Preauthorization of benefits is a routine but vital part of the managed care system. It is a vehicle through which ERISA-governed health benefit plans (both plans that are self-funded by employers and plans that are fully insured by health insurers) maintain and promote the delivery of quality and affordable care, by ensuring that non-participating, also known as out-of-network (OON), providers deliver only services that are medically necessary.

Because OON providers typically charge rates that are either not negotiated in advance of treatment or are simply unknown, many ERISA-governed health benefit plans require preauthorization as a condition of coverage of OON services. Preauthorization, however, is not the only requirement for coverage of an OON provider’s services. Before the claim administrator of a health benefit plan can determine the appropriate reimbursement for charges billed by an OON provider, the administrator must also undertake a host of additional assessments relevant to a coverage determination—assessments that can only be performed after services are rendered and billed because they depend not only upon what services were performed, but also upon how the provider billed those services (and their specific components), and what the patient-beneficiary’s governing health plan requires for purposes of accepting and reimbursing the billed charges. These aspects of claim administration include, but are not limited to, evaluating which billed services (or, really, claim lines) were necessary for the approved treatment, whether the charges were correctly coded on the provider’s claim, whether the charges were correctly bundled on the provider’s claim, the appropriate reimbursement rate for each necessary service, and the patient’s cost-share. Put another way, a host of independent coverage-related variables exist between the moment of a preauthorization and the moment a reimbursement check issues. The existence of these variables prevents many essential coverage determinations from being made until after a preauthorized service has been rendered and the provider’s charges have been submitted for reimbursement. Thus, while preauthorization is a critical precondition that must be satisfied before a plan beneficiary can obtain coverage for OON services, ERISA-governed health plans contain a number of terms (which administrators have a fiduciary duty to follow) that may nonetheless result in denial of coverage for reasons independent of any determinations made during the preauthorization process.

Even though preauthorization is not designed to establish an independent contractual relationship, OON providers and their counsel have increasingly petitioned state and federal courts nationwide to turn preauthorizations into independent contractual commitments between the OON provider and the plan’s claims administrator to pay for all services billed for a preauthorized treatment, irrespective of the ERISA-governed plan’s terms of coverage or the administrator’s discretion to interpret and apply those terms. This argument was recently rejected by both the Ninth Circuit and the Second Circuit.

In Bristol SL Holdings, Inc., an OON provider’s successor-in-interest sued a health benefit plan administrator seeking to recover denied reimbursements on the theory that the OON provider’s preauthorization communications with the administrator created independent contractual obligations. Rejecting the OON provider’s theory, the Ninth Circuit Court of Appeals observed that preauthorization is a common condition to coverage of out-of-network services, and that preauthorization necessarily “entail[s] some form of communication between the plan administrator and the provider, through which the plan administrator relays the patient’s eligibility for benefits.”

The Ninth Circuit thus recognized that, as a practical matter, “the context for” a preauthorization call is to determine “whether reimbursement [i]s available under the ERISA plan[,]” not to secure a contractual commitment from a claim administrator on a specific payment amount:

By [the OON provider]’s theory of state contract law liability, however, every time a plan administrator verifies plan coverage in standard pre-treatment calls, but then later denies reimbursement …, the insurer would be legally bound to make payment based on the earlier call. That obligation would be at odds with the way ERISA plans operate, because reimbursement under a plan is ultimately contingent on information and events beyond the initial verification and preauthorization communications.

The Ninth Circuit’s understanding of the operation of the managed care system and ERISA’s application to that system is important. Bristol SL Holdings was, at its core, an invitation by OON providers to the Ninth Circuit to force upon claim administrators a black-and-white choice that risked unraveling the managed care system and its ERISA-secured protections: either abandon preauthorization requirements or risk contractual liability for preauthorized claims irrespective of the terms and conditions of a patient’s health benefit plan. As the Ninth Circuit observed, either outcome is legally untenable:

[P]lan administrators typically cannot determine [reimbursements] until after services have been preauthorized, rendered, and submitted for reimbursement. Subjecting plan administrators to the prospect of binding contracts through pre-treatment calls would thus risk stripping them of their ability to enforce plan terms that cannot be applied prior to treatment, whether related to fee-forgiving or otherwise. The resulting Catch-22—that administrators must abandon either their plan terms or their preauthorization programs—is the kind of intrusion on plan administration that ERISA’s preemption provision seeks to prevent.  …

[I]f providers could use state contract law to bind insurers to their representations on verification and authorization calls regardless of plan rules on billing practices, benefits would be governed not by ERISA and the plan terms, but by innumerable phone calls and their variable treatment under state law. This is the type of discordant regime that “ERISA’s comprehensive pre-emption of state law was meant to minimize.” Shaw v. Delta Air Lines, Inc., 463 U.S. 85, 105 n.25, (1983).

 Rejecting the OON provider’s invitation to transform routine preauthorization calls into independent contractual commitments, the Ninth Circuit declared that the OON provider’s breach of contract and promissory estoppel claims were expressly preempted by ERISA because they were premised upon the existence of health benefit plans, unduly intruded upon central matters of plan administration, and impermissibly interfered with nationally uniform plan administration.

Just three days later, the Second Circuit reached a similar conclusion in Park Ave. Podiatric Care, wherein the Court ruled that ERISA expressly preempted an OON provider’s claims that its preauthorization communications formed an oral contract with a claim administrator completely independent of the terms of a patient’s ERISA-governed plan. Recognizing a number of themes similar to those implicated in Bristol SL Holdings, the Second Circuit Court of Appeals declared: “[A]ny legal duty Cigna has to reimburse [the OON provider] arises from its obligations under the patient’s ERISA plan, and not from some separate agreement or promise” allegedly entered in the preauthorization process.  

