Click here to download this PDF!
MLR Rebates Reminder for Employers
Carriers are required to send out Medical Loss Ratio (MLR) payments to employers by September 30th.
WHO THIS APPLIES TO:
• Large employers with fully-insured health plans who receive an MLR check
• Small employers with fully-insured health plans who receive an MLR check
GO DEEPER: When an employer receives one of these MLR checks from the insurer, they’ll need to carefully consider how the funds must be spent – they should not just keep it. This is because any portion of the rebate that is considered “plan assets” has to be used in a very specific manner. In other words, if employees paid any portion of the total premium, then that portion related to the MLR rebate check is considered plan assets and can only be used to benefit those participants, not the employer.
For instance, if employees paid 20% of total premiums last year and the employer contributed 80%, then 20% of the rebate check is considered “plan assets” and should only be used for the benefit of plan participants.
There are 3 basic methods an employer may use to spend this portion on participants: 1) Pay out a taxable cash refund 2) Offer a premium holiday for the amount of the rebate 3) Provide some type of benefit enhancement.
There is no de minimis amount for distribution of any portion that’s considered plan assets under the rules. The only leeway given relates to the cost of including former participants in the rebate distribution. In other words, even if the rebate is a very small amount and dividing it up between participants results in a few dollars, any portion related to plan assets still has to be given back to current participants, and possibly to former employees (such as COBRA qualified beneficiaries and retirees).
Medicare Part D Notices Must be Sent before 10/15
Employers must send Medicare Part D creditable coverage notices to all Medicare-eligible individuals before October 15th, regardless of the employer’s size or when the plan year starts.
WHO THIS APPLIES TO:
• Large employers with fully-insured and self-funded health plans
• Small employers with fully-insured and level-funded health plans
GO DEEPER: The employer must give a notice to Medicare-eligible individuals who are enrolled or seeking to enroll. Identifying these individuals can be difficult, particularly when eligibility for Medicare is based on a factor other than age, such as disability or end-stage renal disease. As a result, it may be easier to give Medicare Part D disclosures to everyone who is enrolled, or seeking to enroll, in the group plan.
The employer should first check with the carrier or TPA to see if a determination has been made for each specific plan an employer offers. If the TPA or carrier will not make that determination, then the employer must either use CMS’s design-based simplification method (linked here) or obtain an actuarial determination. Unfortunately, the design-based method is quite difficult for an employer to use, so if the carrier or TPA doesn’t provide a determination, then CMS says an actuarial determination must be made.
The notice may be sent by mail or electronically if the DOL’s electronic disclosure requirements are met.
Attestations for Gag Clause Prohibition Compliance Due to CMS by December 31, 2024
The Departments issued joint FAQ guidance related to compliance with the prohibition of “gag clauses” as required under the Consolidated Appropriations Act of 2021 (CAA). Specifically, the rules require plans and issuers to submit a compliance attestation no later than December 31, 2024 and then each year thereafter by December 31st.
WHO THIS APPLIES TO:
• Large employers with fully-insured and self-funded health plans
• Small employers with fully-insured and level-funded health plans
GO DEEPER: What is a gag clause and what is prohibited?
The CAA prohibits group health plans and insurance carriers from entering into agreements with providers, TPAs, or other service providers whose agreements include language that
would constitute a “gag clause,” specifically:
1. restrictions on the disclosure of provider-specific cost or quality of care information or data to referring providers, the employer plan sponsor, participants, beneficiaries, or enrollees, or individuals eligible to become participants, beneficiaries, or enrollees of the plan or coverage;
2. restrictions on electronic access to de-identified claims and encounter information or data for each participant, beneficiary, or enrollee upon request and consistent with the privacy regulations promulgated pursuant to section 246(c) of HIPAA, GINA, and the ADA; and
3. restrictions on sharing information or data described in (1) and (2), or directing that such information or data be shared, with a business associate, as defined in 45 CFR 160.103, consistent with applicable privacy regulations.
For example, if a contract between a TPA and a group health plan states that the plan will pay providers at rates designated as “Point of Service Rates,” but the TPA considers those rates to be proprietary and therefore includes language in the contract stating that the plan may not disclose the rates to participants, that language prohibiting disclosure would be considered a prohibited gag clause (would not be allowed).
