September 265, 2022
- Agencies Issue RFI on Advanced Explanations of Benefits
- Council, Others Express Serious Concerns with DOL Collection of Personal Identifiable Information
- State Abortion Law Executive Summary Chart Updated to Reflect New Developments
Agencies Issue RFI on Advanced Explanations of Benefits
The U.S. departments of Health and Human Services, Labor and Treasury (the “tri-agencies”) issued a request for information (RFI) on September 16 on the requirement that health plans and insurers provide advanced explanations of benefits (AEOBs) to participants – based on a good faith estimates (GFEs) the plan is to receive from the provider – as provided for under the Consolidated Appropriations Act, 2021 (CAA).
For individuals who schedule an item or service at least three business days in advance, the CAA requires health care providers and facilities to inquire if the individual is enrolled in a group health plan or other insurance coverage and to provide a GFE of the expected charges (with diagnostic and billing codes) to the plan or issuer. The CAA then requires plans and insurers to provide an AEOB to participants for each GFE the plan or insurer receives from a provider. The CAA sets out the information that must be provided in the GFE and AEOB, as well as the short time frames for when the GFE and AEOB must be provided by the respective parties.
The Council has been long been supportive of these provisions, based on the likelihood that disclosures provided before a service is rendered will improve consumer decision-making. We previously offered detailed recommendations to the tri-agencies as they develop implementing regulations, as reported in the July 23, 2021, Benefits Byte.
These requirements were set to take effect in 2022 but, as reported in the August 25, 2021, Benefits Byte, in August 2021 the tri-agencies announced that they would defer enforcement until notice and comment rulemaking had been completed. (This delay was consistent with our comments to the tri-agencies that a 2022 effective date was not feasible and that clear guidance was needed before plans could implement this provision). The recently-issued RFI is the first step towards regulations – signaling that it may well be a while yet before there are proposed, and eventually, final regulations.
In the RFI, the tri-agencies provide that in recognition of the complexity of the forthcoming regulations they are requesting information on a range of issues. Below we provide a summary of the RFI:
- A large portion of the RFI is focused on issues related to the transfer of data from providers and facilities to plans and insurers in connection with the provider’s development and delivery of the GFE, including questions on specific interoperability standards, privacy concerns, the use of manual or paper-based technologies, and issues for small or rural providers/facilities.
- The RFI also includes several questions related to ensuring that the necessary information is transferred from providers and facilities to plans and insurers so such plans and insurers can prepare AEOBs that account for how the No Surprises Act (NSA) may affect an individual’s benefits related to the item or service at issue in the AEOB. Questions include whether out-of-network providers should be required to include information in the GFE as to whether the applicable facility is in-network, whether the GFE should be used to convey whether a participant has opted out of protections against surprise billing (in the limited circumstances when this is permissible), and whether AEOBs should reflect the extent to which the surprise billing prohibition in the NSA applies.
- The RFI addresses a range of other issues – including to what extent the tri-agencies could coordinate the AEOB requirement with the requirement that plans provide cost-sharing estimates under the transparency in coverage regulations, how to implement the provision allowing participants to directly request an AEOB from a plan, how the rules should account for unique benefit designs, whether and how the timeframes provided in the statute should be modified for specific items and services, and how to take health equity issues into account in developing the regulations.
- The RFI also asks a series of questions on the potential economic impacts of implementing the AEOB and GFE requirements for various affected stakeholders, including plans.
The agencies are soliciting feedback on the RFI by November 15. The Council intends to comment and welcomes member input. For more information, please contact Katy Johnson, senior counsel, health policy.
Council, Others Express Serious Concerns with DOL Collection of Personal Identifiable Information
The American Benefits Council led an informal coalition of employer and financial industry groups in sending a September 21 letter to the U.S. Department of Labor (DOL), outlining concerns with the agency’s use of subpoena power to collect retirement plan participants’ confidential, personally identifiable information (PII).
The Council has learned that, as part of an ongoing review of retirement plan sponsor and service provider cybersecurity practices, the DOL is collecting plan participant information – including Social Security numbers and banking information – to determine whether cybersecurity breaches have occurred. The collection of information in one instance raises broader concerns about the DOL’s gathering and use of personally identifiable information outside of the one case. The September 21 letter outlines why we have these concerns and seeks to work collaboratively with DOL to protect data and ensure a strong retirement system.
While the DOL has formally asserted that “[c]onfidential information will help DOL identify any harm to specific participants, assess harms, and identify witnesses to potential breaches or violations,”we believe that redacted information would serve the same purpose and, if necessary, the relevant confidential information could be released upon finding a breach.
The group letter notes that “every transmission of PII and other plan-specific information and every additional holder of such information creates new risks, including cybersecurity risks, inadvertent disclosures and unauthorized leaking,” noting that numerous government systems have previously been compromised and “DOL’s own Office of Inspector General has expressed its concern about DOL’s ability to safeguard its data and information systems.”
The letter therefore urges DOL to incorporate four basic principles with respect to its information security practices:
- Recognize security risks and safeguard data on hand.
- Collect only necessary data, request redacted or anonymized participant data until a breach is confirmed and promptly destroy data and information once it is no longer needed.
- Report and notify the public of any breach that occurs.
- Access to any information collected by the DOL should be limited to only those at the DOL assigned to the investigation.
As we reported in the September 15 Benefits Byte, the Council recently testified before the DOL’s ERISA Advisory Council on the matter of Cybersecurity Insurance and Employee Benefit Plans. For more information, contact Lynn Dudley, senior vice president, global retirement and compensation policy.
State Abortion Law Executive Summary Chart Updated to Reflect New Developments
As part of the American Benefits Council’s mission to serve as a resource for employers on the subject of abortion and medical travel coverage following the U.S. Supreme Court’s ruling in Dobbs v. Jackson Women’s Health, we are continuing to update the executive summary of our Benefits Blueprint chart of state abortion laws, prepared by Davis and Harman, LLP. (The full chart itself will be updated at a later time.)
For each state and the District of Columbia, the full chart (102 pages) outlines current and proposed laws governing abortion, any “aiding and abetting” laws that may apply and additional notes for context. This includes “trigger” laws that automatically took effect following the Dobbs decision. The executive summary will be updated more frequently to reflect recent changes.
The latest update of the executive summary includes updates for Idaho, Indiana, Michigan, Ohio, Oklahoma, Texas and West Virginia, reflecting activity in August and September.
As a reminder, on June 15, shortly prior to the rendering of the Dobbs decision, the Council held a Benefits Briefing webinar with legal experts to discuss issues for consideration by our member companies that cover abortion. Topics included travel and pharmacy benefit expansions and an extensive discussion of state law issues. A recording of this webinar and the presentation slides remain available to Council members in our Webinar Archive.
For more information about abortion and medical travel issues, please contact Katy Johnson, senior counsel, health policy.