Compliance Considerations for moving from Fully-Insured to Self-Funded
December 12, 2022
Employers may choose self-funded group health plan coverage to obtain more flexibility with plan design and hopefully save some money. However, in doing so, there are additional responsibilities and considerations that generally do not apply for fully-insured plans. For a self-funded plan, the employer is responsible for funding plan claims with the help of a stop-loss carrier, and the employer will need a third-party administrator (TPA) to administer claims and payments. In addition, the employer will be more directly responsible for compliance. Most employers will rely heavily on their TPA to assist with compliance, but it remains the employer’s responsibility as plan sponsor to ensure that compliance is managed appropriately.
Below is an overview of many of the considerations and compliance requirements for self-funded plans. Keep in mind that level-funded (or partially self-funded) group health plans are generally considered to be self-funded group health plans. The topics discussed include the following:
|Funding & Administration||§105(h) Nondiscrimination Rules|
|ERISA||Employer Reporting (Forms 1094 & 1095)|
|COBRA||Essential Health Benefits – Benchmark Plans|
|HIPAA Privacy & Security||Mental Health Parity|
|PCORI Fees||Transparency Requirements|
Funding & Administration
For funding and administration, the employer will need to:
- Obtain actuarial determinations to discern appropriate plan costs for budgeting, setting employee contributions, and setting COBRA premiums.
- Select and contract with a stop-loss carrier.
- Select and contract with a TPA to coordinate processing and paying claims. Plan sponsors will have a choice of retaining claims determination authority or outsourcing to a TPA. Claim determination authority should be clearly described in plan documents.
- Determine whether the plan will be unfunded (claims paid from employer’s general assets, not segregated) or funded; if funded, a trust is required, and additional reporting is required via Form 5500, but very few employers other than public entities and union-based plans set up a funded plan.
- Put appropriate accounting and auditing procedures in place since the employer funds the plan. A formal plan audit is generally not required unless the plan is funded.
- Manage the plan in a manner that serves the best interests of the participants and the beneficiaries as required by ERISA.
Most employer-sponsored plans are subject to ERISA. ERISA requires plans to name fiduciaries (typically the plan administrator(s)), who are responsible for carrying out certain fiduciary duties in accordance with ERISA. Such duties include, among other things, setting and following plan terms such as benefit inclusions/exclusions, eligibility for coverage, and claims procedures. Fiduciaries are also responsible for the proper handling of funds (plan assets) and for adopting formal plan documents, providing participant disclosures (e.g., summary plan descriptions (SPDs), claims notices, and various group health plan disclosures), and reporting certain information to the government (e.g., Form 5500s).
Especially for employers offering a self-funded group health plan, the employer should consider its ERISA fiduciary duties as plan sponsor and administrator. The plan administrator has a fiduciary duty to administer the plan properly and in accordance with its governing documents, and to maintain compliance in doing so. This includes seeing that the plan is designed properly, claims are administered properly, necessary notices are properly distributed in a timely manner, required reporting occurs, and the plan generally complies with ERISA, COBRA, HIPAA, ACA, etc. In addition, from a financial perspective, it would include making prudent decisions not only about handling any plan assets for the exclusive benefit of plan participants, but also in the selection of any service provider or healthcare provider.
While a self-funded plan sponsor may have heightened fiduciary responsibilities, the plan will also qualify for ERISA preemption, allowing the plan to avoid having to comply with most state-level requirements such as insurance coverage mandates, eligibility rules, contribution requirements, continuation coverage, etc.
The TPA may provide a “benefits booklet” or coverage certificate that describes benefits provided by the plan, but the plan sponsor is usually responsible for the plan document and a summary plan description (SPD) for plans subject to ERISA.
An unfunded, self-funded plan with 100 or more participants is typically required to file only the main portion of the Form 5500 without any schedules. Most plans are unfunded, meaning plan costs are paid out of the employer’s general assets. On the other hand, if the plan is funded (i.e., assets segregated from the employer’s general assets, typically via trust or VEBA), then there are plan assets, which are subject to a higher level of scrutiny, typically requiring additional information to be reported (e.g., via Schedule C and Schedule H).
Self-funded plans offered by employers with 20 or more employees are subject to federal COBRA continuation. As mentioned above, due to ERISA preemption, self-funded plans are not subject to state continuation.
Self-funded plans may determine the COBRA premium based on: (i) reasonable actuarial estimates of costs for the current plan year; or (ii) based on the cost of providing coverage in the preceding year if coverage under the plan has not significantly changed. The calculation should generally include anticipated paid claims, plus administrative expenses, plus changes to reserves. The employer should use an accurate estimate of the expected plan costs, including administration costs, but should NOT use the maximum liability rate under their stop-loss arrangement (or charge from the level-funded carrier). COBRA rules indicate the applicable premium must be based on the anticipated cost of providing the benefit, not the employer’s maximum potential liability.
