Employers should be aware of the top compliance issues that may impact their health plan coverage for 2025. Some of these compliance issues are established requirements for employers, such as the new simplified reporting under the Affordable Care Act (ACA). Other compliance issues are anticipated developments employers should monitor, such as additional health care transparency requirements. It is uncertain what impact Republican control of Congress and the White House may have on health plan compliance issues, although there will likely be a shift in priorities related to health care policies.
Other top health plan compliance issues employers should be aware of in 2025 include:
- New mental health parity requirements, including a fiduciary certification requirement for comparative analyses of nonquantitative treatment limitations (NQTLs);
- Expiration of the telemedicine exception for high deductible health plans (HDHPs); and
- Possible new state and federal oversight of pharmacy benefit managers (PBMs) to help control health care costs.
Key Developments in 2025
- Simplified ACA reporting allowing Form 1095-C to be distributed only upon request
- New fiduciary certification requirement for comparative analyses of NQTLs
- End of telemedicine exception for HDHP/HSA plans
- New HIPAA privacy rights regarding lawful reproductive health care
Other Possible Changes
- State and federal regulation of PBM practices to help control health plan spending
- State coverage mandates for fully insured health plans regarding fertility treatment
- Stricter HIPAA security standards to strengthen cybersecurity protections
- Additional health care transparency requirements
At the end of 2024, Congress passed two new laws, the Paperwork Burden Reduction Act and the Employer Reporting Improvement Act, which ease ACA reporting requirements for employers and set new limits on the IRS’ assessment of “pay-or-play” penalties.
As background, the ACA requires ALEs and non-ALEs with self-insured health plans to provide information to the IRS about the health plan coverage they offer (or do not offer) to their employees. They must also provide related statements to individuals regarding their health plan coverage. The new laws ease ACA reporting requirements for employers as follows:
- Individual statements only required upon request—Before 2025, ALEs were required to provide each full-time employee with a statement regarding their health coverage (Form 1095-C) within 30 days of Jan. 31 each year. The IRS has allowed non-ALEs with self-insured health plans to provide health coverage statements (Forms 1095-B) to covered individuals upon request only. Beginning in 2025, this flexibility is extended to ALEs for furnishing Forms 1095-C. Accordingly, employers are no longer required to send Forms 1095-C and 1095-B to individuals unless a form is requested. Employers must give individuals timely notice of this option in accordance with any requirements set by the IRS. Requests must be fulfilled by Jan. 31 of the year following the calendar year to which the return relates or 30 days after the date of the request, whichever is later;
- Electronic consent for individual statements—The new legislation clarifies that statements can be provided electronically to individuals if they have affirmatively consented “at any prior time” (unless they have revoked such consent in writing); and
- Substituting birth dates for taxpayer identification numbers (TINs)—The new legislation confirms that employers may substitute a covered individual’s birth date in lieu of their TIN without the requirement to first make reasonable efforts to obtain the TIN.
In addition, ALEs are subject to IRS penalties if they do not offer affordable minimum essential coverage under the ACA’s employer shared responsibility (“pay-or-play”) rules. The new legislation increases the time ALEs have to respond to IRS penalty assessment warning letters from 30 days to 90 days. The legislation also imposes a six-year time limit on when the IRS can try to collect assessments.
Telemedicine exploded in popularity during the COVID-19 pandemic as a safe, remote health care option. With its popularity staying strong, telemedicine is expected to remain an important health care delivery method going forward. Employers that offer HDHPs compatible with health savings accounts (HSAs) should consider how telemedicine benefits may impact employees’ HSA eligibility. To be eligible for HSA contributions, individuals cannot be covered by a health plan that provides benefits, except preventive care benefits, before the minimum HDHP deductible is satisfied for the year. For plan years beginning in 2025, the minimum HDHP deductible is $1,650 for self-only coverage and $3,300 for family coverage. Generally, individuals who are covered by telemedicine programs that provide benefits before the HDHP minimum deductible is met are not eligible for HSA contributions.
