Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Alerts
    4. Bringing it all together — Health and welfare plan fiduciary compliance reviews

      Alerts

    Alert / Benefits

    Bringing it all together — Health and welfare plan fiduciary compliance reviews

    Nov 17, 2023

    LinkedInX (Twitter)EmailCopy URL

    By Damian Myers, Yelena Gray, Lena Gionnette and Annie Zhang

    We summarize the benefits of conducting a comprehensive fiduciary compliance review—and best practices for doing so.

    What’s the impact?

    • Fiduciaries should strive to mitigate risks proactively by formalizing a fiduciary compliance review process.
    • A solid process involves evaluating plan documents, participant communications, service provider agreements, and service provider performance to identify potential risks.
    • Making corrections and taking steps to minimize risk can help reduce the chance of costly litigation in the future.

    DOWNLOAD

    PDF: Fiduciary compliance reviews

    Over the last several weeks, our Health and Welfare Plan Fiduciary Governance Series has touched on a number of key responsibilities for plan fiduciaries. From establishing fiduciary committees to monitoring service providers to ensuring compliance with HIPAA and claims and appeals procedures, fiduciary responsibility under health and welfare plans is far-reaching. With litigation risks increasing, health and welfare plan fiduciaries cannot afford to take a reactive approach to plan administration. Rather, fiduciaries should strive to mitigate fiduciary risks proactively. This final article in our Fiduciary Governance Series brings it all together and provides a fiduciary compliance review blueprint that fiduciaries can follow when assessing risks.

    Summarizing key fiduciary responsibilities

    But before getting to the fiduciary compliance review blueprint, it is helpful to take a step back and summarize the key fiduciary responsibilities we discussed in prior articles.

    Form health and welfare fiduciary committees

    In the retirement plan context, establishing fiduciary committees and holding periodic meetings is the standard practice. However, that has not historically been the case with respect to health and welfare plans. Given the growing litigation risks associated with health and welfare plans, plan administrators should consider forming health and welfare fiduciary committees, either on a stand-alone basis or as part of an overall employee benefits committee that covers retirement and health and welfare plans. A health and welfare committee could be tasked with several fiduciary responsibilities, including, among other things, selecting and monitoring service provider performance and fees, establishing and maintaining cybersecurity policies, and reviewing escalated claims and appeals-related issues. As with retirement plan committees, the health and welfare committee should include internal personnel—those who are familiar with the plans and have some relevant expertise—and outside experts as needed, and clearly document all committee activities. This written documentation is the first line of defense against a claim that fiduciaries have failed to follow their fiduciary duties.

    Select and monitor service providers

    It is well-established that selecting and monitoring plan service providers is a fiduciary function. A prudent service provider selection process involves issuing requests for proposals from several prospective service providers and evaluating various components of the bid (i.e., fees, services, performance guarantees, etc.). Once a service provider is selected, fiduciaries (and their Employment Retirement Income Security Act (ERISA) counsel) should negotiate a contract that accurately reflects the winning bid specifications and includes commercially appropriate terms and conditions. A fiduciary’s responsibility does not end with service provider selection.

    Although some fiduciary functions will be delegated to the service provider, the plan fiduciary is still required to monitor performance and fees. The primary method of monitoring service providers is through an annual audit conducted by a qualified and independent auditor. In the medical plan context, the audit will examine claims to ensure accurate processing, eligibility, performance guarantees, and general adherence to the contract terms. In the prescription drug context, the audit will cover, in particular, ingredient cost, dispensing fee, and rebate guarantees, as well as other contract compliance checks.

    Prioritize cybersecurity

    In recent years, the Department of Labor (DOL) has made cybersecurity an enforcement priority. Although health plans are subject to strict requirements under the Health Insurance Portability and Accountability Act (HIPAA), health plan fiduciaries should nevertheless take steps to ensure that service providers have sufficient cybersecurity protocols in place. Additionally, health plan fiduciaries should consider developing cybersecurity policies and procedures that set minimum requirements for plan service providers and govern what happens when a security incident occurs.

    Navigate claims and appeals

    Claims and appeals are typically handled by a third-party claims administrator, and the claims administrator is the primary fiduciary when making claims and appeals determinations. Nevertheless, situations often arise that can have fiduciary implications for health and welfare plan fiduciaries. For example, participants who have had a claim denied may, from time to time, seek an exception. Overriding a claims administrator’s decision and plan documentation can be problematic, so when those requests come in, fiduciaries should consult with ERISA counsel. Additionally, healthcare providers often dispute plan reimbursements and issue letters demanding additional payment. Healthcare providers generally have no statutory rights under ERISA; however, plan participants can assign their rights to a healthcare provider or designate a healthcare provider to act on the participant’s behalf as an authorized representative. Health plans can expressly prohibit assignment but may not preclude the designation of a representative. Plan fiduciaries should consult legal counsel when assignment and representative designation issues arise.