As another example, if a contract between a TPA and a plan says that the employer’s access to provider-specific cost and quality of care information is only at the discretion of the TPA, that contractual provision would be considered a prohibited gag clause.
Self-insured employer plan sponsors and fully-insured carriers must ensure that their agreements with health care providers, networks or associations of providers, or other service providers offering access to a network of providers do not contain these or other provisions that violate the prohibition on gag clauses. However, a health care provider, network or association of providers, or other service provider may place reasonable restrictions on the public disclosure of this information.
What attestation is required?
In addition to ensuring agreements do not contain such gag clauses, ALL plans and issuers are required to submit a Gag Clause Prohibition Compliance Attestation (GCPCA) directly to CMS online at https://hios.cms.gov/HIOS-GCPCA-UI no later than December 31, 2024 and each year thereafter.
Will the carrier or TPA submit the GCPCA on the employer’s behalf?
Employers and advisors will need to confirm with carriers, service providers and TPAs on what level of assistance will be provided.
• Fully-insured group health plans: the plan sponsor and the insurance carrier are both required to submit the GCPCA each year by December 31st. However, a fully-insured plan sponsor may shift liability to the carrier through a written agreement.
• Self-funded and level-funded plans may satisfy the requirement to provide a GCPCA by entering into a written agreement under which the plan’s service provider(s) (such as a TPA, including an issuer acting as a TPA) will attest on behalf of the employer plan sponsor. However, even if the plan enters into an agreement with the TPA, the legal requirement to remove any gag clauses and provide an attestation rests on the plan sponsor.
Who is exempt?
Generally, plans consisting of only excepted benefits, HRAs and ICHRAs are not required to attest as these plans do not typically need to enter into agreement with providers. Instead, these arrangements are usually integrated with other medical coverage that is required to submit an attestation (e.g., HRAs integrated with group health plan and ICHRAs with individual medical coverage).
However, all group health plans regardless of size, funding strategy or grandfathered status must submit the required attestation.
What is the penalty?
The FAQ mentions that plans and issuers who fail to submit their GCPCA by the December 31st deadline may be subject to enforcement action, but no specific penalties are provided.
What are the changes to the 2024 Attestation Instructions (see Appendix 4.1)?
1. Selection for the “attestation year.”
2. Field for the “attestation period.”
3. Employer plan types expanded to include ERISA plans, non-federal governmental plans, and church plans.
4. The term “Reporting entity” changed to “Responsible Entity.”
5. Selections for “Responsible Entity” (ie, which entity is attesting)
6. Sections for types of provider agreements
7. Text box for submitter to enter “Other Limitations”
8. Modified language to remove forward-looking agreement actions.
9. Definitions added to the Appendix 4.2
10. Language added to accommodate date ranges and other information provided through the submission process.
Next steps for employers:
Many TPA service agreements include provisions requiring compliance with applicable law, which presumably would override any contrary existing provisions. Nonetheless, plan sponsors and advisors will need to review applicable agreements for gag clauses and remove them.
In addition, employers sponsoring fully-insured, level-funded or self-insured plans should be in contact with their service providers to understand what level of assistance they will be providing in submitting the GCPCA by December 31, 2024.
Instructions, templates and other information is provided on the CMS GCPCA website:
https://www.cms.gov/cciio/programs-and-initiatives/other-insurance-protections/gagclause-prohibition-compliance
Affordability Percentage Increased for Plan Years Beginning in 2025
On September 6, 2024, the IRS updated the affordability percentage to 9.02% (an increase from 8.39% in 2024) for plan years that start on or after Jan 1, 2025.
WHO THIS APPLIES TO:
• Applicable large employers (50+ FT plus equivalents) with fully-insured and self-funded health plans.
GO DEEPER: This percentage is used by applicable large employers to determine whether or not the employer’s coverage is considered affordable for that employee.
There are 3 affordability safe harbors an employer can use to determine whether or not coverage is “affordable” for a certain employee. The 3 safe harbor methods include:
1. Rate of Pay
2. W-2
3. Federal Poverty Level
As an example, an employee is offered employer-sponsored coverage that meets minimum value. For the 2025 calendar year, his employer will use the Rate of Pay safe harbor to set premium amounts for full-time employees. The lowest paid employees make $10 per hour. To use the Rate of Pay safe harbor, the employer would use 130 hours per month times $10 per hour (which is $1,300 per month).