A pandemic-related relief measure temporarily allowed employers with HDHPs to provide benefits for telehealth and other remote care services before plan deductibles were met. This relief became effective in 2020 and has been repeatedly extended. It currently applies to plan years beginning before Jan. 1, 2025. This means that, for calendar-year HDHPs, the telemedicine exception expired on Dec. 31, 2024. There has been bipartisan support for extending telemedicine relief for HDHPs either permanently or temporarily. Although Congress extended other telehealth relief for the Medicare program at the end of 2024, it did not extend the relief for HDHP/HSA plans. It remains to be seen if Congress will revive this relief in 2025.
Because the telemedicine relief has not been extended, HDHPs that have not imposed a deductible on telehealth services will need to start doing so for the plan year beginning on or after Jan. 1, 2025, to preserve eligibility for HSA contributions. This means that employees will be required to pay the cost of telemedicine services, other than preventive care, until the HDHP deductible is satisfied. Any changes to telemedicine coverage should be communicated to plan participants through an updated summary plan description or a summary of material modifications.
In September 2024, federal agencies released a final rule to strengthen MHPAEA’s requirements. MHPAEA generally prevents health plans and issuers that provide mental health and substance use disorder (MH/SUD) benefits from imposing less favorable benefit limitations on those benefits than on medical/surgical (M/S) coverage. In recent years, the U.S. Department of Labor has made MHPAEA compliance a top enforcement priority, with a primary focus being MHPAEA’s parity requirements for NQTLs. NQTLs are generally health plan provisions that impose nonnumerical limits on the scope or duration of benefits, such as prior authorization requirements, step therapy and provider reimbursement rates.
MHPAEA requires health plans and health insurance issuers to conduct comparative analyses of the design and application of NQTLs used for MH/SUD benefits compared to M/S benefits. Health plans and issuers must make their comparative analyses available upon request to federal agencies, as well as applicable state authorities and covered individuals.
The new final rule focuses on NQTLs to prevent health plans and issuers from using NQTLs to limit access to MH/SUD benefits to a greater extent than M/S benefits. The final rule also establishes minimum standards for developing comparative analyses to assess whether each NQTL, as written and in operation, complies with MHPAEA’s parity requirements. For health plans subject to ERISA, the comparative analysis must include a plan fiduciary’s certification confirming they engaged in a prudent process to select one or more qualified service providers to perform and document the plan’s comparative analysis and have satisfied their duty to monitor those service providers.
Employer-sponsored health plans must comply with new requirements for comparative analyses, beginning with the 2025 plan year (although some key requirements are delayed until the 2026 plan year). Employers with fully insured health plans should reach out to their issuers to confirm comparative analyses will be completed for their plan’s NQTLs for the 2025 plan year in accordance with the final rule’s applicable requirements. Employers with self-insured health plans should reach out to their third-party administrators (TPAs) or other service providers for assistance with their comparative analyses. In addition, employers with ERISA-covered health plans must ensure their comparative analyses include the required fiduciary certification that they have prudently selected and monitored their service providers.
A new final rule strengthens the HIPAA privacy protections by prohibiting the disclosure of protected health information (PHI) related to lawful reproductive health care in certain situations. The HIPAA Privacy Rule sets strict limits on the use, disclosure and protection of PHI by health care providers, health plans, health care clearinghouses and their business associates (regulated entities). The Privacy Rule also allows regulated entities to use or disclose PHI for certain non-health care purposes, including certain criminal, civil and administrative investigations and proceedings.
As of Dec. 23, 2024, regulated entities must comply with stricter HIPAA privacy protections for reproductive health care. These new protections prohibit regulated entities from using or disclosing PHI related to lawful reproductive health care:
- For a criminal, civil or administrative investigation into (or proceeding against) a person in connection with reproductive health care; and
- To identify an individual, health care provider or other person for purposes related to such an investigation or proceeding.
In addition, regulated entities must obtain a valid attestation when a request is made to use or disclose PHI potentially related to reproductive health care for certain purposes to ensure that the use or disclosure is permissible.