HIPAA Privacy and Security
Employers likely face an increase in HIPAA privacy and security compliance obligations for a self-funded plan because the employer will have more access to personal health information (PHI). Therefore, it is important to for the employer to have written privacy and security policies and procedures in place to protect the privacy of plan PHI. In addition, the employer/plan sponsor should perform and document a security risk assessment with respect to electronic PHI, and employees responsible for the management of benefit plans subject to HIPAA Privacy and Security Rules should be trained on HIPAA requirements and on the organization’s specific policies and procedures.
The employer is responsible for reporting and paying PCORI fees for self-funded plans. PCORI fees are reported and paid via Form 720, Line 133, by July 31st of the year following the end of the plan year.
§105(h) Nondiscrimination Rules
In addition to §125 nondiscrimination rules, which may already apply if the employer allows employees to contribute toward benefits on a pre-tax basis through a cafeteria plan, self-funded group health plans are subject to §105(h) nondiscrimination rules. Under §105(h) nondiscrimination rules, the plan may not structure eligibility, benefit coverage, or contributions in a manner that discriminates too much in favor of highly compensated individuals. For this purpose, highly compensated individuals include the 5 highest paid officers, >10% shareholders (if also employees), and the top 25% highest paid employees. §105(h) does not require that all benefits be offered identically for all employees, but there are tests that must be run that restrict how much benefits can vary between classifications of employees.
Employer Reporting (Forms 1094 & 1095)
All employers who offer self-funded group health plans, regardless of size, must report coverage information for all individuals (including employees, non-employees and their dependents) who are covered under the self-funded plan.
- Applicable large employers generally report coverage in Part III of Form 1095-C.
- Small employers (fewer than 50 FTEs) report coverage on Form 1095-B.
Employers offering self-funded group health plan coverage with employees who reside in California, Massachusetts, New Jersey, Rhode Island or DC must also submit coverage reporting to the applicable state agency.
Both federal and state coverage reporting is handled on a calendar year basis, even if the self-funded plan has a non-calendar plan year, and is due early in the year following the end of the calendar year.
Essential Health Benefits – Benchmark Plan
Under the ACA, plans are required to comply with certain requirements in regard to coverage of essential health benefits (10 categories including ambulatory patient services, emergency services, hospitalization, maternity and newborn care, mental health and substance use disorder services, including behavioral health treatment, prescription drugs, rehabilitative and habilitative services and devices, laboratory services, preventive and wellness services and chronic disease management, and pediatric services, including oral and vision care).
Self-funded plans are not required to coverage all essential health benefits, but if choosing to provide coverage for any of them, cannot place annual or lifetime dollar limits on such coverage. Essential health benefits vary from state to state, and a self-funded plan is permitted to pick any state’s benchmark plan for purposes of determining which coverage is prohibited from imposing a lifetime or dollar limit. Benchmark plan details for each state can be found on the CMS website.
Mental Health Parity
Group health plans are generally not required to offer mental health or substance use disorder benefits, except for small fully insured plans that are required to offer essential health benefits. However, group health plans that choose to offer mental health or substance use disorder benefits must satisfy the following requirements for such benefits:
- No lifetime or annual dollar limits, if any, lower than the limits placed on medical/surgical benefits;
- No financial requirement (i.e., deductibles or co-payments) or quantitative treatment limitation (i.e. annual visit limitation) that is more restrictive than those placed on medical/surgical benefits; and
- No non-quantitative treatment limitation (i.e., medical management standard limiting/excluding benefits) that is more restrictive than those placed on medical/surgical benefits.
For self-funded plans, the employer is primarily responsible for compliance with the mental health parity rules, although the TPA often plays a role in plan design and claims processing. Many employers select a plan design option from the TPA, and then it is recommended that the employer confirm that the TPA is aware of and designing the plan benefits in accordance with applicable coverage requirements. To the extent that the employer takes more liberties with the plan design, for example excluding or limiting coverage for certain claims, or adjusting cost-sharing measures), the employer should consider whether such adjustments comply with the mental health parity requirements. In addition, the employer should ensure that the TPA processes claims and provides required disclosures for claim denials and criteria for medical necessity determinations.
In addition to ensuring plan design and claims processing is handled in accordance with these rules, the plan is also required to prepare a comparative analysis documenting compliance for any non-quantitative treatment limitations (NQTLs). The analysis does not need to be submitted annually, but instead is completed and kept current in the employer’s files and provided if requested (e.g., by a federal or state agency, or by plan participants). Employers probably cannot complete this analysis on their own, but not all TPAs are willing to help prepare a comparative analysis or audit more generally for compliance with the mental health parity rules, in which case it may be necessary to obtain the help of an outside benefits consulting firm or law firm.
