To meet Health Plan Compliance Rules, group health plans typically fall into two categories: fully insured or self-insured.
- A fully insured health plan moves most of the financial risk away from the employer and places it on the insurance carrier. An employer’s liability for health care expenses is limited to its insurance premiums.
- A self-insured health plan places most of the financial risk on the employer. Instead of paying fixed premiums to an insurance company, the employer pays for medical claims as they are processed throughout the year. Although they are designed differently, level funded health plans are generally considered self-insured for compliance purposes.
Employers should consider a variety of factors when selecting a funding approach for their health plan, including the compliance requirements for each option. Significantly, self-insured health plans offer more design flexibility because they are not subject to state insurance mandates, mini-COBRA laws or the essential health benefits (EHB) coverage requirement. However, self-insured health plans are subject to nondiscrimination rules that do not apply to fully insured health plans, and they are required to comply with the wide range of compliance obligations under the HIPAA Privacy and Security Rules.
Fully Insured vs. Self-insured – Same Compliance Requirements
Many federal compliance requirements apply to both fully insured and self-insured health plans. These include the following requirements:
- ERISA (e.g., SPD, Form 5500, fiduciary rules)
- Medicare Part D notification requirements
- HIPAA special enrollment
- Medicare Secondary Payer rules
- HIPAA nondiscrimination (based on health factors)
- Annual notice under the Children’s Health Insurance Program (CHIP)
- COBRA (applies to employers with 20 or more employees)
- Employer shared responsibility rules (applies to applicable large employers, or ALEs)
- Mental health parity
- Patient protections on surprise medical billing
- Transparency requirements (e.g., prescription drug data collection reporting, prohibition on gag clauses and self-service price comparison tool)
Fully Insured vs. Self-insured – Different Compliance Requirements
When deciding whether to move from a fully insured health plan to a self-insured health plan (or vice versa), employers should consider the different compliance requirements for each type of plan.
Self-insured health plans can provide more design flexibility than fully insured plans because they are not subject to state insurance mandates or the EBH coverage requirement. However, self-insured health plans come with some additional compliance requirements. Employers moving to a self-insured health plan may need to make plan design changes—e.g.,changing the plan’s eligibility rules—to comply with the nondiscrimination rules under Internal Revenue Code (Code) Section105(h). Employers with fully insured health plans typically have minimal compliance responsibilities under the HIPAA Privacy and Security Rules and are not required to pay Patient-Centered Outcomes Research Institute (PCORI) fees. However, these plans are subject to state insurance mandates and applicable mini-COBRA laws.
The following chart outlines key compliance requirements that apply differently to fully insured and self-insured health plans.
|Nondiscrimination Rules||Self-insured health plans||Self-insured health plans are subject to nondiscrimination rules under Code Section 105(h). Under these rules, self-insured health plans cannot discriminate in favor of highly compensated employees with respect to eligibility or benefits.
Although the ACA included nondiscrimination requirements for non-grandfathered, fully insured health plans, these rules have been delayed and are not enforced at this time.
|PCORI Fees||Self-insured health plans||The ACA imposes a fee on health insurance issuers and employers with self-insured health plans to help fund the PCORI. The fee, called the PCORI fee, is calculated based on the average number of lives covered under the policy or plan. It must be reported and paid each year by July 31. Employers with fully insured health plans are not required to pay PCORI fees.|
|State Continuation Coverage (mini-COBRA)||Fully insured health plans||Fully insured health plans must comply with applicable state continuation coverage requirements (depending on the specific state law). Self-insured health plans maintained by a single employer (or a group of employers under common control) are not subject to mini-COBRA laws due to ERISA’s preemption provision.|
|EHB Package||Fully insured health plans in the small group market||Non-grandfathered fully insured health plans in the small group market must offer a comprehensive package of items and services, known as the EHB package. Fully insured health plans in the large group market and self-insured health plans are not subject to this requirement.|
|State Insurance Mandates||Fully insured health plans||Fully insured health plans must comply with applicable state insurance mandates, which require these plans to provide coverage for certain benefits, providers and individuals. Self-insured health plans maintained bya single employer (or a group of employers under common control) are not subject to state insurance mandates.|
|Premium Rating Restrictions||Fully insured health plans in the small group market||Non-grandfathered fully insured health plans in the small group market are subject to the ACA’s premium rating restrictions. Premium rates may only vary based on age, geography, family size and tobacco use. Fully insured health plans in the large group market and self-insured health plans are not subject to these restrictions.|
|HIPAA Privacy and Security Rules (HIPAA Rules)||All health plans, but most fully insurared health plans have minimal compliance obligations||The HIPAA Rules apply to both fully insured and self-insured health plans. However, most employers with fully insured health plans have minimal compliance responsibilities under the HIPAA Rules because they do not have access to protected health information from their insurance carriers. In this situation, almost all the HIPAA compliance requirements fall on the carrier, not the employer. On the other hand, employers with self-insured health plans must comply with the wide range of HIPAA Privacy and Security requirements, including providing a privacy notice, conducting HIPAA training, implementing security safeguards, and adopting certain policies and procedures.|
|Health Coverage Reporting (Code Section 6056 and/or Section 6055)||Section 6056: ALEs with fully insured or self-insured health plans Section 6055: Employers with self-insured health plans||ALEs with fully insured or self-insured health plans are subject to reporting under Code Section 6056 (IRS Forms 1094-C and 1095-C). To qualify as an ALE, an employer must employ, on average, at least 50 full-time employees, including full-time equivalent employees, on business days during the preceding calendar year. Employers with self-insured health plans are also subject to reporting under Code Section 6055 (IRS Forms 1094-B and 1095-B). ALEs with self-insured health plans are required to report under both Code Sections 6056 and 6055. These employers use a combined reporting method by filing IRS Forms 1094-C and 1095-C and completing coverage information in Part III of Form 1095-C.|
|Health Coverage Reporting (Code Section 6056 and/or Section 6055)||All ERISA-covered health plans, although small plans may qualify for a filing exemption. Self-insured health plans that use a trust or separately maintained fund to pay benefits do not qualify for the filing exemption.||Employers that are subject to ERISA must file an annual report (Form 5500) with the Department of Labor for their employee benefit plans. This annual reporting requirement applies to both fully insured and self-insured health plans. However, health plans are exempt if they have fewer than 100 covered participants at the beginning of the plan year and are unfunded or fully insured (or have a combination of unfunded and fully insured benefits). Small self-insured health plans that use a trust or separately maintained fund for paying benefits do not qualify for this exemption.|
LINKS AND RESOURCES
- ACA reporting under Section 6056 and Section 6055
- HIPAA Privacy and Security compliance website
- Nondiscrimination rules under Code Section 105(h) and underlying Treasury Regulations (Treas. Reg. § 1.105-11)
This Compliance Overview is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice. ©2023 Zywave, Inc. All rights reserved.
The content herein is provided for general information purposes only, and does not constitute legal, tax, or other advice or opinions on any matters. This information has been taken from sources which we believe to be reliable, but there is no guarantee as to its accuracy.