Baldwin Bulletin – Sept. 28, 2022

A Compliance Newsletter by: The Baldwin Regulatory Compliance Collaborative (BRCC)

Welcome to Issue No. 2 of the Baldwin Bulletin – A compliance Newsletter by: The Baldwin Regulatory Compliance Collaborative (BRCC). This serves as a monthly guide to important regulatory developments, legal news, and employee benefits-related industry happenings, designed to keep you abreast of the latest developments. Below, we are summarizing a digest of current news and other developments from the industry over the past few weeks, along with important interrelated and upcoming deadlines.

Significant Upcoming Compliance Deadlines

Prescription Drug Reporting Enforcement to Begin December 27

Section 204 of the Consolidated Appropriations Act, 2021 (CAA) contains reporting requirements regarding a health plan’s prescription (Rx) drug coverage and costs.  This is commonly referred to as the Prescription Drug Data Collection (RxDC) report. The purpose of this reporting, as with other transparency provisions in the CAA and the Transparency in Coverage Rules (discussed elsewhere in this Bulletin) is to promote greater transparency in health care spending.

Initially, the RxDC report was required to have been filed by December 27, 2021, and June 1 of each year thereafter. However, enforcement was deferred for one year, such that the first reporting requirement is due this December 27, 2022, for the 2020 and 2021 reference years. Subsequently, reporting will be due on June 1, 2023 (for the 2022 reference year), and then annually thereafter.

The Centers for Medicare & Medicaid Services (CMS) reporting instructions clarify that a reference year refers to the calendar year of the data that is in the RxDC report. Thus, with respect to the 2020 RxDC report, a plan with a non-calendar year plan year will contain information for both the 2019 and 2020 plan years to the extent it happened in 2020. For example, the 2020 RxDC report for a plan with a July 1 – June 30 plan year, will contain information pertaining to January 1 – June 30 of the 2019 plan year and July 1 – December 31 of the 2020 plan year.

Health Plans Subject to Reporting

In general, health plans – fully insured and self-insured, grandfathered and non-grandfathered, those subject to ERISA and those not subject to ERISA – will be required to report. This includes non-federal governmental plans subject to the Public Health Safety Act (such as school districts and other public entities) and church plans that are subject to the Internal Revenue Code. The reporting requirements do not apply to account-based plans, such as health reimbursement accounts, flexible health care spending accounts, and health savings accounts. While not an inclusive list, they also do not apply to excepted benefit plans, such as limited-scope dental and vision plans, hospital and fixed indemnity plans, disease-specific insurance plans, Medicare advantage plans, Medicaid plans, and state children’s health insurance program plans.

Required Reporting Data

The information required will be used to assist the Department of Labor, Health and Human Services, and the Treasury (Departments) in understanding prescription drug and health care spending costs, and to prepare a report that will be made public regarding this information.

Most of the information required, with the exception of certain plan level information, can be reported on an aggregate basis across plans in the same state and market segment. Certain plan level information must be reported on separately. Specifically, the required data elements including the following:

1. Plan name and number
2. Plan sponsor, EIN, and principal place of business
3. Plan year start and end dates
4. Number of participants, beneficiaries, or enrollees covered
5. Each state in which the plan is offered
6. For each state and market segment (small group market, large group market, self- funded small employer plan, self-funded large employer plan):
   • The 50 most frequently dispensed brand name Rx drugs, and the total number of paid claims for each
   • The 50 most costly Rx drugs by total annual spending
   • The annual amount spent by the plan for each drug
   • The 50 Rx drugs with the greatest increase in plan expenditures from the plan year preceding the reported plan year, and, for each such drug, the change in amounts expended by the plan in each such plan year
   • Total spending on health care services by type of costs and by participants, broken down by: hospital costs, health care provider and clinical service costs (further broken down by primary care and specialty care), costs for Rx drugs utilization and spending broken down by hospital and medical, wellness services and other medical costs
   • Rx spending and utilization that includes total annual spending by plan and the number of participants (including beneficiaries and enrollees) with a Rx drug claim paid, by plan and by participants, beneficiaries, and enrollees
   • The average monthly premiums paid by participants, beneficiaries, and enrollees and paid by employers on behalf of participants, beneficiaries, and enrollees
   • Rx rebates, fees, and other remuneration paid by drug manufacturers to the plan or its administrators or service providers, including the amount paid for each therapeutic class of drugs and for each of the 25 drugs that yielded the highest amounts of rebates and other remuneration under the plan from drug manufacturers during the plan year
   • The impact of Rx drug rebates, fees, and other remuneration on premiums and out-of-pocket costs

The reporting is done through the Health Insurance Oversight System (HIOS). CMS has recently published an updated user manual, available here, that explains how to use the RxDC module within the HIOS.