In Bristol SL Holdings and Park Ave. Podiatric Care, both the Ninth and the Second Circuit recognized that permitting state common law to dictate the design and administration of ERISA-governed health benefit plans subjects those plans to a morass of conflicting state rules that would defeat Congress’s central objective in enacting ERISA: provision of a single, uniform national scheme for plan administration. This interference violates ERISA’s express preemption statute, 29 U.S.C. § 1144(a). As rulings on issues of first impression within the Ninth and Second Circuits, Bristol SL Holdings and Park Ave. Podiatric Care, are important decisions that will substantially limit, if not outright bar, OON providers from establishing contractual liability merely because an ERISA-governed health benefit plan engaged in routine preauthorization processes.

In Hawkins, two former Cintas Corporation employees filed suit in the U.S. District Court for the Southern District of Ohio alleging that the company, its board of directors and its investment committee violated ERISA § 502(a)(2) by breaching their fiduciary duties of loyalty and prudence in managing the company’s retirement plan. 

Both of the named plaintiffs previously entered into multiple employment agreements with Cintas each of which contained provisions that (1) obligated the named plaintiffs to arbitrate “claims arising out of or in any way related to [their] employment with [Cintas], such as rights or claims arising under … [ERISA],” and (2) precluded the named plaintiffs from asserting “class action or representative claims” and barred them from  seeking “to represent the interests of any other person.” Hawkins, 2022 WL 1236954, at *2. Relying on these contracts, Cintas moved to compel arbitration and to stay the federal proceedings, arguing that the plaintiffs’ employment agreements covered their ERISA § 502(a)(2) claims.

The district court judge denied both motions, concluding that the action was brought on behalf of the Plan, and it was therefore irrelevant that the plaintiffs had consented to arbitration through their employment agreements. “Because the Plan itself did not consent, the court reasoned, the matter was not subject to arbitration.” Hawkins, at *3.

The Sixth Circuit affirmed on the facts before it, and without reaching the issue of whether Section 502(a)(2) claims are per se arbitrable under individual employment agreements. Hawkins, at *8 (“while we need not decide whether a § 502(a)(2) claim could ever be covered by an individual employment agreement’s arbitration provision, we hold that these Plaintiffs’ claims are not covered by the employment agreements in this case.”). 

Notably, the Sixth Circuit suggested that “Cintas could amend the plan documents to include an arbitration provision, which might accomplish the … goal” of arbitrating Section 502(a)(2) claims, but left open the ultimate question of “whether an arbitration provision in the plan documents would subject § 502(a)(2) claims to arbitration.” Hawkins, at *9. In this regard, the Sixth Circuit’s ruling in Hawkins stops short of the Ninth Circuit’s ruling in Dorman v. Charles Schwab Corp., 780 F. App’x 510, 514 (9th Cir. 2019) that a plan can consent to and enforce arbitration of ERISA § 502(a)(2) claims in plan documents (see our previous discussion of Dorman here).

Read in conjunction, Hawkins and Dorman indicate that an effective practice for plans wishing to arbitrate all ERISA Section 502 claims may be to expressly consent to arbitration within plan documents. Absent such consent, defendants run the risk of inadvertently excluding from arbitration derivative and representative claims under Section 502(a)(2).

In an issue of first impression at the Circuit Court level, Mayer held that California’s statutory ban on discretionary clauses in insurances, Cal. Ins. Code § 10110.6(a), applies only to claims by California residents, and does not extend to claims by non-California residents under any circumstance—even under policies delivered in California.

Section 10110.6(a) states in pertinent part: “If a policy… offered, issued, delivered, or renewed, whether or not in California, that provides or funds life insurance or disability insurance coverage for any California resident contains a provision that reserves discretionary authority to the insurer, … that provision is void and unenforceable.”

In Mayer, a New York resident insured under a policy delivered in California argued that § 10110.6(a) voided all grants of discretion in any group policy delivered in California that provides benefits to even one California resident. The Second Circuit rejected this argument, holding that “it would raise concerns under the Commerce Clause of the U.S. Constitution because it would allow for the application of a state statute to commerce that takes place wholly outside of the State’s borders, whether or not the commerce has effects within the State.” Mayer, 9 F.4th at  85 (internal quotation marks and citations omitted).

The Second Circuit further observed that, “[i]n addition to the constitutional concerns,” adoption of the “expansive interpretation of § 10110.6(a)” advanced by the insured would also “‘undermine the significant ERISA policy interests of minimizing costs of claim disputes and ensuring prompt claims-resolution procedures’ because the standard of review applicable to a given claimant would depend on the residence of any other person insured under the policy, assuming one might be from California.” Mayer, 9 F.4^th at 86 (quoting Locher v. Unum Life Ins. Co. of Am., 389 F.3d 288, 295 (2d Cir. 2004)); see also id. (citing Varity Corp. v. Howe, 516 U.S. 489, 497 (1996)).

Separately, resolving  an issue of first impression in the Second Circuit, the Mayer Court held that subsection (h)(4) of the old version of the ERISA claims-procedure regulation (29 C.F.R. § 2560.503-1) which governed claims filed prior to April 1, 2018, does not require claim administrators to provide claimants with documents considered for the first time during an administrative appeal while the appeal is still under review and in advance of a final determination. In so holding, the Second Circuit overruled Hughes v. Hartford Life & Accident Ins. Co., 368 F. Supp. 3d 386 (D. Conn. 2019), and joined ranks with the Third,  Fifth, Sixth, Eighth, Tenth, Eleventh, and D.C. Circuits.

The plaintiff in Ruderman filed a claim for long-term disability following a cycling accident in July 2011. Liberty accepted and paid the plaintiff’s claim through September 2017, at which time benefits terminated on the basis that the plaintiff failed to demonstrate that she remained disabled under terms and conditions of the governing policy. The plaintiff administratively appealed Liberty’s decision.

On September 10, 2018, Liberty sent the plaintiff a letter to inform her that it had reversed its decision to terminate her benefits. Then, on September 11, 2018, Liberty sent the plaintiff a second letter to inform her that her updated medical records did not support a finding of neurocognitive impairment (i.e., physical condition), but rather supported a finding of a mental health impairment (i.e., a mental/nervous condition) as of July 2018 forward. This reclassification of the plaintiff’s health status meant that her disability benefits would be capped at eighteen months from July 2018.

Liberty continued to pay disability benefits to the plaintiff through December 2019 (i.e., the maximum eighteen month period). On December 3, 2019, Liberty notified the plaintiff that her benefits would terminate on December 30, 2019, in accordance with the policy’s mental/nervous limitation, and that she had 180 days to administratively appeal the termination of her disability benefits. The plaintiff did not file an administrative appeal, and instead commenced a lawsuit against Liberty in August 2020.

Liberty moved to dismiss the plaintiff’s complaint for, among other things, failing to exhaust administrative remedies. In opposition to Liberty’s motion, the Plaintiff challenged that Liberty failed to comply with the ERISA claims procedures regulation, 29 C.F.R. § 2560.503–1, because its September 11, 2018 letter was “an adverse benefit determination,” id. §  2560.503–1(m)(4)(i), and did not contain “a statement of the claimant’s right to bring a civil action.” Id. § 2560.503–1(g)(1). According to the plaintiff, Liberty’s September 11, 2018 reclassification letter “unilaterally changed the scope of her benefits … as a subterfuge to avoid the consequences of the very appeal that she just won, literally the day before.” “[I]f an appeal was required,” the plaintiff argued, Liberty should have “apprised of her ERISA rights” on September 11, 2018, when her health status was reclassified in such a way as to limit the maximum benefits available to eighteen months.

Both the District Court and the Second Circuit rejected the plaintiff’s argument, ruling that the September 11, 2018 “letter ‘did not qualify as a denial, reduction, or termination of benefits’ requiring notice of the right to appeal” under the ERISA claims procedures regulation. Ruderman, 2022 WL 244086, at *3 (citing Ruderman v. Liberty Mut. Grp., Inc., No. 1:20-CV-945, 2021 WL 827693, at *4 (N.D.N.Y. Mar. 4, 2021)). See also 29 C.F.R. § 2560.503-1(m)(4) (“The term ‘adverse benefit determination’ means … [a] denial, reduction, or termination of … a benefit”).

According to the Second Circuit, the September 11, 2018 “letter announced [the plaintiff’s] new disability classification and provided a termination date for benefits based on that disability … follow[ing] [Liberty’s] initial termination of her long-term disability benefits and subsequent reversal of that decision. As a result, the letter did not mark a ‘reduction’ of her benefits but rather a continuation of her benefits under a different classification.” Ruderman, 2022 WL 244086, at *3.

Regulatory compliance challenges like that presented in Ruderman have are a common feature of ERISA litigation in the Second Circuit in light of its seminal ruling in Halo v. Yale Health Plan, Dir. of Benefits & Recs. Yale Univ., 819 F.3d 42 (2d Cir. 2016). Ruderman offers practical insight and analysis in one aspect of ERISA claims procedures litigation, by confirming that an administrator’s decision to reclassify a claimant’s health status while a claimant is receiving disability payments is not an “adverse benefit determination,” even when such a decision limits maximum benefits available to a claimant.

According to the Court’s order, the DOL’s investigation of Alight began back in July 2019 based in part on its discovery that Alight had processed unauthorized distributions from its ERISA plan clients’ accounts as a result of cybersecurity breaches and, further, had failed to promptly report the breaches and restore the unauthorized distributions to the affected accounts. DOL’s subpoena sought documents on a number of topics, including Alight’s cybersecurity policies, procedures, assessment reports, and training of its workforce; its business continuity plans pertaining to information security; and communications or other documents regarding any cybersecurity incident pertaining to its ERISA plan clients, dating back to 2015.

The Court began its analysis by noting that the broad subpoena power permits DOL to “investigate merely on suspicion that the law is being violated, or even just because it wants assurance that it is not.” Alight nevertheless argued that the subpoena power extends only to ERISA fiduciaries and, as a non-fiduciary, it was not required to respond to the subpoena. The Court flatly rejected that argument, concluding that nothing in the relevant statute or caselaw supported such a claim. Alight also contended that the document requests in the subpoena were “too indefinite.” The Court did not find any of them to be so indefinite that Alight should be relieved of its compliance obligation. In addition, Alight objected to many of the requests on the ground that they sought information not relevant to the investigation, but the Court rejected this argument as well.

Alight further claimed that compliance with the subpoena would be unduly burdensome, requiring “thousands of hours of work just to identify potentially responsive documents” in addition to the time and expense that outside counsel would incur in reviewing, redacting, and producing the materials. Even after the DOL modified the requests to address some of Alight’s concerns, Alight still asserted that the subpoena would require it to pull, review, and produce potentially tens of thousands of documents related to its ERISA business. Weighing the relevance of the requests against the burden on Alight, however, the Court found the balance favored the DOL.

