A Compliance Newsletter by: The Baldwin Regulatory Compliance Collaborative (BRCC)
Welcome to the July 2023 issue of the Baldwin Bulletin – a monthly guide to important legal news and employee benefits-related industry happenings, designed to keep you abreast of the latest developments.
This month’s issue of the Baldwin Bulletin focuses on providing employers with important 2023 compliance deadlines, as well as certain compliance issues that potentially will have a significant impact on employers over the next several months.
Upcoming 2023 Compliance Deadlines
Employers must comply with numerous reporting and disclosure requirements throughout the year in connection with their group health plans. The attached Compliance Timeline explains key compliance deadlines for employer-sponsored group health plans for the months of August through December 2023. Please note the following upcoming July deadlines:
PCORI Fee Payment Reminder
The annual fee to fund the Patient-Centered Outcomes Research Institute (PCORI) is due on July 31, 2023. The fee is paid by filing IRS Form 720 (Quarterly Federal Excise Tax Return) and is based on the number of “covered lives” during the plan year. The fee per covered life depends on the plan year end date, as follows:
Plan year ended during: Fee per covered life:
January 1, 2022 – September 30, 2022 $2.79
October 1, 2022 – December 31, 2022 $3.00
Employer Action Items
Plan sponsors of self-insured plans are responsible for paying the annual fee. In this respect, they should consider the following:
- Determine self-insured health plans (including level-funded plans and HRAs integrated with fully insured medical plans).
- Calculate the PCORI fee using one of three permitted methods (described below).
- For health reimbursement accounts (HRAs) integrated with fully insured medical plans, calculate separate fee.
- Maintain records documenting the calculation and payment to substantiate enrollment count and method used.
For plan sponsors of fully insured plans, the PCORI fee is generally payable by the insurance companies; thus, no action is required on their part unless responsibility to do so has been transferred to them by the insurer.
One of the following methodologies may be used for determining the average number of covered lives under the plan for the plan year:
- The Actual Count Method. Under the Actual Count Method, the average number of covered lives is determined by adding the total of lives covered each day of the plan year and dividing by 365 or 366, as applicable.
- The Snapshot Method. Under the Snapshot Method, the average number of covered lives is based on the total number of covered lives on a particular date (or dates) in the first, second, or third month of each quarter, divided by the number of dates on which the count was made. An equal number of dates must be used for each quarter, and each date used must be within three days of the corresponding date in the other quarters under this method.
- The Form 5500 Method. Under the Form 5500 Method, for a plan that offers both self-only coverage and dependent (family) coverage, the average number of covered lives is based on the total number of participants covered at the beginning and the end of the plan year divided by two, per the Form 5500 (or Form 5500-SF) that was filed for the plan no later than July 31 following the end of the plan year being reported on.
The PCORI was established as the result of the Affordable Care Act (ACA). It is a nonprofit corporation designed to assist patients, clinicians, purchasers, and policymakers in making informed health decisions by advancing the quality and relevance of evidence-based medicine through the synthesis and dissemination of comparative clinical effectiveness research findings.
The annual PCORI fee is considered an excise tax that must be reported on IRS Form 720 for the second-quarter reporting period. It is due by July 31 of the year following the last day of the plan year being reported on. Payment is to be remitted along with the Form 720 filing, and the amount will vary depending on the plan year. Employers who sponsor self-insured plans are responsible for paying this fee, as are insurers of most fully insured policies.
Plans subject to the PCORI fee include plans sponsored by private employers, state and local governmental health plans, both grandfathered and non-grandfathered plans, retiree-only medical plans, HRAs, and health care flexible spending accounts (FSA) that are not excepted benefits under HIPAA. The fee is not assessed against excepted benefits under HIPAA, such as stand-alone dental and vision plans and most health care FSAs, as well as employee assistance, disease management, and wellness programs not providing significant medical care benefits, plans covering primarily employees working outside the United States, and stop-loss and reinsurance policies.
A plan sponsor is also able to treat multiple self-insured plans with the same plan year as a single plan for reporting and payment purposes. For example, a plan sponsor with a self-insured plan providing major medical benefits and a separate self-insured plan with the same plan year that provides prescription drug coverage may be considered as a single plan so that the same covered life under each plan is counted only once. Note, however, plan sponsors that have established a health reimbursement account (HRA) integrated with their fully insured medical plan may be subject to a separate PCORI fee assessment for that HRA.
