NEWS

Federal Agencies Issue Wave of Health Plan Guidance: Preventive Services, Contraception, and Cybersecurity

Last week, the Departments of Health & Human Services, Labor, and Treasury (Departments) proposed new regulations aimed at promoting access to contraception.  Separately, the Internal Revenue Service (IRS) and Department of Labor (DOL) recently published additional pieces of guidance affecting health plans.  Self-funded health plan sponsors in particular should review these proposed rules and recent notices and determine what, if any, plan or process changes are needed or desired.

  • Departments’ Proposed Preventive and Contraceptive Care Rules: On October 21, 2024, the Departments jointly proposed amending the Affordable Care Act (ACA) rules regarding preventive and contraceptive care for non-grandfathered plans.  Those regulations, if finalized, would become effective as of January 1, 2026 and would require non-grandfathered plans to cover certain over-the-counter (OTC) contraception without any cost-sharing and without a prescription.  Such OTC contraception would include male condoms, birth control, and emergency contraceptives.  The proposed rules also would require plans to disclose that OTC coverage to participants and beneficiaries.  Separately, the rules attempt to clarify that any medical management program or techniques used by a plan must have an “exceptions process,” outside of a plan’s normal claims and appeals process, that is not unduly burdensome for medically necessary and recommended preventive services.  For instance, if a plan covers without cost-sharing a generic version only of a preventive drug, but an individual experiences side effects from the generic, the plan would need an easily accessible, transparent, and sufficiently expedient exceptions process that the individual or their provider could use to obtain the brand-name drug without cost-sharing.  The public comment period on these proposed rules is open through December 27, 2024.
  • IRS Preventive and Contraceptive Care Guidance: IRS Notices 2024-71 and 2024-75, both published on October 17, 2024 with retroactive effect, provide for the following:
    • For plan years beginning on or after December 30, 2022:
      • A high deductible plan (HDHP) may provide preventive care for OTC condoms and oral contraceptives, regardless of whether there is a prescription and prior to the participant’s satisfaction of the minimum annual HDHP deductible (i.e., an HDHP could provide first dollar coverage without jeopardizing its HDHP status).
      • Male condoms may be reimbursed as a medical expense under Internal Revenue Code section 213(d) under a Health Savings Account (HSA), a health flexible spending account (HFSA), and health reimbursement arrangement (HRA).
      • Certain insulin products can be provided prior to satisfaction of the HDHP deductible (i.e., first dollar coverage) regardless of whether the product is prescribed to treat an individual diagnosed with diabetes or for the purpose of preventing the exacerbation of diabetes or the development of a secondary condition.
    • Effective as of April 12, 2004:
      • All types of breast cancer screenings for those individuals not diagnosed with cancer, are to be considered preventive care. The IRS previously provided in Notice 2004-23 that breast cancer screenings were to be treated as preventive care for HDHP purposes but had only listed mammograms as an example of such screenings.  However, women are increasingly receiving other types of breast cancer screenings such as ultrasounds and MRIs, which are now more clearly classified as preventive care along with mammograms.
    • Effective as of July 17, 2019:
      • Continuous glucose monitors are to be treated as preventive care for those individuals diagnosed with diabetes. As with the breast cancer screenings, this means that these monitors are preventive care for purposes of an HDHP.
  • DOL Cybersecurity Guidance Update: In September 2024, the DOL amended its cybersecurity guidance to explicitly highlight the fact that it applies not only to ERISA pension and retirement plans, but also to ERISA health and welfare plans.  That is, health plan sponsors and fiduciaries are obligated to prudently select and monitor service providers for health plans who have strong cybersecurity practices.  The DOL also referenced various HHS publications that offer guidance on how plans and their service providers can maintain good cybersecurity practices.  This revised DOL guidance comes after certain health plan service providers and clearinghouses announced earlier this year that they had experienced large cybersecurity breaches affecting the protected health and personal information of millions of individuals.

Kullman attorneys are available to discuss these developments with you, or assist in reviewing and revising plan documents and processes.

Kullman