The decision, coming on the heels of the DOL’s detailed April 2021 guidance on cybersecurity for benefit plans and service providers, illustrates that information security continues to be a significant area of concern for the DOL. Indeed, many of the document requests in the subpoena mirror those addressed in the guidance, and the DOL now regularly requests the information in plan audits. Plan service providers and fiduciaries therefore are well advised to review the DOL’s guidance and their cybersecurity practices. For additional information, see the August 6, 2021 post in our ERISA Claim Defense Blog, “Department of Labor Focuses on Cybersecurity for Benefit Plans.”

Medicare and Medicaid already prohibit surprise billing/balance billing, and the NSA extends this protection to patients insured through employer-based and individual health plans. The NSA applies to fully insured and self-insured group health plans, including grandfathered plans, but they do not apply to excepted benefits (such as limited-scope dental and vision plans, and most health flexible spending arrangements), or to health reimbursement arrangements.

To be considered, written comments to the IFR must be received by 5 p.m. on September 7, 2021. If the agency is persuaded by any of the comments and so chooses, the rule can be amended in light of those comments.

Effective Dates

The NSA will take effect on or after January 1, 2022  for group health plans, health insurance issuers of group or individual health coverage for plans/policies, and Federal Employees Health Benefits (FEHB) Program carriers.

For health care providers, facilities, and providers of air ambulance services, the NSA will take effect on January 1, 2022.

What are Surprise Medical Bills (Balance Bills)?

“Balance billing” refers to the practice of nonparticipating (out-of-network) providers billing patients for the difference between: (1) the provider’s billed charges; and (2) the amount collected from the plan or issuer plus the amount collected from the patient in the form of cost sharing (such as a copayment, coinsurance, or amounts paid toward a deductible). Surprise medical bills can arise from both emergency and non-emergency situations.

Background

Under the Affordable Care Act (ACA) enacted in March 2010, if a non-grandfathered group health plan or health insurance issuer offering non-grandfathered group or individual health insurance coverage provides any benefits with respect to emergency services in an emergency department of a hospital, the plan or issuer must cover emergency services without the individual or the health care provider having to obtain prior authorization and without regard to whether the health care provider furnishing the emergency services is an in-network provider with respect to the services. The plan or health insurance issuer may not impose any administrative requirement or limitation on benefits for out-of-network emergency services that is more restrictive than the requirements or limitations that apply to in-network emergency services.

The Affordable Care Act did not prohibit balance billing and did not apply to grandfathered plans.

Under the Departments’ final regulations published in the Federal Register on November 18, 2015 (Patient Protections Final Rule), a plan or issuer satisfies the minimum payment standards for out-of-network emergency care in the ACA if it provides benefits for out-of-network emergency services in an amount at least equal to the greatest of the following three amounts: (1) the median amount negotiated with in-network providers for the emergency service; (2) the amount for the emergency service calculated using the same method the plan generally uses to determine payments for out-of-network services (such as the usual, customary, and reasonable (UCR) amount); or (3) the amount that would be paid under Medicare Part A or Part B for the emergency service.

If state law prohibits balance billing, or in cases in which a group health plan or health insurance issuer is contractually responsible for balance billing amounts, plans and issuers are not required to satisfy the minimum payment standards set forth in the regulations, but may not impose any copayment or coinsurance requirement for out-of-network emergency services that is higher than the copayment or coinsurance requirement that would apply if the services were provided in-network. See 26 CFR § 54.9815-2719A(b)(3)(iii); 29 CFR § 2590.715-2719A(b)(3)(iii); 45 CFR §147.138(b)(3)(iii); FAQs about Affordable Care Act Implementation (Part I), Q15 (Sept. 20, 2010), available here and here.

Prior to the enactment of the NSA, these minimum payment standards were the only federal consumer protections to reduce potential amounts of balance billing for individuals enrolled in group health plans and group and individual health insurance coverage.

What Types of Services Does the NSA Cover?

The IFR implements provisions of the NSA protecting patients from surprise billing for:

• emergency services (out-of-network emergency services must be billed at the same rate as in-network services without prior authorization);
• out-of-network air ambulance services; and
• non-emergency services rendered by out-of-network providers at facilities that are in the patient’s network in certain circumstances (also known as ancillary care).

Notice and Consent Exception

As a general matter, non-participating providers covered by the IFR (including non-participating emergency facilities and non-participating providers for emergency service, non-participating providers in participating facilities, and non-participating air ambulance providers) may not balance bill patients for a payment amount that exceeds the patient’s cost share.

A patient may voluntarily consent to an out-of-network provider’s rates, thus agreeing to a balance bill, but the ability of a provider to seek a consent waiver from a patient is limited. Providers can only ask a patient to sign a consent waiver for non-emergency services. Even for non-emergency services, providers are prohibited from asking for a consent waiver if: (1) the facility does not have an in-network provider; (2) the care needed is unforeseen and urgent; (3) the provider delivers ancillary services not typically selected by the patient (e.g., services provided by assistant surgeons, hospitalists, and intensivists; diagnostic services, including radiology, anesthesiology and laboratory services).

Definitions

“Emergency services” include:

• pre-stabilization services that are provided after the patient is moved out of the emergency department and admitted to a hospital, and
• post-stabilization services unless all of the following conditions are met:

(1) the attending emergency physician or treating provider must determine that the patient is able to travel using nonmedical transportation or nonemergency medical transportation to an available participating provider or facility located within a “reasonable travel distance”, taking into consideration the individual’s medical condition. (45 CFR § 149.410(b)(1));

(2) the provider or facility furnishing post-stabilization services provides written notice;

(3) the patient must be in a condition to receive the information in the notice (45 CFR § 149.410(b)(3)) and to provide informed consent in accordance with applicable state law.  Whether an individual is in a condition to receive the information in the notice is determined by the attending physician or treating provider using appropriate medical judgment;

(4) the provider or facility must satisfy any additional requirements or prohibitions as may be imposed under applicable state law. The IFR includes this criterion recognizing that some state laws do not permit exceptions to state balance billing protections, such as allowing individuals to consent to waive protections. Thus, states may impose stricter standards by which post-stabilization services will be exempted from the surprise billing protections under the IFR, or states might not permit exceptions at all. (45 CFR § 149.410(b)(5)).

The Departments seek comment on the definition of “reasonable travel distance.”

Under the IFR, “emergency services” provided at an emergency department of a hospital and at an urgent care center fall under the NSA if the urgent care center is properly licensed by the state to provide emergency care.

The term “emergency medical condition” means a medical condition manifesting itself by acute symptoms of sufficient severity (including severe pain) such that a prudent layperson, who possesses an average knowledge of health and medicine, could reasonably expect the absence of immediate medical attention to result in a condition described in the Emergency Medical Treatment and Labor Act (EMTALA), including: (1) placing the health of the individual (or, with respect to a pregnant woman, the health of the woman or her unborn child) in serious jeopardy; (2) serious impairment to bodily functions; or (3) serious dysfunction of any bodily organ or part. See 42 U.S.C. § 1395dd(e)(1)(A). This definition includes mental health conditions and substance use disorders.

When a plan or issuer denies coverage, in whole or in part, for a claim for payment of a service rendered in the emergency department of a hospital or independent freestanding emergency department, including services rendered during observation or surgical services, the determination of whether the prudent layperson standard has been met must be based on all pertinent documentation and be focused on the presenting symptoms (and not solely on the final diagnosis). This determination must take into account that the legal standard regarding the decision to seek emergency services is based on whether a prudent layperson (rather than a medical professional) would reasonably consider the situation to be an emergency.

However, the NSA or the IFR do not prevent a plan or issuer from approving coverage for emergency services solely on the basis of diagnosis codes, or from taking diagnostic codes into account when deciding payment for a claim for emergency services, provided a denial of coverage is not based solely on diagnosis codes.

In covering emergency services, plans and issuers must also ensure that they do not restrict the coverage of emergency services by imposing a time limit between the onset of symptoms and the presentation of the participant, beneficiary, or enrollee at the emergency department. Similarly, plans and issuers may not restrict the coverage of emergency services because the patient did not experience a sudden onset of the condition.

Limitations on cost-sharing

The NSA and the IFR limit cost-sharing for emergency services provided by out-of-network emergency facilities and providers, and non-emergency services (that are subject to protections from the NSA) furnished by out-of-network providers at in-network facilities, to the “recognized amount,” which is:

• if the state has an All-Payer Model (APM) Agreement, the amount under such agreement; or
• if there is no such applicable APM Agreement, an amount determined by state law; or
• if neither of the above apply, the lesser of the billed charge or the plan’s or issuer’s median contracted rate, referred to as the qualifying payment amount (QPA), which is the median of the contracted rates of the plan or issuer for the item or service in the geographic region.

An APM Agreement is an agreement between the Centers for Medicare & Medicaid Services  and a state to test and operate systems of all-payer payment reform for the medical care of residents of the state.

The IFR allows self-insured plans to voluntarily opt in to state law that provides for a method for determining the cost-sharing amount or total amount payable under such a plan. A group health plan that opts in to such a state law must do so for all items and services to which the state law applies. A self-insured plan that has chosen to opt in to a state law must prominently display in its plan materials describing the coverage of out-of-network services a statement that the plan has opted in to a specified state law, identify the relevant state (or states), and include a general description of the items and services provided by nonparticipating facilities and providers that are covered by the specified state law.

The NSA’s cost-sharing protections apply equally to air ambulances but there is no “recognized amount” because states are preempted from regulating these providers under the Airline Deregulation Act. However, consistent with the other services, plans and insurers must base any coinsurance or deductible for air ambulance services on the lesser of the provider’s billed charge or the QPA.

All cost-sharing for out-of-network providers must count toward in-network deductibles and out-of-pocket maximums.

Determining the out-of-network provider rate

The total amount paid by a plan or issuer for the services subject to these provisions, referred to as the out-of-network rate, must be equal to one of the following amounts, less any cost sharing payments:

• an amount determined by an applicable APM Agreement; or
• if there is no such applicable APM Agreement, an amount determined by state law; or
• if there is no state law determined rate, an amount agreed upon by the plan/issuer and provider/facility; or
• if no agreement is reached, an amount determined by an independent dispute resolution (IDR) entity, for which regulations are still to be published.

The IFR provides the following example.

An individual is enrolled in a high deductible health plan with a $1,500 deductible and has not yet accumulated any costs towards the deductible at the time the individual receives emergency services at an out-of-network facility. The plan determines that the recognized amount for the services is $1,000. Because the individual has not satisfied the deductible, the individual’s cost-sharing amount is $1,000, which accumulates towards the deductible. The out-of-network rate is subsequently determined to be $1,500. Under the requirements of the NSA and the IFR, the plan is required to pay the difference between the out-of-network rate and the cost-sharing amount. Therefore, the plan pays $500 for the emergency services, even though the individual has not satisfied the deductible. The individual’s out-of-pocket costs are limited to the amount of cost-sharing originally calculated using the recognized amount (that is, $1,000).

The following examples in the IFR illustrate how state laws may or may not apply. Each example assumes there is no applicable APM Agreement that would determine the recognized amount or out-of-network rate.

Example 1. (i) Facts. A health insurance issuer licensed in State A covers a specific non-emergency service that is provided to an enrollee by a nonparticipating provider in a participating health care facility, both of which are also licensed in State A. State A has a law that prohibits balance billing for non-emergency services provided to individuals by nonparticipating providers in a participating health care facility, and provides for a method for determining the cost-sharing amount and total amount payable. The state law applies to health insurance issuers and providers licensed in State A. The state law also applies to the type of service provided.