For further information, including links to the final PCORI regulations, questions and answers regarding the PCORI Fee, a chart depicting the types of insurance coverage subject to the fee, and the recently updated Form 720, along with instructions, please visit the IRS website here.
IRS Memorandum Addresses Taxation of Wellness Benefits
On June 9, 2023, the Internal Revenue Service (IRS) Office of Chief Counsel released advice memorandum, CCA 202323006, indicating that wellness benefits paid under an employer funded, fixed-indemnity insurance policy are includable in the employee’s gross income (subject to FICA, FUTA and Federal income taxes) if the wellness benefit either doesn’t cost the employee anything, or because the cost of the activity is reimbursed by other coverage. This is the case regardless of whether the employer pays 100 percent for the coverage, or the employee pays for the coverage on a pre-tax basis through an Internal Revenue Code section 125 cafeteria plan.
For example, a $1,000 per month benefit under a fixed-indemnity health insurance policy paid to an employee participating in certain health or wellness activities, without regard to whether the employee has any unreimbursed health insurance expenses, would be includable in that employee’s taxable income and wages.
Employer Action Items
Employers who sponsor fixed-indemnity plans should review their taxation policies with respect to benefits paid thereunder, including wellness benefits, to confirm such benefits are properly accounted for in an employee’s gross income.
Summary of CCA 202323006
The IRS specifically addressed a fact situation in which an employer offered a fixed-indemnity health insurance plan, with a premium cost of $1,200 per month, in addition to comprehensive health coverage through a group health insurance policy.
The cost of the fixed-indemnity policy was paid by the employees on a pre-tax basis through the company’s Internal Revenue Code (Code) Section 125 cafeteria plan. Benefits paid under the plan include the following:
- A daily hospitalization benefit.
- A wellness benefit of $1,000 per month (limited to one monthly payment) if the employee participated in certain wellness or health related activities.
- No-cost wellness counseling, nutrition counseling, and telehealth benefits.
The wellness benefits were paid by the insurance company to the employer, which then paid the benefit to the employees through the payroll system.
The IRS concluded that the $1,000 monthly payment was taxable income to the employee because the employee was entitled to receive the benefit regardless of whether he or she had incurred any medical expenses in the process. Also, the employee did not have any unreimbursed medical expenses related to the wellness activity because either it didn’t cost the employee anything or the employee had previously been reimbursed for that cost by other health insurance coverage.
The CCA is not considered formal guidance and thus, cannot be relied on as precedent. However, it does provide valuable insight as to the IRS’ position on an issue. In fact, this is the fourth time in recent years that the IRS has addressed the taxability of wellness benefits. For links to previously issued IRS memoranda addressing this subject, please see CCAs 201622031, 201703013, and 201719025.
ACA Litigation Update
On June 13, 2023, the parties in Braidwood Management, Inc. v. Becerra, a Texas lawsuit challenging the Affordable Care Act (ACA)’s no-cost preventive services mandate, struck a tentative deal that would preserve the mandate while the case works its way through the courts.
On May 15, 2023, the 5th U.S. Circuit Court of Appeals had issued an administrative stay of enforcement of the U.S. District Court of the Northern District of Texas’ ruling back in March, which struck down the ACA’s preventive care coverage requirements based on an A or B rating by the U.S. Preventive Services Task Force (USPSTF) on or after March 23, 2010.
In exchange for a partial stay of a lower court’s ruling that invalidated the requirement, the Biden administration pledged not to penalize the employers who sued to overturn the mandate for refusing to cover services that they claim violate their religious beliefs — even if the ACA provision is held up on appeal.
Employer Action Items
No action by plan sponsors is necessary at this time. While it is uncertain whether the District Court’s ruling in the Braidwood case will be reversed or upheld by the 5th Circuit, the agreement means that the 5th Circuit’s enforcement stay will remain in effect pending the case’s appeal.
Thus, for now, non-grandfathered health plans and issuers should continue to cover, without cost sharing, the full range of preventive care services required by the ACA, including items or services that have an A or B recommendation by the USPSTF. The 5th Circuit is expected to issue a decision on the merits of the case by the end of 2023.