Next Steps

For sponsors of fully insured plans, the good news is that the insurer can be directly responsible for the reporting obligation as long as the employer and insurer execute a written agreement that requires the insurer to be responsible for the reporting.

Plan sponsors of self-insured or level funded plans may have a third-party, such as a third-party administrator (TPA), or pharmacy benefit manager (PBM) submit some or all the information, on their behalf. In nearly all instances, this should be the case because the third-party will have access to HIOS. Otherwise, the plan sponsor will need to set up its own HIOS account with CMS. Thus, plan sponsors should work with the third-party to confirm that they will report on their behalf and ensure compliance by the December reporting deadline.

Plan sponsors who recently changed their TPA or PBM or have undergone merger & acquisition activity, may need to reach out to their prior third-party vendor to coordinate the provision of this data to ensure timely and accurate reporting.

Please refer to the CMS website for additional information.

Phase II of Transparency in Coverage Final Rules Enforcement Date Fast Approaching

Group health plans and health insurance issuers must make an internet-based price comparison tool that provides cost-sharing information for 500 shoppable items, services, and drugs available to participants, beneficiaries, and enrollees effective for plan years beginning on or after January 1, 2023.  For plan years beginning in 2024, the price comparison tool must provide cost-sharing information for all covered items, services, and drugs. This requirement to provide a price comparison tool applies to group health plans (including self-insured and level-funded plans) and health insurance issuers. However, the requirement does not apply to:

• Plans with grandfathered status;
• Excepted benefits (such as limited-scope vision and dental benefits); and
• Account-based plans, such as health flexible spending accounts, health reimbursement accounts, and health savings accounts

By way of background, this requirement comes from the Transparency in Coverage Final Rules that were issued by the Departments of Labor, Health and Human Services and the Treasury (Departments) in November 2020. The Departments anticipate that this tool will provide consumers with real-time estimates of their cost-sharing liability from different providers for covered items and services, including prescription drugs, so that consumers can shop and compare prices before receiving care.

This tool must be available without a subscription or other fee, and group health plans and issuers must make this information available in paper form, upon request. Plans and issuers should be prepared to provide this comparison information over the telephone to comply with a transparency requirement added by the Consolidated Appropriations Act, 2021 (CAA).

How the Tool Works

The price comparison tool must allow users to search for cost-sharing information for a covered item or service by entering certain information: a billing code or descriptive term; the in-network provider’s name if a user wants cost-sharing information for a specific in-network provider; and certain other relevant factors, such as the location of service, facility name or dosage. The price comparison tool must provide real-time responses based on cost-sharing information that is accurate at the time of the request. There are seven content elements that a plan or issuer must disclose, upon request, to a participant, beneficiary, or enrollee for a covered item or service: estimated cost-sharing liability, accumulated amounts, negotiated rates, out-of-network allowed amounts, a list of items and services subject to bundled payment arrangements, a notice of prerequisites, if applicable, and a disclosure notice.  In this respect, the Departments have developed a draft model disclosure that plans and issuers may use for these disclosure requirements.

Employer Next Steps

• Employers with fully insured health plans should confirm that their health insurance issuer will develop and maintain the price comparison tool and provide any requested disclosures, beginning with 2023 plan years.  Moreover, the employer should ensure this compliance responsibility is reflected in a written agreement with the issuer.
• Employers with level-funded or self-insured plans should also reach out to their third-party administrators and/or pharmacy benefit managers (collectively, service providers) to confirm they will develop and maintain the price comparison tool and provide any requested disclosures, beginning with 2023 plan years. Further, employers should obtain or update agreements, as necessary, to reflect these changes in responsibilities. Note: employers with level-funded or self-insured plans must monitor their service providers to ensure they provide the required disclosures as those employers will remain liable for compliance.

For more information, please see here.

Final Rule Implements Ban on Surprise Medical Billings

Under the Consolidated Appropriations Act, 2021, Congress passed the No Surprises Act (NSA).  This law creates protections for patients by banning surprise billing that began taking effect on January 1, 2022.  Surprise billing is when an individual receives an unexpected bill after services rendered from an out-of-network provider or facility when they did not have the opportunity to select a provider or facility covered by their network.  The most common example of surprise billing occurs in a medical emergency. Specifically, health plans and insurers, in-network facilities, and providers of air ambulance services are prohibited from balance billing covered individuals beyond in-network cost-sharing limits for certain out-of-network services.  Some states already have laws that ban surprise billing.