(ii) Conclusion. In this Example 1, State A’s law would apply to determine the recognized amount and the out-of-network rate.

Example 2. (i) Facts. Same facts as Example 1, except that the nonparticipating provider and participating health care facility are located and licensed in State B. State A’s law does not apply to the provider, because the provider is licensed and located in State B.

(ii) Conclusion. In this Example 2, State A’s law would not apply to determine the recognized amount and out-of-network rate. Instead, the lesser of the billed amount or QPA would apply to determine the recognized amount, and either an amount determined through agreement between the provider and issuer or an amount determined by an IDR entity would apply to determine the out-of-network rate.

Example 3. (i) Facts. An individual receives emergency services at a nonparticipating hospital located in State A. The emergency services furnished include post-stabilization services, as described in 26 CFR § 54.9816-4T(c)(2)(ii), 29 CFR § 2590.716-4(c)(2)(ii), and 45 CFR § 149.110(c)(2)(ii). The individual’s coverage is through a health insurance issuer licensed in State A, and the coverage includes benefits with respect to services in an emergency department of a hospital. State A has a law that prohibits balance billing for emergency services provided to an individual at a nonparticipating hospital located in State A and provides a method for determining the cost-sharing amount and total amount payable in such cases. The law applies to issuers licensed in State A. However, State A’s law has a definition of emergency services that does not include post-stabilization services.

(ii) Conclusion. In this Example 3, State A’s law would apply to determine the cost-sharing amount and out-of-network rate for the emergency services, as defined under State A’s law. State A’s law would not apply for purposes of determining the cost-sharing amount and out-of-network rate for the post-stabilization services. Instead, the lesser of the QPA or billed amount would apply to determine the recognized amount, and either an amount determined through agreement between the hospital and issuer or an amount determined by an IDR entity would apply to determine the out-of-network rate, with respect to post-stabilization services.

Example 4. (i) Facts. A self-insured plan, subject to ERISA, covers a specific non-emergency service that is provided to a participant by a nonparticipating provider in a participating health care facility, both of which are licensed in State A. State A has a law that prohibits balance billing for non-emergency services provided to individuals by nonparticipating providers in a participating health care facility, and provides for a method for determining the cost-sharing amount and total amount payable. The law applies to health insurance issuers and providers licensed in State A, and provides that plans that are not otherwise subject to the law may opt in. The law also applies to the type of service provided. The self-insured plan has opted in.

(ii) Conclusion. In this Example 4, State A’s law would apply to determine the recognized amount and the out-of-network rate.

Preemption Issues

The Departments are of the view that Congress did not intend for the NSA to preempt provisions in state balance billing laws that address issues beyond how to calculate the cost-sharing amount and out-of-network rate. To the extent state laws do not prevent the application of a federal requirement or prohibition on balance billing, the Departments are of the view that such state laws are consistent with the statutory framework of the NSA and would not be preempted.

In fact, Congress specifically indicated that such state balance billing laws may continue in effect along with the balance billing protections set forth in the statute, by requiring that providers disclose to participants, beneficiaries, and enrollees information about federal balance billing protections, plus any other protections that apply under state law. 45 CFR § 149.430.

Public Disclosure Requirements

The IFR implements the requirement of the NSA that certain health care providers and facilities make publicly available, post on a public website, and provide to patients a notice with the following information:

• the requirements and prohibitions under the NSA and implementing regulations;
• any applicable state balance billing limitations or prohibitions; and
• how to contact appropriate state and federal agencies if the patient believes the provider or facility has violated the requirements described in the notice.

Similarly, the NSA requires plans and issuers to make publicly available, post on a public website of the plan or issuer, and include on each explanation of benefits for an item or service with respect to which the requirements apply, information:

• on all applicable state and federal laws on out-of-network balance billing; and
• on contacting appropriate state and federal agencies in the case that an individual believes that such a provider or facility has violated the prohibition against balance billing.

To reduce burden and facilitate compliance with these disclosure requirements, the Departments are concurrently issuing a model disclosure notice that health care providers, facilities, group health plans, and health insurance issuers may (but are not required to) use to satisfy the disclosure requirements regarding the balance billing protections.

Complaint Process

The Consolidated Appropriations Act directs HHS to establish a process for receiving consumer complaints regarding violations of the protections against balance billing and out-of-network cost sharing under the NSA and respond to such complaints within 60 business days. The IFR sets forth the process for such complaints.

Audits

The Labor and Treasury Departments generally have primary enforcement authority over private-sector employment-based group health plans. The IRS has jurisdiction over certain church plans. HHS has primary enforcement authority over nonfederal governmental plans. Office of Personnel Management has jurisdiction over FEHB plans, i.e., federal governmental plans. The departments will generally use these existing processes and authorities to ensure compliance.

Looking Forward

Later this year, the Departments intend to issue further regulations detailing, inter alia:

• the IDR process that will settle disputes regarding the amount the insurer must pay an out-of-network provider;
• the audit process; and
• the price comparison tool that plans/issuers must offer to allow patients to compare cost-sharing amounts for a specific service/item.

The EBSA guidance, which is directed to plan sponsors and fiduciaries as well as recordkeepers and plan participants, is set forth in three separate publications.