In order to meet the affordability threshold in 2025, the employer would set the employee’s monthly premium cost that doesn’t exceed 9.02% of $1,300 (which is $117.26 per month). In 2024, the percentage threshold was 8.39%, which meant the most an employee making $10/hr could be charged for the lowest-cost plan was $109.07.
Thus, the employer will need to adjust the employer contribution to ensure the coverage remains affordable using the Rate of Pay safe harbor.
Note, plans that renew on 11/1/24 or 12/1/24 would need to use the 2024 affordability percentage, which is 8.39%, for the entire plan year. Therefore, an applicable large employer needs to decide which affordability safe harbor they will use and ensure premium contributions are designed properly before the plan’s start date, and NOT wait to figure it out during ACA reporting.
IRS Rev. Proc. 2024-35: https://www.irs.gov/pub/irs-drop/rp-24-35.pdf
New Notices Required for Employers Offering Fixed Indemnity Insurance
Employers offering hospital and other fixed indemnity benefits are required to provide a notice for plan years beginning on or after January 1, 2025 advising participants that the coverage is not comprehensive health coverage.
WHO THIS APPLIES TO:
• Large employers offering fixed indemnity benefits, specifically hospital indemnity policies
• Small employers offering fixed indemnity benefits, specifically hospital indemnity policies
GO DEEPER: Fixed indemnity benefits typically provide a flat cash amount following the occurrence of a health-related event, such as hospitalization or illness at a predetermined level regardless of claims incurred under the major medical plan. Examples include policies that pay a flat per occurrence/per diem dollar amount for critical illness, accident, travel accident or cancer.
Specifically, the new notice must be provided at the time, or before, participants have the chance to enroll or re-enroll in the benefits. The new notice applies to group hospital indemnity or other fixed indemnity insurance. So, while all types of fixed indemnity policies such as cancer, specified disease and accident plans are indeed subject to the final rules, they are not considered “hospital indemnity or other fixed indemnity insurance” strictly for purposes of the new notice.
Because fixed indemnity plans are subject to the final rules, but the notification requirement only applies to employers who provide hospital indemnity plans that pay a per day or per period benefit, the notice is only required for those providing hospital indemnity policies.
Thus, employers offering fixed hospital indemnity policies need to add the notice to open enrollment materials on the first page that discusses applicable hospital indemnity benefits beginning for the 2025 plan year.
The final rules provide a model notice (see page 75) https://www.govinfo.gov/content/pkg/FR-2024-04-03/pdf/2024-06551.pdf.
FAQ:
How do employers comply with the HIPAA Reproductive Health Care rules by December 23, 2024?
The primary changes imposed by the new HIPAA rules are:
• Prohibits the use or disclosure of PHI in particular circumstances where reproductive health care is legally sought, obtained, provided, or facilitated.
• Requires a health plan (or its business associates) to obtain a signed attestation that certain requests for PHI potentially related to reproductive health care are not for prohibited purposes.
• Requires health plans to modify their notice of privacy practices to support reproductive health care privacy.
From a health plan prospective, most PHI related to reproductive health care will remain in the hands of third-party administrators and insurance carriers. However, the new rules will require action on the part of employers with self-funded group health plans (or insured plans with access to PHI) by Dec. 22, 2024. In particular, employers will need to:
• Conduct HIPAA training to incorporate the new requirements.
• Revise HIPAA policies and procedures and BAAs.
• Update & distribute the new Notice of Privacy Practices (by February 16, 2026)
• Develop an attestation form
Note: Many employers with fully insured health plans are not required to maintain or distribute their own privacy notice, as this responsibility is primarily imposed on the health insurance issuer. However, fully insured health plans with access to PHI (other than enrollment and summary health information) would also have to comply with the above obligations.
Also, HHS provides model privacy notices for health care providers and health plans to use. It is expected that HHS will update its model notices to incorporate the new requirements for 2026.
However, at this time, new model notices haven’t yet been issued.