The ACA requires most health plans and issuers to cover a set of preventive services without imposing cost-sharing requirements when the services are provided by in-network providers. Among these are evidence-based items or services that have, in effect, a rating of A or B in the current recommendations of the USPSTF. A specific mandate addressed by the District Court ruling was the requirement to cover preexposure prophylaxis (PrEP) drugs used by persons at high risk of getting HIV. On June 11, 2019, the USPSTF released a recommendation for HIV PrEP for high-risk individuals, which requires plans and issuers to cover HIV PrEP without cost sharing for plan years beginning on or after June 30, 2020.
The District Court ruled that preventive care coverage requirements based on an A or B rating by the USPSTF on or after March 23, 2010, violate the U.S. Constitution. The court also ruled that the PrEP coverage mandate violates the plaintiffs’ rights under Religious Freedom Restoration Act. Accordingly, the District Court granted an injunction against the enforcement of those requirements and vacated all related agency actions.
On April 13, 2023, federal agencies issued FAQs regarding the impact of the District Court’s ruling on the ACA’s preventive care coverage requirement. These FAQs were issued before the 5th Circuit’s enforcement stay (discussed above) was issued.
On June 23, 2023, the IRS issued Notice 2023-37 in which the agency stated that items and services recommended with an “A” or “B” rating by the USPSTF on or after March 23, 2010, would continue to be treated as preventive care under the HSA eligibility rules regardless of whether they must be covered without cost sharing under the preventive services mandate. This part of the Notice is consistent with the above-referenced FAQs.
The agreement is available here.
Several pieces of legislation impacting employee benefits have been introduced in the House of Representatives and are currently working their way through Congress. The first two bills relate to an applicable large employer’s filing and furnishing requirements under Affordable Care Act (ACA)’s employer shared responsibility provisions reflected in Internal Revenue Code (Code) section 4980H, commonly referred to as “play or pay”. The third bill introduced relates to providing continued relief for stand-alone telehealth plans when the employee is not eligible for other health coverage provided through his or her employer.
Employer Action Items
No action is necessary at this time, other than to become familiar with the legislation and monitor these bills accordingly as they make their way through Congress.
The Employer Reporting Improvement Act, H.R. 3801, was introduced on June 5, 2023, and includes proposed changes to provide more flexibility in obtaining tax identification numbers (TIN) from participants. Should a filer be unable to obtain the TIN of the individual being reported on, their full name and date of birth may be used instead. However, keep in mind this would not apply to reporting for offers of coverage to full-time employees under Code section 6056, but only for the required reporting of enrollment under Code section 6055. If passed and signed into law, these changes would generally be effective for statements furnished and returns filed after December 31, 2024. H.R. 3801 also allows for advance consent for electronic delivery of Forms 1095-B and C to be in place, until revoked by the participant. Lastly, the legislation would give employers 90 days (rather than the current 30 days) to respond to a Letter 226-J received in the event of a proposed penalty assessment under Code section 4980H.
A somewhat related bill, the Paperwork Burden Reduction Act, H.R. 3797, would extend the permitted use of alternative furnishing methods to all Forms 1095-Bs and 1095-Cs. Currently Forms 1095-B and only Forms 1095-C that just report enrollment in Part III thereof, do not have to be furnished annually. If passed, these changes would apply to statements regarding returns for calendar years after 2023.
A third bill introduced is H.R. 824, the Telehealth Benefit Expansion for Workers Act of 2023. This legislation would permit employers to offer stand-alone telehealth services to all employees, including those who are eligible for coverage under their employer’s group health plan, but have opted-out of coverage.
FTC Proposes Amendments to Health Breach Notification Rule
The Federal Trade Commission (FTC) recently filed a Notice of Proposed Rulemaking and Request for Public comment (NPR) to strengthen and modernize the Health Breach Notification Rule (HBNR).
In the past, the FTC has taken the position that mobile health applications that are not covered by the Health Insurance Portability and Accountability Act (HIPAA) are covered by the HBNR. The FTC’s proposed amendments to the HBNR attempt to include “unauthorized disclosure” in the definition of “breach of security,” and bring “websites” and “mobile applications” into the scope of the law, consistent with the FTC’s recent enforcement actions. The FTC also proposes that electronic banners (i.e., cookie banners) can be used to notify individuals of a “breach of security.”