The first, Tips for Hiring a Service Provider, is meant to help plan sponsors and fiduciaries select a service provider with strong cybersecurity practices and then monitor the provider’s activities. Tips include asking providers about their information security standards, practices, and policies, including whether they use an outside auditor to review and validate their cybersecurity as well as the results of such audits. Plan sponsors and fiduciaries are encouraged to evaluate the service provider’s track record, including reviewing public information concerning security incidents and litigation, and questioning the provider about any past security breaches and how they were handled. Providers should also be asked about any insurance policies they have that would cover losses caused by cybersecurity failures and identity theft breaches, including those stemming from both internal and external threats. The guidance also recommends that service provider contracts include provisions requiring the provider’s ongoing compliance with cybersecurity and information standards (including annual audits) and the provider’s obligations to meet all applicable federal, state, and local laws as well as other governmental requirements pertaining to the privacy, confidentiality, and security of participants’ personal information.  Contracts should also identify a process for the service provider to inform plan fiduciaries about any cyber incident or data breach, and ensure the provider’s cooperation in investigating, reporting, and addressing the cause.

The second publication, Cybersecurity Program Best Practices, is a more comprehensive document aimed at assisting recordkeepers, service providers, and plan fiduciaries in understanding and fulfilling their responsibilities to manage cybersecurity risks. Noting that a sound cybersecurity program identifies and assesses internal and external cybersecurity risks that may threaten the confidentiality, integrity, or availability of stored nonpublic information, EBSA states that a prudently designed program will protect the infrastructure, information systems, and the information itself from unauthorized access, use, or other malicious acts. The program should include means to detect and respond to cybersecurity events as well as processes for the recovery from and disclosure of the events. The Best Practices guidance includes pointers on the following: annual risk assessments; third-party audits of security controls (including documentation that EBSA would expect to see); definition and assignment of information security roles and responsibilities; development of strong access control procedures with appropriate authentication and authorization processes; and protection of assets and/or data stored in a cloud or managed by a third-party service provider.

Recognizing that employees are often an organization’s weakest link for cybersecurity, EBSA also recommends cybersecurity awareness training for all personnel, conducted at least annually and updated to reflect risks identified through risk assessments. The guidance also includes tips for creating a secure system development life cycle (SDLC) program, which ensures that security assurance activities such as penetration testing, code review, and architecture analysis are part of the system development process. In addition, the guidance outlines best practices for developing a business resiliency program (including a business continuity plan, disaster recovery plan, and incident response plan); implementation of an encryption system; maintenance of strong technical controls such as firewalls and antivirus software; and actions to be taken in response to cybersecurity incidents and breaches.  While many benefit plans (particularly health plans) have already implemented comprehensive cybersecurity programs to comply with HIPAA and other data-protection requirements, this publication serves as a good checklist for review of such programs.

The third document, Online Security Tips, offers some basic guidance for plan participants and beneficiaries to reduce the risk of fraud and loss when they engage with their plan accounts online. EBSA recommends that participants register, set up, and routinely monitor online accounts; use strong and unique passwords; use multi-factor authentication; keep personal contact information current (so the participant can be reached if there is a problem); close or delete unused accounts; and be wary of free Wi-Fi networks that can pose security risks. The guidance also cautions participants about phishing attacks, including a list of common warning signs of such attempts.  Finally, the guidance recommends that participants use antivirus software, keep apps and software current, and know how to report identity theft and cybersecurity incidents. While the guidance is directed primarily to participants in retirement plans, it provides good general advice for all employees who may be accessing benefit, payroll, and other confidential information online. Plan sponsors and service providers therefore may want to consider disseminating the information to participants and employees.

EBSA has identified data security enforcement as a top budget priority, and the speed with which it incorporated cybersecurity questions into its audit process took many plan sponsors and service providers by surprise. Plan sponsors and fiduciaries should ensure they have appropriate cybersecurity policies, procedures, and safeguards in place, and be prepared to provide documentation in the event of a governmental audit or inquiry.

EBSA summarized the request:

You are seeking guidance because you represent a claimant whose request for such a recording was denied. You indicate that the stated reasons for denial of the request for the audio recording are that the actual recording is distinct from the notes made available to you, which contemporaneously documented the content of the recorded conversation, and which became part of the “claim activity history through which [the insurer] develops, tracks and administers the claim.” By contrast, the denial stated that the “recordings are for ‘quality assurance purposes,’” and “are not created, maintained, or relied upon for claim administration purposes, and therefore are not part of the administrative record.”

The Department of Labor explains Information Letters as follows:

An information letter is a written statement issued either by the Pension and Welfare Benefit Programs (Office of Employee Benefits Security), U.S. Department of Labor, Washington, D.C. or a Regional Office or an Area Office of the Labor-Management Services Administration, U.S. Department of Labor, that does no more than call attention to a well-established interpretation or principle of the Act, without applying it to a specific factual situation. An information letter may be issued to any individual or organization when the nature of the request from the individual or the organization suggests that it is seeking general information, or where  … it is believed that such general information will assist the individual or organization.

ERISA Procedure 76-1.

The Information Letter stated that Section 2560.503-1(h)(2)(iii) requires disclosure, on request, of “all documents, records, and other information relevant to the claimant’s claim for benefits.” And a document, record or information is “relevant” if it was “generated in the course of making the benefit determination, without regard to whether such document, record, or other information was relied upon in making the benefit determination; [or] demonstrates compliance with the administrative processes and safeguards required pursuant to paragraph (b)(5)[.]” Section 2560.503-1(m)(8).

Accordingly, EBSA explained that, because a recording of a call with a claimant was “generated in the course of making the benefit determination,” it is “relevant” and must be disclosed on request, even if it was not “relied upon in making the benefit determination[.]” EBSA also explained that a recording made for quality assurance purposes would also likely make it relevant as demonstrating compliance with administrative processes or safeguards.

