Skip to main content

Nixon Peabody LLP

Alert / Benefits

Fiduciary governance: Monitoring and auditing medical TPAs, insurers, and other service providers

Sep 28, 2023

By Damian Myers, Yelena Gray, Lena Gionnette and Annie Zhang

The duty to monitor third-party service providers for health and welfare plans is a complex process that requires multiple parties and tools.

What’s the impact?

  • Engage appropriate experts to help review service providers’ compliance with contract terms and performance.
  • Negotiate and include detailed contract provisions related to audit rights and ongoing compliance check-ins with service providers.
  • Identify, retain, and contract with a qualified, independent auditing company that has specialized expertise in the area(s) to be audited.
  • Take corrective actions to address deficiencies and document those efforts.

DOWNLOAD

PDF: Read more about monitoring service providers

Fiduciary responsibilities

After health and welfare plan fiduciaries have gone through the process of evaluating, selecting, and contracting with TPAs, brokers, consultants, and other service providers (such as warehousing and analytics providers for plan data), their fiduciary responsibilities do not end. The Department of Labor (DOL) and several courts have made it clear that fiduciary responsibilities can be delegated to third parties, but the delegating fiduciaries must continuously monitor the performance of those third parties. In this alert, we discuss the relevant parties, the process, and the tools engaged with respect to the duty to monitor.

Parties involved in monitoring performance

The parties that are instrumental in assisting plan fiduciaries with the monitoring process include:

  • ERISA legal counsel—Assists with analyzing service providers’ general adherence to applicable laws and the terms of the contracts.
  • Qualified auditor—Provides a detailed analysis of claims processing, performance guarantees, and data security aspects of plan administration.
  • Health and welfare benefits consultant—Assists with analyzing aggregated data to find areas of excessive spending and areas where additional cost savings and quality of services can be achieved.
  • Insurance broker—Works with the consultant. With fully insured plans, the broker also uses information gathered as part of the ongoing monitoring process to obtain renewal quotes from incumbent insurance carriers and other potential providers in the market.

With cybersecurity becoming a major concern for businesses and industries, plan fiduciaries should monitor not only claims processing, customer service, participant satisfaction, and costs, but also service providers’ ability to protect participant data. Fiduciaries may need to engage their own information technology departments or specialized service providers that can audit TPAs’ and insurance carriers’ data security, business continuity, and data recovery capabilities.

Audit rights under service agreements

To afford fiduciaries both the right and the tools to monitor the quality of services provided under an agreement, the agreement should include detailed provisions outlining audit rights and ongoing compliance check-ins. At a minimum, the following should be considered:

  • The agreement should specify the right to audit specific aspects of plan administration, including claims processing, adherence to the terms of the contract, achievement of performance guarantees set forth in the contract, and data security.
  • The agreement should specify the frequency of audits and the period covered by an audit. For example, agreements commonly provide for one audit per year, with the period covered being up to two years. It is important to retain the ability to audit the service provider not only during the term of the agreement, but also during a certain period after the agreement ends.
  • Of particular importance is the scope of an audit involving claims processing. Often, agreements for medical plan administration will only permit a certain statistical sample of medical claims to be provided to an auditor. Plan fiduciaries and their auditors should have access to all of the claims data and not just a limited statistical sample.
  • Fiduciaries should negotiate the ability to retain any qualified auditor and not just an auditor that is approved by the service provider.
  • The agreement should address the consequences of the audit, such as reprocessing of claims where errors are found and the right to expand an audit where an error is systemic.

Retaining auditors and conducting audits

Armed with the contract provisions that set forth audit rights, plan fiduciaries need to identify and retain a qualified auditing company that has specialized expertise in the area(s) that the fiduciaries plan to audit. The selection of auditors should follow the same general framework as  outlined in our prior installment about evaluating, selecting, and contracting with medical TPAs. One of the more important factors is selecting an auditor that is independent from both the medical TPA/service provider and the benefits consultant that advised on the request for proposals.

Because auditors will have access to protected health information, the plan administrator needs to enter into a business associate agreement with the auditing firm. Further, often TPAs/service providers that are the subject of the audit will require a three-party confidentiality and nondisclosure agreement between the TPA/service provider, the auditor, and the plan administrator. Those agreements need to be carefully negotiated.

The auditor engagement letter or agreement needs to clearly outline the scope of the audit and the plan administrator’s expectations as to the audit report. Once the audit is completed, the plan administrator needs to review the auditor’s report with the insurance broker and/or consultant. The plan administrator should then develop a plan of action to address any weaknesses or errors found by the auditor and follow up with the TPA/service provider to rectify administration deficiencies. In the case of egregious or systemic claims processing or contract discrepancies, the plan fiduciaries should discuss the issues with ERISA legal counsel.

As always, the steps taken by fiduciaries in engaging an auditor, overseeing the audit, analyzing the audit results, and remedial measures taken need to be well documented in the plan administrator’s records. DOL investigators frequently ask plan fiduciaries to produce audit reports and evidence of corrective actions.

Other methods of monitoring service providers

Although conducting plan audits is one of the key methods of monitoring service providers, there are several other methods that plan fiduciaries can employ on an ongoing basis. For instance, periodic meetings between the plan fiduciaries, TPA/service provider, and benefits consultant can help in monitoring claims and appeals activity, litigation, government investigations, overpayment recovery, subrogation activity, and fraud, waste, and abuse programs. Fiduciaries may also consider conducting participant satisfaction surveys with the assistance of the broker or consultant.

In our first installment, we discussed the importance of establishing health and welfare benefit plan committees. Just like retirement plan committees, health and welfare plan committees should meet periodically to discuss ongoing administration issues with their consultants, brokers, and/or legal counsel. These periodic meetings could help identify any areas of concern in the TPA’s/service provider’s performance. These discussions may also bring to light inadequacies in a provider network depending on the service area where the employer’s employee population resides. Participant experience may also reveal areas where a TPA/service provider could improve its performance.

Takeaways for health and welfare plans

Monitoring third-party services providers for health and welfare plans, particularly for self-insured medical plans, is a complex and ongoing process. This is best handled by a committee appointed by the employer with a specific delegation and a mandate to oversee the plan administration and its service providers. The committee needs qualified experts (e.g., ERISA counsel, consultants, auditors, etc.) to assist it on an ongoing basis with reviewing the service providers’ adherence to the negotiated contractual terms. The committee also needs to thoughtfully analyze information gathered through the monitoring process and address any deficiencies it finds.

While monitoring medical plan TPAs, insurers, and service providers is a very involved process, equally important is monitoring of the plan’s PBM. Our next installment will discuss PBM evaluation, selection, and contracting best practices. Although there are several similarities between the medical and PBM selection process, the financial aspects of PBM evaluation are far more complicated than in the medical benefit context.

Insights And Happenings

The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe