From fostering a workplace culture centered on supporting the physical, emotional, career and financial wellbeing of employees, to ensuring that benefit programs are compliant with local, state and federal requirements, effectively protecting the wellbeing of your employees connects directly to protecting the wellbeing of your organization overall.

Compliance Connections delivers actionable guidance designed to help you manage and optimize the connections between the compliance of your benefits and human resources programs to overall organizational wellbeing. The Patient Protection and Affordable Care Act (ACA) and the Consolidated Appropriations Act, 2021 (CAA) have ushered in a flood of new transparency requirements for group health plans. The intent of these rules is to provide consumers with access to information on the cost of health care services before the consumer receives services, rather than after the provision of care.

Below, we explore action items to help you maintain compliance with this complicated area.

1. Tackle ID card requirements

For plan years beginning on or after Jan. 1, 2022, the CAA requires group health plans to include on health plan ID cards clear information about deductibles and out-of-pocket maximum limitations and a telephone number and website where enrollees can obtain additional information about their coverage. The requirement applies to insured and self-insured group health plans (both grandfathered and non-grandfathered), but does not apply to account-based plans (like health flexible spending accounts), excepted benefits, short-term, limited-duration insurance or retiree-only plans. Pending future rulemaking, health plans are expected to implement the ID card requirements using a good faith, reasonable interpretation of the statute. Although insurers (in the case of insured plans) and third-party administrators (TPAs) (in the case of self-insured plans), and potentially pharmacy benefit managers (PBMs) for carved-out pharmacy benefits, will provide the ID cards, the information requirement remains the plan sponsor's responsibility, so working with your insurers and TPAs to ensure compliance will be important. How have you ensured satisfaction of the ID card information requirements?

2. Be prepared for prescription drug reporting

The CAA requires group health plans to submit annually a Prescription Drug Data Collection (RxDC) report. The first report, which includes data for the 2020 and 2021 reference (i.e., calendar) years must be submitted by Dec. 27, 2022. Thereafter, reports must be submitted by June 1 of the calendar year immediately following the reference year. Information reported includes, among other things, the total number of participants, the states where the coverage is offered, the top fifty most frequently dispensed prescription drugs and the total number of paid claims for each drug, the top fifty most costly prescription drugs and the total amount spent on each drug, and the average monthly premium paid. Plans can contract with insurers, TPAs, PBMs or other third-party vendors to submit data on their behalf, but the plan ultimately remains responsible for the reporting. What information do you need to be prepared to submit the RxDC reports?

3. Enter into written agreements regarding submission of RxDC reports

For fully insured plans, insurers will likely report all required RxDC files. The rules allow plan sponsors to enter into written agreements with insurers obligating the insurer to submit the report. After entering into these written agreements, plan sponsors should seek confirmation from the insurer that the report has been submitted and request proof of submission for recordkeeping purposes. For self-insured plans though, the process is not as simple. Plan sponsors of self-insured plans (including level-funded plans) may enter into written agreements with TPAs and/or PBMs to report on behalf of the plan; however, self-insured plan sponsors remain liable for fulfilling the requirement. And, although TPAs and PBMs will likely report at least some of the files, they might not report all of them. Plan sponsors should confirm which of the files the TPA and/or PBM will report, obtain written confirmation of those obligations and retain proof of those submissions by the third parties for recordkeeping purposes. What written agreements should you procure for RxDC reports?

4. Take logistical steps to prepare to submit RxDC files where necessary

The RxDC reports consist of eight data files and one plan file. As mentioned above, for self-insured plans, although TPAs and PBMs will likely report some of the required RxDC report files, they might not report all of them. This leaves the reporting of those files to the plan sponsor. The reports are submitted in the RxDC Module of the Centers for Medicare & Medicaid's Health Insurance Oversight System (HIOS). To access HIOS, users first need to obtain their Enterprise Identity Management System (EIDM) credentials by registering through the EIDM secure authentication process. Once registered, these credentials will be used to access systems on the CMS Enterprise Portal, including HIOS. Only users who are authenticated with the EIDM procedures may access the HIOS system. Although the process is not overly complicated, it may be new to many plan sponsors and you may find you need guidance with the process. What supports do you have in place to prepare for RxDC submissions you may need to do on behalf of the plan?

5. Prepare to provide personalized cost-sharing information

Under the ACA, non-grandfathered group health plans must provide detailed personalized cost-sharing information. For plan years beginning on and after Jan. 1, 2023, plans must provide this information for 500 health care services specified in regulations, and for plan years beginning on and after Jan. 1, 2024, the requirement expands to all covered health services. Plans must provide seven elements of personalized cost-sharing disclosure content. This includes, among other things, an estimate of the amount the individual would be responsible for paying (including deductibles, coinsurance, and copays); the amount an individual has paid toward the deductible and out-of-pocket maximums as of the date of the request for information; the plan's negotiated in-network rate; and the maximum amount the plan will pay for a specific item or service from an out-of-network provider. The information must be given through an up-to-date and searchable self-service internet-based tool (available without a subscription or fee) and via paper. With the Jan. 1, 2023 deadline rapidly approaching, this should be in the forefront of plan sponsors' minds. What information and systems do you need to have in place to meet the personalized cost-sharing information requirement?

This is a preview edition of Compliance Connections, a monthly publication produced by Gallagher's Compliance Consulting Practice. For five more action steps, contact your Gallagher representative or visit our Compliance Resources page to subscribe and receive the full version of this publication each month.


Compliance is a series of actions, not a final destination. As a trusted advisor, Gallagher has developed this Compliance Connections series to help you pursue a path through employee benefits compliance issues as part of an overall continuing compliance plan. Plan sponsors should carefully evaluate their health and welfare plans to determine if they are in compliance with both federal and state law. If you have any questions about one or more of the compliance requirements listed above, or would like additional information on how Gallagher constantly monitors laws and regulations impacting employee benefits in order to support plan sponsors in their compliance efforts, please contact your Gallagher representative.