As the Novel Coronavirus (COVID-19) pandemic spreads, employers and plan sponsors are growing more concerned about the impact on group health plan administration. For the most part, except where deviation is required by state or federal mandates, group health plans should continue to be operated as they have been without regard to COVID-19. Nevertheless, there are several things group health plan sponsors and administrators should consider.
Several states have directed fully-insured health plans to waive cost-sharing for testing and, in some cases, treatment for COVID-19. Additionally, many claims administrators providing services to self-funded group health plans have notified plan sponsors that they will automatically waive cost-sharing for COVID-19 testing and treatment unless the sponsors opt-out. In response to the cost-share waiver mandates, the Internal Revenue Service issued Notice 2020-15 to allow high-deductible health plans (“HDHPs”) to cover without cost-sharing COVID-19 testing and treatment prior to satisfaction of the statutory minimum deductible. In the absence of that guidance, there was some concern that cost-share waivers under HDHPs would disqualify contributions to health savings accounts (HSAs).
Note that we are aware of several claims administrators that are also waiving telehealth cost-sharing requirements regardless of the reason for the visit. The rationale for this waiver is that it is safer to keep patients out of brick-and-mortar clinics, but IRS Notice 2020-15 does not appear to cover non-COVID-19-related services. It is possible that the IRS will provide supplemental guidance on this issue, but until then, sponsors of HDHPs should consider the potential HSA disqualification risk before proceeding with broad-based telehealth cost-sharing waivers.
Most administrative services agreements with claims and network administrators contain “force majeure” clauses that exclude performance under the agreement in the event of extreme, unavoidable circumstances. An epidemic or pandemic is often included as a force majeure triggering event, so employers and plan sponsors should consider the impact that COVID-19 might have on the ongoing operation of their health plans. The good thing is that whether or not required under the administrative services agreement, most claims and network administrators have business continuity and disaster recovery protocols in place to ensure administrative services continue in extreme circumstances. Given that COVID-19 and related quarantines are rapidly spreading, employers and plan administrators should consider coordinating with service providers to ensure that business continuity and disaster recovery plans are in place and have been recently tested.
Considering the impact that COVID-19 has on public health, it can be easy for employers to overlook their privacy obligations as administrators of HIPAA covered entities (i.e., group health plans are covered entities under HIPAA). For that reason, in February 2020, the Department of Health and Human Services (“HHS”) issued a bulletin reminding covered entities that despite the heightened public concern regarding COVID-19, HIPAA’s use and disclosure restrictions remain in place. Under HIPAA, disclosures of identifiable health information for reasons other than treatment, payment, or health care operations generally require written authorizations from the subjects of the information. However, HHS noted that group health plan administrators are permitted to disclose health information without written authorization in five specific situations particularly relevant in connection with COVID-19.
These exceptions to the written authorization requirement are not without important limitations. For example, even if disclosure is permitted, HIPAA’s basic “minimum necessary” principle still applies—only the minimum amount of information may be disclosed to achieve the purpose of the disclosure. Also, employers should be aware that they could obtain sensitive health information outside of their role as group health plan administrators (e.g., an employee calls out from work because they are quarantined due to COVID-19 diagnosis or exposure). In those cases, HIPAA would generally not apply, but employers still must consider other state and federal privacy obligations when determining whether to disclose that information.
Although state and federal guidance regarding the impact that COVID-19 has, or will have, on group health plan design and administration is limited at this time, we expect significant state and federal guidance to be released in the future. Employers and plan administrators should work closely with their health insurance providers, consultants, and legal counsel to ensure that their health plans remain compliant as this guidance is released.
The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.
Health Care Alert | 04.06.20
Environmental Law Alert | 03.27.20
Employment Law Alert | 03.26.20
Corporate/M&A alert | 03.25.20
Health Care Alert | 03.24.20
Interstate Commerce Alert | 03.20.20
04.02.20 | Webinar
03.31.20 | Webinar