The IDR Process

As a part of the NSA, an independent dispute resolution (IDR) process for out-of-network care covered under the surprise billing protections was created.  The IDR process is designed to resolve payment disputes between a provider or facility and the group health plan after an initial payment or denial of benefits by the plan. Three sets of interim final rules were issued last year, along with a proposed rule on enforcement. This past February, a Texas Federal district court invalidated portions of the rules regarding payer-provider obligations to determine the out-of-network rates, and these portions were vacated.

In response to this court ruling, in April 2022, the Departments of Labor (DOL), Health and Human Services (HHS) and the Treasury (Departments) issued revised guidance on the details of the IDR process, including when the Federal IDR process will apply versus a state’s process.  In brief, the Federal IDR process applies when there is not an applicable state model to determine the payment amount.  For complete details of the Federal IDR process, the Departments provide a Guide for Disputing Parties, including a checklist for administering the Federal IDR process.  A chart for determining the applicability of the Federal IDR Process versus the state process is available here.

In August 2022, the Departments issued a final rule revising portions of the NSA, with certain changes related to the IDR process.  Generally, three aspects of the interim final rules were modified:

• First, it expanded the information regarding the qualified payment amount (QPA) that health plans and insurers must disclose to providers.
• The second revision interpreted the NSA rules that govern the appropriate out-of-network rate used during the IDR process.
• The third change expanded the information an IDR entity must provide in its written payment determination.

The final rule also addressed many of the NSA implementation issues.  These changes will be effective within 60-days of publication and is generally effective for plan years on or after January 1, 2022. The Departments released NSA implementation FAQs in addition to this final rule.

Additional Resources

Additional resources are available and include the following:

• For a full list of the forms required during the IDR Process, visit this DOL website. The list is under Requirements Related to Surprise Billing, Part II.
• The Centers for Medicare and Medicaid Services (CMS) website for providers to submit complaints and resources for group health plans is at https://www.cms.gov/nosurprises.
• The CMS website to initiate a dispute is here.

Most health insurance carriers and third-party administrators (TPA) will be initiating the IDR Process, if necessary.  It is suggested that employers contact their carrier or TPA to confirm their compliance with the NSA and the IDR Processes that are applicable for their particular state(s).

For further information, please also refer to the following here, here and here.

Departments Clarify Health Plan Public Posting Requirements Under the No Surprises Act and Transparency in Coverage Final Rules

The Departments of Labor (DOL), Health and Human Services (HHS) and the Treasury (Departments) issued joint guidance on August 19, 2022, regarding implementation of certain provisions of the Affordable Care Act and the No Surprises Act (NSA), as well as the Transparency in Coverage Final Rules (TiC Final Rules).  The guidance contains twenty-three FAQs to help stakeholders understand the law and to promote compliance, including clarification related to the requirements for the public posting by health plan sponsors of the balance billing protections notice under the NSA and machine-readable files (MRFs) under the TiC Final Rules.  The guidance applies in instances in which the plan sponsor (for example, an employer) may maintain a public website, but the group health plan sponsored by the employer does not (which is commonly the case).

The guidance makes it clear that if a group health plan does not have its own public website (which many do not), a health plan may satisfy its requirement to post the balance billing protections notice and MRFs if the plan’s health insurance issuer or third-party administrator (TPA), as applicable, posts the information on its public website on behalf of the plan.  The plan is not required to create its own public website for these purposes.

However, the guidance requires that the health plan enter into a written agreement with the issuer/TPA under which the issuer/TPA agrees to post the required information on behalf of the plan.  If the issuer/TPA fails to do so, then the plan is in violation of the disclosure requirements.  For this reason, the plan sponsor should regularly check the issuer or TPA’s public website, as applicable, to make sure that the information is maintained on its website per the written agreement of the parties.

NLRB Set to Broaden Standard for Determining “Joint Employer” Status

The National Labor Relations Board (NLRB) recently issued a Proposed Rule on the standard for determining joint-employer status under the National Labor Relations Act (NLRA), replacing the final rule that took effect on April 27, 2020. Employers will be considered joint employers if they “share or codetermine those matters governing employees’ essential terms and conditions of employment,” including scheduling, wages, and benefits.