The Information Letter concluded:

In summary, a recording or transcript of a conversation with a claimant would not be excluded from the requirements under 29 CFR 2560.503-1 to disclose relevant “documents, records, and other information” merely because the plan or claims administrator does not include the recording or transcript in its administrative record; does not treat the recording or transcript as part of the claim activity history through which the insurer develops, tracks and administers the claim; or because the recording or transcript was generated for quality assurance purposes.

Benefits claim fiduciaries may wish to consider their internal systems for recording calls, and for tracking and locating any recordings that are made. In particular, they may wish to consider developing a procedure or guideline concerning when calls can or should be recorded, and what is done with a recording after it is made. In addition, fiduciaries may wish to consider whether such recordings, if made, should automatically be included in the claim file.

It has been over a year since the first COVID-19 cases were diagnosed, and the pandemic started to evolve. This article discusses new trends in COVID-19-related disability claims that emerged in 2020 through early 2021 as a result of the pandemic. Read the full article.

In Atkins, the defendant construction company established a Project Completion Incentive Plan (“PCIP”) that would pay eligible employees a bonus of 5% of their earnings while they worked on a particular construction project, if they stayed on the project until their work was completed. The plaintiffs, who acknowledged that they were not eligible for bonuses because they quit before their work on the project ended, sued in Louisiana state court, arguing that the PCIP involved a wage forfeiture that was illegal under Louisiana law. The employer removed the case to federal court on the grounds of ERISA complete preemption, and the district court agreed that ERISA governed. As the Fifth Circuit noted, “[t]hat jurisdictional determination also resolved the merits” because, if ERISA governs, “then everyone agrees the Plaintiffs do not have a claim” because ERISA preempts Louisiana law, and because the plaintiffs “are not eligible for the bonus under the terms of the plan.”

The Fifth Circuit held that the PCIP was not an ERISA plan.

The court began its analysis by noting that severance plans are particularly troublesome when considering whether ERISA governs: “As the answer depends on the particulars of each plan, some severance plans have qualified while others have not.”

The court then stated that the “key Supreme Court case” is Fort Halifax Packing Co. v. Coyne, 482 U.S. 1 (1987), which “addresses a state law requiring one-time severance payments to employees if their plant closed.” In Fort Halifax, the Court held that ERISA does not govern a severance plan that required only a “one-time, lump-sum payment triggered by a single event [which] requires no administrative scheme whatsoever.” Id. at 12. Instead, ERISA governs only a severance plan that requires an “ongoing administrative program,” requiring “complex administrative activities” such as “determining the eligibility of claimants, calculating benefit levels, making disbursements, monitoring the availability of fund for benefit payments, and keeping appropriate records in order to comply with applicable reporting requirements.” Id. at 9, 11.

The Fifth Circuit analyzed these factors and held that there was insufficient complexity in the PCIP to give rise to an ERISA plan. Among the factors that the court evaluated were:

• The PCIP calls for only a single payment. “A one-time payment usually does not require an ongoing administrative scheme because the ‘employer assumes no responsibility to pay benefits on a regular basis, and thus faces no periodic demands on its assets that create a need for financial coordination and control.’”
• The PCIP does not provide for additional benefits, such as COBRA insurance coverage
• Calculating the one-time payment – 5% of the employee’s project-related pay – involves “a single arithmetic calculation” that “is not the type of complex determination ERISA plans often make.”

The court noted that “mixed signals” were sent by the fact that different employees would have different project completion dates (unlike the plan in Fort Halifax, which was tied to a plant closure). However, “the fact that eligibility is tied to workers’ completion of their duties on a discrete project makes this Plan different from most ERISA plans.”

The court had the most difficultly evaluating whether the PCIP required the employer to exercise discretion to a sufficient degree to justify ERISA governance. The court noted that ERISA might govern where a plan requires the employer to determine whether an employee had “good reason” to stop working, or whether a termination was for “good cause;”  though such a requirement is not alone sufficient. The court acknowledged that there was no “clear dividing line on when cause-type determinations involve the requisite level of discretion,” but held that it was not necessary to consider that further, because the PCIP does not require a “for cause” determination. Instead, the bonus is earned when a worker’s role in the project is “complete,” which “does not seem to require a significant degree of discretion.” Moreover, “some eligibility determinations under the Plan will be clear as day.”

Summing up, the court explained:

Consistent with the lack of complexity needed to answer the “who” and “how much” questions about the bonus, we do not see any special administrative apparatus dedicated to overseeing the Plan. A plan is more likely to be governed by ERISA when it includes administrative procedures, such as procedures for handling claims and appeals, is administered on a large-scale to many employees, requires continuous monitoring of payees, or requires additional oversight once the benefit has been paid, either because of continuing insurance benefits or the possibility of clawing back severance payments if the employee returns to work, The record shows none of that here. [citations omitted].

In sum, the Project Completion Incentive Plan involves a single and simple payment. Determining eligibility might require the exercise of some discretion, but not much. An administrative structure is not devoted to overseeing the Plan. The Plan thus lacks the complexity and longevity that result in the type of “ongoing administrative scheme” ERISA covers.

Accordingly, the court remanded the case to state court, where the plaintiffs will be permitted to litigate their state wage-forfeiture claim.

Atkins thus highlights, and explores to a limited degree, a big gray area involving severance plans. At one end of the spectrum is Fort Halifax, where ERISA plainly does not govern a severance plan tied to a single event. At the other end of the spectrum would be company-wide severance plans covering large numbers of diverse employees, where determination of eligibility and calculation of benefits require monitoring and potentially complex determinations. In the uncertain middle are plans like the PCIP where a limited number of employees are eligible, the circumstances for eligibility are discrete, and the benefit calculations are simple.