Compliance Recap | September 2024
September brought the due date for the Summary Annual Report, which summarizes the Form 5500 contents. Employers prepared to send out the required Medicare Part D Creditable Coverage letters to eligible participants and enrolled beneficiaries. The Departments released final rules on the MHPAEA NQTL analysis. California insurers are required to cover in vitro fertilization for large groups. The IRS released the 2025 ACA affordability percentage, and the DOL updated cybersecurity guidance for health and welfare plans.
Summary Annual Report Due
The Summary Annual Report (SAR) is a disclosure requirement under ERISA. The SAR acts as a narrative of the Form 5500 for employee benefit plans. It includes financial statements, funding requirements, and participants’ rights. The SAR must be provided to participants and enrolled beneficiaries within nine months after the end of the plan year, or two months after the due date for filing Form 5500.
Employer Considerations
Plan administrators can distribute the SAR using the following methods:
- By hand
- By mail
- In a company newsletter or other company publication for employees
- Electronically, but only if the participant has consented to electronic delivery and has the option to receive a paper copy upon request
All plan participants also have the right to request a copy of the SAR at any time.
Failing to distribute the SAR is a violation of ERISA regulations. However, there is no specific penalty for employers failing to provide the SAR as required. If a plan participant or beneficiary requests a copy of the SAR and doesn’t receive it within 30 days of that request, a fine of $110 per day until you provide the SAR may apply.
Medicare Part D Creditable Coverage Letters
The Medicare Modernization Act (MMA) mandates that organizations offering prescription drug coverage must inform their Medicare-eligible policyholders whether their coverage is considered creditable. This means that the coverage is expected to pay, on average, as much as the standard Medicare prescription drug coverage. There are two key disclosure obligations:
- Annual Written Notice: Each year, prior to October 15, organizations must provide a written disclosure notice to all Medicare-eligible individuals enrolled in their prescription drug plans. This includes active employees, their dependents, individuals on COBRA, disabled individuals, retirees, and their dependents. This notice is crucial for individuals to understand their options regarding Medicare Part D, especially since the MMA imposes a late enrollment penalty for those who do not maintain creditable coverage for 63 days or more after their initial Medicare enrollment period.
- Online Disclosure to the Centers for Medicare & Medicaid (CMS): Organizations are also required to complete the Online Disclosure to CMS Form to report the creditable coverage status of their prescription drug plan. This form must be submitted annually, no later than 60 days after the start of a plan year, or within 30 days of terminating a plan or changing the creditable coverage status. It’s important to note that this requirement does not apply to Medicare beneficiaries receiving the Retiree Drug Subsidy (RDS).
Employer Considerations
Because it is hard to know if covered spouses or dependents are Medicare-eligible, it is acceptable to provide the disclosure to all enrolled active employees, their dependents, individuals on COBRA, disabled individuals, retirees, and their dependents.
CMS has provided Creditable Coverage Model Notice Letters to notify eligible individuals whether their drug coverage is creditable or non-creditable.
Departments Release Final Rules on Implementing Mental Health Parity and Addiction Equity Act
On September 9, 2024, the U.S. Departments of Health and Human Services, Labor, and Treasury (collectively, “the Departments”) released final rules to implement the Mental Health Parity and Addiction Equity Act (MHPAEA). The rules clarify how health plans should evaluate mental health and substance use disorder (MH/SUD) benefits compared to medical and surgical (M/S) benefits. A key focus is on nonquantitative treatment limitations (NQTLs), which are criteria that can affect access to MH/SUD benefits. The new regulations require that health plans analyze these NQTLs and address any disparities that may exist.
This analysis must detail how NQTLs are applied to MH/SUD benefits versus M/S benefits. It includes identifying the relevant factors used to design these limitations, demonstrating comparability in both application and operation, and providing findings and conclusions. These requirements aim to ensure that MH/SUD benefits are accessible and equitable compared to M/S benefits.
Additionally, the final rules add new definitions for the following terms:
- “Evidentiary standards” are any evidence, sources, or standards that a plan or issuer considered or relied upon in designing or applying a factor with respect to an NQTL.
- “Factors” are all information, including processes and strategies (but not evidentiary standards), that a plan or issuer considered or relied upon to design an NQTL or to determine whether or how the NQTL applies to benefits under the plan or coverage.
- “Processes” are actions, steps, or procedures that a plan or issuer uses to apply an NQTL.
- “Strategies” are practices, methods, or internal metrics that a plan or issuer considers, reviews, or uses to design an NQTL.
The final rules also specify procedures for the Departments to request and review these comparative analyses. Plans must respond promptly to any requests, and if they do not meet the requirements, they will be given a chance to correct their submissions. In the case of noncompliance, plans must notify participants within a specified period, ensuring transparency and accountability.