Employers with self-insured health plans and employers with fully insured health plans that have access to PHI (other than certain limited types) should update their HIPAA policies and train affected members of their workforce on the new restrictions for PHI related to reproductive health care. Although the new privacy protections do not specifically require updates to business associate agreements, employers should review the terms of their agreements to determine if updates should be made. In addition, the U.S. Department of Health and Human Services has provided a model attestation form that employer-sponsored health plans may use to ensure a requested use or disclosure of PHI complies with the new privacy protections. Health plans must also update their HIPAA privacy notices for the new privacy protections, although they have until Feb. 16, 2026, to make these updates.
Over the last few years, several new transparency requirements have gone into effect for employer-sponsored health plans and health insurance issuers. These new transparency requirements are designed to improve the quality of health care and lower costs by making more information accessible to plan participants and the public. Going into 2025, employers should review their compliance with applicable health plan transparency requirements, including the following:
- Self-service price comparison tool—Health plans and issuers must make an internet-based self-service tool available to plan participants to disclose personalized pricing information for covered items and services, including prescription drugs. Cost estimates must be provided in real time based on cost-sharing information that is accurate at the time of the request. This requirement was originally effective in 2023 for 500 items and services. As of 2024, price comparison information must be available for all covered items and services;
- Machine-readable files (MRFs)—Health plans and issuers must disclose detailed pricing information in MRFs on a public website. Currently, health plans and issuers must post MRFs regarding in-network-provider negotiated rates and out-of-network allowed amounts. These files must be updated monthly to ensure the information remains accurate. The requirement to post an MRF on covered prescription drugs has been delayed; and
- Surprise medical billing notices—Health plans and issuers must comply with federal protections against surprise medical billing by limiting out-of-network cost sharing and prohibiting “balance billing” for certain types of health care services. Plans and issuers must post a notice regarding these protections on a public website and include it on each explanation of benefits (EOB) for an item or service to which the protections apply.
In addition, health plans and issuers must report information about prescription drug and health care spending to the federal government by June 1 each year, a process commonly referred to as prescription drug reporting or RxDC reporting. Health plans and issuers must also submit an attestation each year by Dec. 31, stating that their agreements with health care providers, TPAs and other service providers do not contain prohibited gag clauses that prevent the sharing of certain health care data.
Because employers do not typically have the information needed for these new transparency disclosures, they often rely on their issuers, TPAs or other third-party vendors to meet the transparency requirements. Employers should confirm that written agreements with their issuers, TPAs and other service providers have been updated to address this compliance responsibility. Employers should also monitor their service providers to confirm their plans’ compliance with applicable legal requirements, including the new transparency requirements. Cautious employers may want to consider requesting vendors to provide reporting related to transparency compliance.
Other compliance developments are possible in 2025. These would impact health plan coverage in the future. For example, these developments may include:
- Finalization of a proposed rule from December 2024 that would substantially modify the HIPAA Security rule to strengthen cybersecurity protections for electronic PHI. These changes would impact employers with self-insured health plans and those with fully insured health plans that have access to PHI;
- New state and federal oversight of PBMs to help control health care spending, such as requirements for disclosures to health plan fiduciaries, application of drug discounts and rebates and prohibitions on spread pricing (which occurs when PBMs keep the difference between actual pharmacy charges and the higher negotiated payments from health plans);
- New state coverage mandates for fully insured health plans regarding fertility treatments;
- Ongoing litigation impacting group health plans on a variety of issues, including the ACA’s preventive care mandate; ERISA fiduciary requirements; preemption of state laws regulating PBMs; and the application of ACA Section 1557, which prohibits discrimination in covered health programs and activities based on sex, race, color, national origin, age or disability; and
- Guidance from federal agencies regarding the implementation of additional transparency requirements for health plans. For example, employers should watch for regulatory guidance on advanced EOBs, which is a key transparency requirement that has not taken effect yet, but federal agencies are working to implement it in stages. When this requirement takes effect, health plans and issuers will need to send an EOB to covered individuals explaining the estimated cost of an item or service, including the individual’s estimated cost sharing, before a scheduled service.
LINKS & RESOURCES
- The Mental Health Parity and Addiction Equity Act (MHPAEA) final rule from September 2024
- The Paperwork Burden Reduction Act, which simplifies ACA reporting for applicable large employers (ALEs)
This article is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice. ©2025 Zywave, Inc. All rights reserved.