    Conducting a Fiduciary Compliance Review

    With that recap, it is clear that health and welfare fiduciaries face several sources of risk. Formalizing fiduciary governance within a fiduciary committee and using that committee to monitor fiduciary compliance is an important first step toward compliance and risk mitigation. A second step may be for the fiduciary committee to work with ERISA counsel and conduct a comprehensive fiduciary compliance review. This review will evaluate plan documents, participant communications, service provider agreements, and service provider performance to identify potential risks.

    There is no “one size fits all” method to conduct one of these reviews, but by way of example, the review blueprint provided below is based on the several compliance reviews conducted by Nixon Peabody’s Health and Welfare team.

    Fiduciary Questionnaire and Document Request

    The fiduciary compliance review commences with a questionnaire and document request. The questionnaire requests information related to plan design, health plan fiduciary governance, service providers, request for proposal (RFP) history, claims and appeals practices, special enrollment practices, participant communication practices, HIPAA and cybersecurity, audit history, government investigation history, and various other compliance matters. The documents requested include the wrap plan document and summary plan description, summaries of material modifications, component benefit plan documents, cafeteria plan document, summaries of benefits and coverage, service provider agreements, mental health parity comparative analysis, Consolidated Omnibus Budget Reconciliation Act (COBRA) notices, and HIPAA and cybersecurity policies and procedures.

    Service Provider Questionnaires

    The fiduciary compliance review also includes a service provider questionnaire to assess administrative practices. The content of these questionnaires varies based on the services performed.

    Plan Document Review

    All plan documents, participant communications, policies, and procedures will be reviewed to identify areas of noncompliance and potential sources of fiduciary risks. For example, the review will assess compliance with the Affordable Care Act, federal mental health parity laws, COBRA, HIPAA, and other laws that require disclosures within plan documents and claims and appeals procedure requirements. The review will also consider key areas of fiduciary risk, such as bulk recovery disclosures and out-of-network reimbursement methodology.

    Service Provider Agreement Review

    Service provider agreements will be reviewed to determine whether market standard provisions are included in the agreement. For instance, the review will assess the scope of services description and standard commercial provisions, such as termination timing and procedures, confidentiality and data security, indemnification, limitations on liability, audit rights, and dispute resolution. Allocation and acceptance of fiduciary responsibility will also be evaluated. Finally, the review will evaluate fee transparency and identify potential hidden revenue streams.

    Plan Communications Review

    Routine plan communications will be reviewed to address content requirements and potential fiduciary risks. These communications include annual disclosures, such as notices pertaining to the Women’s Health Care Act, Medicare creditable coverage, Children’s Health Insurance Program Reauthorization Act (CHIPRA), and wellness programs. Periodic notices, such as COBRA initial and election notices and HIPAA notices of privacy practices, are also reviewed. This review may also identify and correct inconsistencies between communications and governing plan documents.

    HIPAA/Cybersecurity Assessment

    As part of the compliance review, internal HIPAA policies and procedures will be evaluated, and business associate agreements will be reviewed. Cybersecurity protocols will also be evaluated based on recent DOL guidance. Involvement of the IT department is recommended.

    Recommendations

    At the conclusion of the fiduciary compliance review, several recommendations will be provided to the health and welfare plan fiduciary. Some could be implemented immediately by changing administrative practices, revising policies or procedures, or updating plan documents and participant communications. Others, particularly those recommendations to amend service provider agreements, may need to wait until the next contract renewal.

     

    Conducting a comprehensive fiduciary compliance review for health and welfare plans is not a small undertaking. But it also should not be so burdensome that its costs outweigh its benefits. In fact, in our experience, compliance reviews almost always identify compliance and fiduciary risks. Making corrections and taking steps to mitigate against identified risks can help reduce the chance of costly litigation in the future. A well-documented compliance review could be a key defense against fiduciary litigation. Additionally, many of the recommendations, either to administrative practices or service provider agreements, directly reduce plan costs.

    Practices

    Employee Benefits & ERISAHealth & Welfare Fiduciary Governance

    Insights And Happenings

    • Alert

      Fifth Circuit reverses dismissal of ERISA Breach of Fiduciary Duty Claims

      April 22, 2024
    • Article

      Michelle Harding, Chief Legal & People Officer, Life & Specialty Ventures

      March 12, 2024
    • Alert

      Fiduciary governance: Handling participant claims and appeals and provider disputes

      Nov 6, 2023
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved