1. Myth: “You do not have a right to your data."
The Reality: HIPAA provides that self-funded plan sponsors are a covered entity and therefore, fall under the umbrella of who can have claims data especially when it is de-identified. HIPAA is a powerful tool for self-funded employers to retrieve their data. In addition, the Consolidated Appropriations Act of 2021 (CAA) not only gives self-funded employer plan sponsors a legal right to obtain their healthcare claims data, the CAA makes clear that these employers have a legal obligation to have access to that data.
2. Myth: “TPA’s are not fiduciaries and have no obligation to abide by ERISA.”
The Reality: Under ERISA and the Taft-Hartley Act, carriers have a legal obligation to secure proper payment for self-insured employers. Moreover, even if TPA’s and carriers disclaim “fiduciary” status in their contract but still act as a de facto fiduciary, they may still be liable pursuant to ERISA for breaches of their fiduciary obligations. Moreover, as an employer/sponsor of a health plan, you also have a legal obligation as a fiduciary. Pursuant to ERISA, you have a legal obligation to act in the sole and best interest of plan participants with the exclusive purpose of providing benefits.
You must carry out all your duties as a fiduciary prudently, follow your plan documents, and pay only reasonable plan expenses. Plan participants may sue plan fiduciaries that do not abide by ERISA and they can sue for unpaid benefits. Also, if found guilty for violation of ERISA's reporting obligations, fiduciaries may be subject to fines and/or imprisonment for up to ten years.
3. Myth: “HIPAA does not let us share the data with employers or other third parties due to privacy concerns. Only authorized individuals and organizations see patient data and medical information.”
The Reality: While HIPAA is now best known for protecting the privacy of patients and ensuring patient data is appropriately secured, the primary purpose of HIPAA was to improve efficiency in the healthcare industry by requiring healthcare organizations to adopt the data standards in healthcare transactions.
The purpose of the privacy rule was to introduce restrictions on the allowable uses and disclosures of protected health information, stipulating when, with whom, and under what circumstances, health information could be shared. Self funded employers ARE expressly permitted to receive HIPAA data, and can share that information under certain circumstances! You can and should own your full spectrum of data, as it is crucial to know and understand what you are paying for. It allows you to make prudent financial decisions for your employees and company.
4. Myth: “Carriers do not need to be transparent. Fees do not need to be disclosed.”
The Reality: Part of the Consolidated Appropriations Act of 2021 is a comprehensive fee disclosure requirement that covered third party providers, like TPA’s, PBM’s and broker/consultants, must take seriously. Self-insured employers are exposed to substantial liability if they do seek and obtain the appropriate disclosures and evaluate them for reasonableness. If disclosures are not forthcoming from the providers, employers have an obligation to report them to the Department of Labor, and cease doing any business with those non-compliant entities. There are ways to protect yourself from potential employee class action, representational harm, and violation of ERISA:
Have a disclosure of all relevant information, service contracts, third-party fees and a year end reconciliation of those fees.
Provide a detailed assessment of vendors and TPAs that you evaluated in the marketplace to prove you have done your due diligence.
Ensure your fees are reasonable not only by evaluating relevant benchmarks, but also assess for value to the health plan.
The information provided in this article does not, and is not intended to, constitute legal advice; instead, all information and content available in this article is for marketing purposes only.