A brief update on what happened the prior month in group health plan compliance at the federal level, organized chronologically. If you would like additional information, please reach out to the GBS Compliance Team.
See links to further resources in the PDFs at the bottom of this post.
Updated surprise billing independent dispute resolution guidance.
The DOL, HHS, and IRS updated the independent dispute resolution (IDR) process guidance used by certified IDR entities and disputing parties for resolving claims for payment of out-of-network services through the federal IDR process. IDR fee amounts for the 2023 calendar year were also released. The process guidance was updated to reflect final regulations issued in August. CMS has a website with the most current guidance related to the No Surprises Act and the federal IDR process.
IRS updates/clarifies Section 125 election change guidance corresponding to new affordability final rule.
As discussed last month, IRS Notice 2022-41 was issued allowing a revocation of family coverage into self-only coverage to permit family members to enroll in Exchange coverage (to take advantage of premium tax credits for which family members may be eligible under the “family glitch” fix). On November 8, the IRS updated IRS Notice 2022-41 to make clear the permitted election change flexibility does apply to calendar year plans (in addition to non-calendar year plans).
PCORI fee adjustment released.
On November 14, IRS Notice 2022-59 was released with the annual increase in Patient-Centered Outcomes Research Institute (PCORI) fees for plan years ending on or after October 1, 2022, and before October 1, 2023. The updated PCORI fee amount is $3.00 per the average number of covered lives. PCORI fees are reported annually on the second quarter IRS Form 720 no later than July 31 of the calendar year immediately following the last day of the plan year to which the fee applies. Additional information and guidance is available on the IRS PCORI Fee webpage.
HHS cybersecurity newsletter focuses on importance of HIPAA security rule security incident procedures.
HHS released its latest cybersecurity newsletter emphasizing the importance that HIPAA covered entities and business associates’ comply with the security rule requirement to implement policies and procedures to address suspected or known security incidents posing a threat to electronic PHI. The newsletter outlines the steps from the HIPAA security rule that covered entities and business associates should take to protect against cyberthreats. Also noted is that hacking is now the greatest threat to the privacy and security of PHI and that security incidents “will almost inevitably occur during the lifetime of a regulated entity.”