According to the Proposed Rule, the changes are designed to explicitly ground the joint-employer standard in established common-law agency principles. They would also provide relevant guidance to parties covered by the NLRA regarding their rights and responsibilities when more than one statutory employer possesses the authority to control or exercise the power to control employees’ terms and conditions of employment.

Joint employers share liability for unfair labor practices and responsibility for bargaining with the union. Expanding the joint-employer standard could have major consequences in the franchising industry and for organizations sourcing workers through contracts, temporary staffing agencies, and other business-to-business arrangements. The Proposed Rule reflects the NLRA’s aims to promote collective bargaining and stabilize labor relations by easing organizing and collective bargaining for staffing, franchise, and other workers with ties to multiple employers.

Public comments regarding the Proposed Rule must be received by the NLRB on or before November 7, 2022. Subsequently, the NLRB will review these comments and determine whether to move forward with a final rule.

California Consumer Privacy Law to Apply to Employment Records Beginning January 1

The California Consumer Privacy Act (CCPA) was signed into law and became effective January 1, 2020. At the time of its passage in 2018, it was considered the strongest consumer protection law in the country. Under the law, employees are included in the definition of “consumers”. As such, the CCPA applies to employment related personal information maintained by an employer with respect to its employees in California (for example, job applicant, beneficiary and emergency contact information). Note that the CCPA doesn’t apply to data that is already protected by HIPAA.

Subsequently, in November 2020, California voters passed a ballot initiative “The California Privacy Rights Act (CPRA)” that amended the CCPA and strengthened the law even further. It gave businesses until January 1, 2023, to bring themselves into compliance with all the CPRA amendments. The California Legislature previously amended the CCPA to include a one-year moratorium for the application of most CCPA requirements for employee personal information, that was ultimately extended through the end of 2022. However, this exemption has not been extended in this year’s Legislative session. Thus, employers subject to the CCPA must be prepared to comply with the many data privacy obligations relating to employment and job applicant data beginning on January 1, 2023.

For more information, refer to the accompanying article by the law firm of Fisher Phillips, in which the firm announced the launching of its CCPA Resource Center to assist employers in complying  with the California consumer privacy law.

ACA Penalties for 2023

The IRS has updated its  frequently asked questions (FAQs) on the employer shared responsibility rules under the Affordable Care Act (ACA) to include updated penalty amounts for 2023. For calendar year 2023, the adjusted $2,000 penalty amount is $2,880, and the adjusted $3,000 penalty amount is $4,320.

In summary, the ACA’s employer shared responsibility, or pay or play rules, require Applicable Large Employers (ALEs) to offer affordable, minimum value health coverage to their full-time employees (and dependents) or potentially pay a penalty. The affordability of health coverage is crucial in determining whether an ALE will be subject to a penalty.

Under the pay or play rules, an ALE is only liable for a penalty if at least one full-time employee receives a subsidy for coverage in the Marketplace. Employees offered affordable, minimum value health coverage are generally not eligible for these subsidies. ALEs must remember that the affordability rate for 2023 has decreased to 9.12% (from 9.61% in 2022). Thus, health coverage that was considered affordable before 2023 may not be considered affordable in 2023. Employers are encouraged to review their upcoming 2023 medical plans to ensure that premiums remain within the 2023 guidelines to avoid potential penalties from the IRS.

For more information visit the IRS websites here and here.

Inflation Reduction Act Provisions Regarding Employee Benefits

On August 16, President Biden signed the Inflation Reduction Act (IRA) into law. The legislation addresses deficit reduction, investments in healthcare, domestic energy, climate change, and other issues. The law’s health reforms primarily impact those with Medicare coverage. Specifically, the law implements the following measures:

• Reduces the cap on Medicare Part D out-of-pocket spending to $2,000 in 2025
• Limits premium increases on Medicare Part D
• Requires pharmaceutical manufacturers to pay rebates if prices rise faster than inflation
• Limits the cost of insulin for those on Medicare
• Eliminates cost-sharing for adult vaccines covered under Medicare Part D

While employers have no actionable items on this legislation, it’s important to note that the law also implements a three-year extension on increased health insurance subsidies for coverage purchased through an Exchange that was set to expire at the end of 2022.