Employer Action Items
HIPAA covered entities and business associates should pay close attention to the proposed changes. If these amendments are passed, the appropriate changes should be incorporated into their breach notification procedures.
The HBNR was first implemented in 2009 in response to the anticipated proliferation of online personal health record (PHR) services that offered to store a user’s digital medical records. Since such services are not typically covered by HIPAA and its breach reporting obligations, the HBNR was meant to fill this void. The FTC is demonstrating a renewed commitment to protecting consumers’ digital health information, but the agency has struggled to apply the HBNR to newer digital health platforms that are often used on smart phones and utilize technologies, including sophisticated user tracking, that did not exist in 2009. In September 2021, the FTC issued a policy statement affirming that health apps and connected devices that collect or use consumers’ health information must comply with the HBNR, but many observers noted the agency’s strained interpretation of the original rule. Below are the summarized proposed amendments to the HBNR:
- Revising definitions to clarify the rule’s application to health apps and similar technologies not covered by HIPAA. This includes modifying the definition of “PHR identifiable health information” and adding two new definitions for “health care provider” and “health care services or supplies”.
- Revising the definition of “PHR related entity”. For example, it makes clear that only entities that access or send unsecured PHR identifiable health information to a personal health record — rather than entities that access or send any information to a personal health record — qualify as PHR related entities.
- Clarifying that a “breach of security” under the rule includes an unauthorized acquisition of identifiable health information due to a data security breach or an unauthorized disclosure.
- Clarifying what it means for a personal health record to draw PHR identifiable health information from multiple sources.
- Authorizing the expanded use of email and other electronic means of providing clear and effective notice of a breach to consumers.
- Expanding the required content that should be provided in the notice to consumers.
- Improving the rule’s readability and promoting compliance.
The FTC proposed rule is available here.
Question of the Month
Question: What exactly is the gag clause attestation requirement under the Consolidated Appropriations Act, 2021 (CAA), as incorporated into Internal Revenue Code (Code) section 9824, ERISA section 724, and the Public Health Service Act section 2799A-9?
Answer: A gag clause in this context, is a contractual term that directly or indirectly restricts specific data and information that a plan or issuer can make available to another party. Specifically, under the transparency provisions of the CAA, group health plans and health insurance issuers offering group health insurance coverage are prohibited from entering into an agreement with a health care provider, network or association of providers, third-party administrator (TPA), or other service provider offering access to a network of providers that would directly or indirectly restrict a plan or issuer from:
(1) disclosing provider-specific cost or quality of care information or data to referring providers, the plan sponsor, participants, beneficiaries, or enrollees, or individuals eligible to become participants, beneficiaries, or enrollees of the plan or coverage.
(2) limiting or preventing electronic access to de-identified claims and encountering information or data for each participant, beneficiary, or enrollee upon request and consistent with the privacy regulations promulgated pursuant to the Health Insurance Portability and Accountability Act (HIPAA), the Genetic Information Nondiscrimination Act, and the Americans with Disabilities Act.
(3) Sharing information or data described above in (1) and (2), or directing that such information or data be shared, with a business associate, as defined in HIPAA consistent with applicable privacy regulations.
Accordingly, fully-insured and self-insured health plans (including group health plans subject to ERISA, non-Federal governmental plans, and church plans subject to the Code), both grandfathered and grand mothered health plans, as well as health insurance issuers, must annually submit to the Departments of Labor, U.S. Treasury, and Health and Human Services (collectively, Departments) an attestation that the plan or issuer is in compliance with Code section 9824, ERISA section 724, and PHS Act section 2799A-9, as applicable. This is referred to as the Gag Clause Prohibition Compliance Attestation. Health plans may contract with the health care issuer, TPA, or other service provider, as applicable, to attest on their behalf by entering into an agreement. However, with respect to self-insured plans, the legal responsibility for timely compliance ultimately rests with the health plan.
The first such attestation is due to the Departments no later than December 31, 2023, covering the period beginning December 27, 2020, or the effective date of the applicable group health plan or health insurance coverage (if later), through the date of attestation. Subsequent attestations, covering the period since the last preceding attestation, are due by December 31 of each year thereafter.