Benefits and Compensation

Agencies Issue Health Plan Guidance: Preventive Services, Contraception, Cybersecurity

Recently, the Departments of Health and Human Services (HHS), Labor (DOL), and Treasury proposed new regulations aimed at promoting access to contraception. Separately, the Internal Revenue Service (IRS) and DOL recently published additional pieces of guidance affecting health plans. Self-funded health plan sponsors in particular should review these proposed rules and recent notices and determine what, if any, plan or process changes are needed or desired. Let’s take a closer look.

Departments’ Proposed Preventive and Contraceptive Care Rules

On October 21, 2024, the departments jointly proposed amending the Affordable Care Act (ACA) rules regarding preventive and contraceptive care for nongrandfathered plans. Those regulations, if finalized, would become effective January 1, 2026, and would require nongrandfathered plans to cover certain over-the-counter (OTC) contraception without any cost sharing and without a prescription. Such OTC contraception would include male condoms, birth control, and emergency contraceptives.

The proposed rules also would require plans to disclose that OTC coverage to participants and beneficiaries. Separately, the rules attempt to clarify that any medical management program or techniques used by a plan must have an “exceptions process,” outside of the plan’s normal claims and appeals process, that isn’t unduly burdensome for medically necessary and recommended preventive services.

For instance, if a plan covers, without cost sharing, only a generic version of a preventive drug but an individual experiences side effects from the generic, the plan would need an easily accessible, transparent, and sufficiently expedient exceptions process that the individual or the individual’s provider could use to obtain the brand-name drug without cost sharing.

The public comment period on these proposed rules is open through December 27, 2024.

IRS Preventive and Contraceptive Care Guidance

IRS notices 2024-71 and 2024-75, both published on October 17, 2024, with retroactive effect, provide for the following:

For plan years beginning on or after December 30, 2022:

  • A high-deductible health plan (HDHP) may provide preventive care for OTC condoms and oral contraceptives regardless of whether there’s a prescription and before the participant reaches the minimum annual HDHP deductible (i.e., an HDHP could provide first-dollar coverage without jeopardizing its HDHP status).
  • Male condoms may be reimbursed as a medical expense under Internal Revenue Code Section 213(d) under a health savings account (HSA), a health flexible spending account (HFSA), and a health reimbursement arrangement (HRA).
  • Certain insulin products can be provided before reaching the HDHP deductible (i.e., first-dollar coverage) regardless of whether the product is prescribed to treat an individual diagnosed with diabetes or for the purpose of preventing the exacerbation of diabetes or the development of a secondary condition.

Effective April 12, 2004:

All types of breast cancer screenings for individuals not diagnosed with cancer are to be considered preventive care. The IRS previously provided in Notice 2004-23 that breast cancer screenings were to be treated as preventive care for HDHP purposes but had only listed mammograms as an example of such screenings. However, women are increasingly receiving other types of breast cancer screenings, such as ultrasounds and MRIs, which are now more clearly classified as preventive care along with mammograms.

Effective July 17, 2019:

Continuous glucose monitors are to be treated as preventive care for individuals diagnosed with diabetes. As with breast cancer screenings, this means these monitors are preventive care for purposes of an HDHP.

DOL Cybersecurity Guidance Update

In September 2024, the DOL amended its cybersecurity guidance to explicitly highlight the fact that it applies not only to Employee Retirement Income Security Act (ERISA) pension and retirement plans but also to ERISA health and welfare plans—that is, health plan sponsors and fiduciaries are obligated to prudently select and monitor service providers for health plans that have strong cybersecurity practices. 

The DOL also referenced various HHS publications that offer guidance on how plans and their service providers can maintain good cybersecurity practices. This revised DOL guidance comes after certain health plan service providers and clearinghouses announced earlier this year they had experienced large cybersecurity breaches affecting the protected health and personal information of millions of individuals.

Brianna Hanson, an associate of The Kullman Firm, may be reached at brh@kullmanlaw.com. Martin J. Regimbal, a shareholder of The Kullman Firm, may be reached at mjr@kullmanlaw.com.

Leave a Reply

Your email address will not be published. Required fields are marked *