For more information, visit https://crsreports.congress.gov/product/pdf/IF/IF12203

Employee Benefits Litigation

Increased COBRA Litigation

Over the past couple of years, there have been an increase in class-action lawsuits being filed throughout the country- many involving high-profile defendants, alleging that the notices required under the Consolidated Omnibus Budget Reconciliation Act (COBRA) failed to provide all of the information required by COBRA, including the name of the Plan Administrator, the mailing address for payments, an explanation as to how to enroll, and a physical form to elect coverage.

Most recently, McDonald’s settled one such suit, where it was claimed that McDonald’s failed to give former employees proper notice of their rights under COBRA. In many instances, including the McDonald’s case, the defendants chose not to use the model notices provided by the Department of Labor (DOL).

A Plan Sponsor’s safest bet to avoid or minimize the risk of litigation is to ensure its COBRA Administrator is utilizing the most current version of the model notices provided by the DOL.

Employee-paid LTD Policy Still an ERISA plan

In the case of  Duncan v. Unum Life Insurance Co. of Am., a Tennessee Federal District Court ruled that an employee pay-all long-term disability (LTD) policy that was offered to employees as part of what was purported to be a group benefits plan, was subject to ERISA and did not fall within the DOL’s safe harbor exempting certain “voluntary” insurance arrangements from ERISA.

Transgender Rights and Coverage of Gender Transition Related Services

Courts around the country continue to address protections for transgender rights as well as the coverage of gender transition services. District courts in California, Minnesota, Wisconsin, and most recently West Virginia have taken the position that discrimination against transgendered individuals violates the Affordable Care Act (ACA)’s Section 1557’s prohibition against sex discrimination. The 4^th Circuit Court of Appeals recently held in Williams v. Kincaid, that gender dysphoria is a covered disability under the Americans with Disabilities Act (ADA), and on September 7, 2022, a lawsuit was filed in a Tallahassee Federal Court challenging Florida’s ban on covering gender-affirming care for Medicaid enrollees.

It seems that courts may not be so inclined to take similar positions in challenges made by religious organizations. On August 26, 2022, in Franciscan Alliance, et al., v Department of Health and Human Services, the 5^th Circuit Court of Appeals upheld a district court decision that prohibits the Department of Health and Human Services (HHS) from enforcing Section 1557 in such a way that it would require the plaintiffs, a group of faith-based providers, to provide insurance coverage for services related to gender transition or abortion.

A legal sidebar, prepared by the Congressional Research Service, discusses HHS’ position on several legal issues that arose in earlier litigation and are addressed in its recently issued Notice of Proposed Rulemaking implementing Section 1557. The sidebar is available here.

Improper Disposal of PHI Results in Big Penalty for Violating HIPAA

On August 23, 2022, the Department of Health and Human Services (HHS) issued a resolution agreement along with a related press release announcing a $300,640 settlement with a New England-based dermatology center for potential violations of the Health Insurance Portability and Accountability Act (HIPAA)’s privacy rule, including the impermissible use and disclosure of protected health information (PHI) and failure to maintain appropriate safeguards to protect the privacy of PHI . The settlement was a result of the dermatology center filing a breach report with the Office of Civil Rights (OCR) stating that empty specimen containers containing PHI were found in a garbage bin in the center’s parking lot. As part of the settlement, the dermatology center agreed to implement a corrective action plan that involves two years of monitoring. OCR FAQs concerning HIPAA and the disposal of PHI are available here.

Question of the Month

Many of our employees do not have computer access for their employment. Can we distribute our plan’s wrap summary plan description and other documents required under ERISA using flash drives, CDs, or other methods beside paper distribution?

Answer: Department of Labor (DOL) regulations provide for a safe harbor that will meet its electronic distribution requirements. For those employees without workplace access to a computer, employers must obtain prior consent and provide these employees with a notice indicating the significance of the electronic disclosure and the right to receive a paper copy. The overarching requirement of this safe harbor is that an employer’s delivery method must be reasonably calculated to ensure actual receipt by the participant and must likely result in full distribution.

According to Thompson Reuters, “informally, DOL staff have commented that simply mailing a CD or flash drive of the SPD (or other required disclosure) without affirmative consent would not satisfy the safe harbor, nor would it satisfy the general requirement that the delivery method be reasonably calculated to ensure full distribution and actual receipt. In DOL staff’s view, it is not reasonable to assume that recipients will be able to access and read the CD or flash drive”. For those who do not consent, delivery of paper SPDs (in accordance with DOL guidance on paper delivery methods) may be required. For a copy of the DOL’s safe harbor requirements for electronic distributions see here.