Employer Considerations
These new rules will take effect for group health plans beginning on or after January 1, 2025, with some provisions applying as of January 1, 2026. In preparation, employers should review their health plans for compliance with existing MHPAEA requirements, ensure their comparative analyses are thorough, and work closely with their third-party administrators or service providers to fulfill these obligations. It’s essential for employers to stay informed and proactive to meet the new standards effectively.
The Department of Labor (DOL) offers an MHPAEA Self-Compliance Tool to assist employers with compliance in this area, including a section on NQTLs that outlines a process for conducting the comparative analysis.
California Insurers Required to Cover In Vitro Fertilization
California Governor Gavin Newsom has signed a law mandating that certain health insurers cover in vitro fertilization (IVF) for group health plans covering at least 100 people. The new law requires large group health plans to provide coverage for infertility diagnosis and treatment, including up to three egg retrievals and unlimited embryo transfers.
The law expands the definition of infertility to be more inclusive and will take effect in July 2025 for most beneficiaries.
2025 ACA Affordability Threshold Announced
On September 16, 2024, the IRS announced an adjustment to the affordability percentage for employer-sponsored health coverage under the Affordable Care Act (ACA). For plan years beginning in 2025, this percentage will increase to 9.02%, up from 8.39% for 2024. This increase allows applicable large employers (ALEs) to charge employees annual premiums that do not exceed 9.02% of their household income while still meeting the affordability criteria required by the employer shared responsibility mandate. If the coverage meets this standard, employees will not qualify for federally subsidized coverage through public exchanges.
The employer shared responsibility mandate holds ALEs accountable for offering minimum essential coverage (MEC) to at least 95% of their full-time employees. If an ALE fails to do so and an employee receives a premium tax credit through an ACA Marketplace, the employer may face penalties. For 2025, these penalties are set at $241.67 per employee per month, or $2,900 annually per employee, for not providing coverage, and $362.50 per employee per month, or $4,350 annually per employee, for offering coverage that is either unaffordable or does not meet minimum value requirements.
Employer Considerations
To assist employers in determining affordability, the IRS has established three safe harbor options, allowing employers to use alternative metrics instead of household income. These include using:
- The employee’s Form W-2 wages
- The employee’s rate of pay for 130 hours a month
- The federal poverty line (FPL) thresholds. For 2025, the employee contribution based on the FPL cannot exceed $113.20 per month in the mainland U.S.
Employers are encouraged to assess their ALE status, ensure their coverage meets affordability and minimum value criteria, and prepare for upcoming ACA information reporting requirements due in early 2025.The 2024 Privacy Rule is amended to strengthen protections for highly sensitive PHI
U.S. Department of Labor Updates Cybersecurity Guidance for ERISA Plans
The U.S. Department of Labor (DOL) has updated its cybersecurity guidance to clarify that it applies to all plans governed by the Employee Retirement Income Security Act (ERISA). This includes health and welfare plans, as well as various employee retirement benefit plans. The newly issued Compliance Assistance Release from the Employee Benefits Security Administration (EBSA) outlines best practices in cybersecurity for plan sponsors, fiduciaries, recordkeepers, and participants.
Key updates include guidance on how to select service providers with robust cybersecurity measures, best practices for implementing effective cybersecurity programs, and online security tips for participants accessing their retirement accounts. All ERISA-covered plans must adopt appropriate practices to protect participants and their beneficiaries from cyber threats and ensure the security of job-based benefits and personal information.
ERISA governs approximately 2.8 million health plans and nearly 765,000 private pension plans, affecting around 153 million individuals with assets totaling an estimated $14 trillion. The EBSA highlights that without adequate cybersecurity protections, sensitive information related to participants and their assets may be at risk of cyber-related crimes. The department continues to monitor compliance and encourages all plans to strengthen their cybersecurity practices in line with federal regulations, which require fiduciaries to take necessary precautions against these risks.
Employer Considerations
Given that cybersecurity has been an increasing concern as processes and platforms have increasingly moved to remote or electronic providers, plan fiduciaries should:
- Conduct a cybersecurity self-audit of internal practices and safeguards.
- Identify gaps in current plan sponsor and fiduciary practices.
- Review the Tips for Hiring a Service Provider and conduct an audit of current vendors and recordkeepers.
- Provide the Online Security Tips guidance to employees and plan participants.
- Document the steps taken to comply as part of the fiduciary governance process and oversight of health and welfare plans in addition to retirement plans.
Question of the Month
- Can an employee enrolled in Medicare contribute to a medical flexible spending account (FSA) or would it have to be a limited purpose FSA?
- The employee can contribute to an FSA. It does not have to be a limited purpose FSA.