The Consolidated Appropriations Act (CAA) and the Transparency in Coverage Final Rule (TiC Final Rule) impose several new requirements on group health plans. For a self-funded plan, the responsibility of compliance lies with the employer as the plan sponsor. However, many of the requirements force employers to rely on their TPA and others to implement appropriate measures to comply with these new requirements.
The following is a checklist of the various transparency requirements to assist employers offering self-funded group health plans to consider which items the TPA will handle and which things the employer is responsible for handling on their own (or for finding another solution). It would also be appropriate to confirm what costs, if any, may apply for the TPAs assistance with the requirements described below.
- No Gag Clause in Provider Contracts – All gag clauses must be removed from relevant provider contracts. In addition, effective starting in 2022, carriers and health plans must submit an annual attestation of compliance with the prohibition on gag clauses in provider reimbursement contracts (there is no further guidance or a model attestation form yet available from the agencies for this requirement).
- ID Cards / Provider Directory Accuracy – ID cards must include additional required information, including deductible and copay details. In addition, accurate provider directory information must be available online and by telephone, and the information is required to be verified and updated at least every 90 days. If an individual is provided inaccurate information by the provider directory stating that the provider or facility was a participating provider or facility, the plan may apply cost-sharing only equal to or less than it would for a participating provider or facility and must count such cost-sharing amounts toward any in-network deductible or maximum OOP.
- Continuity of Care – When a provider or facility is no longer in-network or covered under the plan, participants must be permitted to continue care for up to 90 days under the same terms and conditions that were in place prior to the change in network or coverage.
- Health Plan Data (Machine-Readable Files) – Machine-readable files with reimbursement rates for: (i) in-network provider rates for covered items and services; and (ii) out-of-network allowed amounts for covered items and services must be posted on the plan’s public-facing website, or on a TPAs public-facing website if there is a written statement confirming that the TPA will do so. The machine-readable files must be updated monthly and clearly indicate the date the filed was last updated.
- Prescription (Rx) Drug Cost Reporting – The plan must submit a plan list file and 8 data files, along with narratives, containing certain information about the plan’s prescription drug and health care spending annually to CMS (the RxDC Report). The reporting is first required by December 27, 2022, and then is required annually in June thereafter. It is possible the information required for the RxDC Report will need to be gathered from several different sources (e.g., TPA, PBM, other vendors, employer), and that there may be multiple reporting entities involved in compiling and submitting data for the plan.
- Advanced Cost Estimate “Price Comparison Tools” – A price comparison tool, including estimates of cost-sharing for covered health care items and services from each provider, must be made available via a web-based tool as well as by phone or paper upon request. This requirement is effective for 500 items and services on January 1, 2023, and for all items and services on January 1, 2024.
Under the No Surprises Act, balance billing is prohibited for the following claims:
- Out-of-network emergency services;
- Out-of-network air ambulance services (not ground ambulance); and
- Non-emergency services by out-of-network providers for services performed at in-network facilities.
For such claims, the plan may only impose in-network cost-sharing, and claims incurred must count toward the plan’s in-network deductible and OOP max. In addition, the provider cannot balance bill participants for any additional amounts, although there is an exception if the provider obtains the participant’s consent to charge more for non-emergency out-of-network providers at an in-network facility. For the amount that cannot be billed to the participant, the provider and plan are responsible for negotiating and settling on a total payment amount from the plan to the provider. If they cannot reach an agreement, they can use the independent dispute resolution (IDR) process, unless the claim is subject to an All-Payer Model Agreement or state law.
For self-funded plans, this responsibility will largely be handled by the TPA on behalf of the plan, but the employer should check with the TPA to ensure the proper handling of claims, how pricing is set for such claims, the TPA’s willingness/ability to handle negotiations and enter into the IDR process when appropriate, and any costs associated with the TPA’s efforts.
Finally, plans are required to post a model notice on their public website and include the notice on each explanation of benefits (EOBs). For a self-funded plan, this will typically be handled by the TPA, but the employer should verify that this is being handled by the TPA on their behalf.
While every effort has been taken in compiling this information to ensure that its contents are totally accurate, neither the publisher nor the author can accept liability for any inaccuracies or changed circumstances of any information herein or for the consequences of any reliance placed upon it. This publication is distributed on the understanding that the publisher is not engaged in rendering legal, accounting or other professional advice or services. Readers should always seek professional advice before entering into any commitments.