issues. As you may recall, the IRS previously issued proposed regulations in December 2021 which provided for a blanket 30-day extension of the due date for furnishing Form 1095-C to individuals as well as the due date for certain reporting under Code Section 6055. These extensions are now permanent, and we expect the instructions for the reporting forms to be released soon, incorporating these deadlines. Accordingly, paper IRS returns for 2022 must be filed by February 28, 2023; individual statements for 2022 must be furnished by March 2, 2023; and electronic IRS returns for 2022 must be filed by March 31, 2023. In addition, several states, including California, Massachusetts, New Jersey, Rhode Island, as well as the District of Columbia, have their own reporting requirements to evidence an employee’s compliance with the individual mandate. More information on these state requirements and deadlines can be found in the above-referenced compliance timeline.
PCORI Fee for 2023
Internal Revenue Service (IRS) Notice 2022-59, provides the adjusted PCORI fee amount for plan years ending on or after October 1, 2022, and before October 1, 2023. Employers with self-insured health plans must pay the PCORI fee for plan years ending in 2022 by July 31, 2023. Read more here.
IRS Clarifies that Additional Permitted Election Changes Also Apply to Calendar Year Plans
The Internal Revenue Service (IRS) has clarified that Notice 2022-41 also applies to group health with calendar year plan years. Notice 2022-41, which initially only applied to plans with non-calendar plan years, expanded the IRS’ permitted list of mid-year election changes under Internal Revenue Code Section 125 so that employees could be able to prospectively disenroll family members from their employer’s group health plan (other than a health care flexible spending account) mid-year in favor of electing an Exchange plan in the individual market. As a reminder, employers who sponsor cafeteria plans and wish to allow their employees to make these election changes so that their family members may take advantage of their new eligibility for premium subsidies should comply with the new requirements and amend their cafeteria plans accordingly.
Treasury Department/IRS Guidance Priorities for 2022-2023 Announced
The Department of Treasury (Treasury Department), in conjunction with the Internal Revenue Service (IRS), have released their list of over 200 guidance projects reflecting their priorities for allocating IRS and Treasury Department resources during its current plan year, July 1, 2022, through June 30, 2023. There are several projects anticipated with respect to retirement benefit plans, but only a handful of projects are dedicated to health and welfare benefits, including guidance on contributions to, and benefits from, paid family and medical leave programs, and final regulations under Internal Revenue Code (Code) Sections 4980H (employer shared responsibility penalty assessments) and 105(h) related to health reimbursement accounts (HRAs). Most of the projects have appeared on prior priority guidance lists. Of interest to note is that, once again, final cafeteria plan rules (proposed final rules were issued back in 2007) and new rules under Code Section 105’s nondiscrimination requirements for fully insured health plans, made applicable by the Affordable Care Act, did not appear on the list. The complete list is available here courtesy of Groom Law.
Colorado Rolls Out Public Option Plans
A 2021 Colorado law (HB21-1232) permits individuals seeking to purchase health coverage on the ACA marketplace to choose standard health benefit plan options (“Colorado Option”) beginning January 1, 2023. The Colorado Option plans are not considered true public options. Rather, they represent a hybrid approach to insurance coverage in that the plans are offered by private insurance carriers, but they are subject to strict state oversight. A principal objective of the Colorado Option is to make coverage choices in the ACA marketplace more competitive. For more information, including a discussion of its inaugural rather bumpy rollout, read this Kaiser Family Foundation article here.
COVID-19 Vaccine Funding Set to Sunset?
A new Kaiser Family Foundation (KFF) study finds that if the federal government runs out of money to purchase COVID-19 vaccine, the cost of the vaccine will likely increase significantly. The Biden administration has said it can no longer afford to purchase additional doses if Congress does not provide more funds, which will shift the burden to the commercial market. This could potentially result in future increases in premiums for private insurers and participants. Read the KFF analysis here.
Proposed Regulations Issued Regarding Confidentiality of Substance Use Disorder Patient Records
The Department of Health and Human Services (HHS) has issued a proposed rule regarding changes to rules on unauthorized disclosures under the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 CFR part 2 (“Part 2”). The proposed rule by HHS’s Office of Civil Rights (OCR), together with the Substance Abuse and Mental Health Services Administration (SAMHSA) implements a requirement in the Coronavirus Aid, Relief, and Economic Security (CARES) Act and better aligns these provisions with the privacy, breach notification and enforcement rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HHS is seeking to address concerns about discrimination or prosecution resulting from individuals entering treatment for substance abuse, including in the workplace. Some features of the proposed rule that impact employers include that Part 2 violations are now subject to the HIPAA Breach Notification Rule and that HHS will have the authority to enforce Part 2 through civil penalties. These changes are currently only in the proposed form. If they are finalized, employers with self-insured health plans should review their privacy policies and notice of privacy practices and make any necessary updates. For more information read a nice summary by the law firm of Foley & Lardner LLP here.
Office of Civil Rights Provides Cybersecurity Guidance
Plan sponsors of covered entities and business associates (regulated entities) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) are required to implement policies and procedures to address security incidents. In its October 2022 Cybersecurity Newsletter, the Office of Civil Rights (OCR) division of Health and Human Services (HHS) warns of hacking as a serious threat to protecting the privacy and security of confidential data. In particular, because electronic protected health information (ePHI) identifies individuals and includes information relating to an individual’s health, treatment or payment information, it is a valuable target for cybercriminals. The OCR guidance is designed to assist HIPAA regulated entities in enhancing their security policies and procedures by providing valuable recommendations for identifying and responding to security incidents and mitigating their harmful effects to ensure the confidentiality, integrity and availability of their ePHI.
The OCR also recently released guidance on the use of online tracking technology tools (tracking technologies) by HIPAA regulated entities, which have specific compliance obligations when using tracking technologies. Specifically, regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of protected health information to tracking technology vendors or any other violations of HIPAA. The guidance is available here.
In other related news, Cameron Shilling, Director, Litigation Department & Chair of Cybersecurity and Privacy Group, at the law firm of McLane Middleton, has published an article entitled “The Cybersecurity Risks Posed by Employee Benefit, Payroll Services” that is available here.
Question of the Month
Does posting a summary plan description (SPD) and other ERISA required documents on a company intranet satisfy ERISA’s requirement that they be delivered to participants?
Answer: Yes, as long as the employer complies with all of the Department of Labor (DOL)’s electronic distribution requirements (see here). This means that the employer must provide a written or electronic notice to plan participants and beneficiaries when the document is posted that describes the document’s significance and the right to receive a paper copy. ERISA also requires that SPDs be delivered to participants in a manner that is “reasonably calculated to ensure actual receipt.” The DOL provides a safe harbor under which electronic delivery, including posting on an intranet website, will be deemed to satisfy this standard. The safe harbor sets forth general requirements for all electronic disclosures and additional requirements for disclosures to recipients who do not have work-related computer access (including prior written consent). Keep in mind that electronically furnished SPDs must meet the underlying SPD content, format, and other requirements. Source: Thompson Reuters.