Getting Clarity on Transparency: What Health Plan Sponsors Need to Know about Publishing Machine-Readable Files
As of July 1, 2022, group health plans must clear one of the first major compliance hurdles required by the Affordable Care Act’s (ACA) Transparency in Coverage (TiC) Final Rules. By that date, plans and insurance carriers must have prepared and posted two machine-readable files (MRFs) to a public website so individuals can readily learn their in-network group health plan costs as well as historical paid amounts for out-of-network services. (A third MRF relating to prescription drugs will be required later and is not subject to the July 1, 2022, deadline.) There is still some confusion surrounding the MRF requirement, so this Advisor is designed to provide important context and actionable steps for plan sponsors to understand their transparency obligations as they cope with the new TiC disclosure requirement.
The ACA contains numerous provisions requiring medical care and services to be delivered more transparently. The TiC rules specifically target public disclosure of plan costs, including in-network and out-of-network pricing data. Most non-grandfathered group health plans must comply with the TiC rules, but they specifically exempt excepted benefits (for example, standalone vision and dental plans) as well as health flexible spending arrangements (HFSAs), individual coverage health reimbursement arrangements (ICHRAs), and standalone general health reimbursement arrangements (HRAs).
Congress later passed the Consolidated Appropriations Act, 2021 (CAA) which also included major transparency requirements. The U.S. Department of Labor, the Treasury Department, and the U.S. Department of Health & Human Services (collectively, the Departments) recognized that many provisions in the CAA overlapped with ACA TiC rules so they issued guidance to allow plan sponsors and carriers to avoid duplicating compliance efforts and to provide a clear compliance timeline.
The TiC rules require plans to disclose in-network provider negotiated rates, historical out-of-network allowed amounts for providers, and in-network negotiated rates and historical net prices for all covered prescription drugs at the pharmacy level. Plans must make these disclosures through three MRFs posted to an internet website in a standardized format. Plans also must update the MRFs monthly to give health care consumers relevant, timely information to understand their health care pricing.
The TiC regulations require these files to be made public for plan years beginning on or after January 1, 2022. However, the Departments issued guidance that deferred enforcement regarding publishing in-network and out-of-network rates until July 1, 2022. The guidance also deferred enforcement relating to the prescription drug MRFs indefinitely until after the Departments have issued final regulations regarding that requirement.
The TiC rules further provide that a group health plan acting in good faith and with reasonable diligence will not be deemed to be noncompliant because it makes an error or omission in required disclosure, or due to temporary public website inaccessibility. Moreover, if information required to be disclosed must come from a third party (such as a third-party administrator [TPA], a carrier, etc.), a plan will not be out of compliance unless it knew or reasonably should have known that the information provided is incomplete or inaccurate. However, a plan sponsor must be able to show that it took diligent compliance steps to gain the protections afforded by the TiC rules. (See 29 CFR §2590.715-2715A2(c)(4)-(6).)
Also, because the TiC rules impose the same disclosure obligations on insurance carriers, plan sponsors can rely on carriers to comply with the MRF rules – but only through written agreement according to 29 CFR §2590.715-2715A2(b)(3)(i). Thus, if a health insurance carrier and plan sponsor enter into a contract under which the carrier agrees to provide the required information and the carrier fails to do so, then the carrier, not the plan, violates the relevant disclosure rules.
This rule, however, does not protect a self-funded plan sponsor relying on a TPA to make the required disclosure under 29 CFR §2590.715-2715A2(b)(3)(ii). In that case, a plan could bind the TPA to indemnify it for liability arising from noncompliance, but that would involve a plan sponsor seeking recovery directly from a TPA on some breach of contract or failure to perform claim.
The TiC rules require plans to publicly disclose:
A plan must disclose information via a website in a standardized MRF as follows:
Both MRFs must include the following specific content under final Department rules:
Plans are required to associate each negotiated rate or out-of-network allowed amount with a CPT or HCPCS code, DRG, NDC, or other common payer identifier. This is because plans, insurers, and providers uniformly understand them and commonly use them for billing and paying claims (including for both individual items and services and service packages). In the case of prescription drugs, plans may only use the National Drug Code (NDC) as the billing-code type. Moreover, plans must include a plain language description for each billing code for each covered item or service under each coverage option offered.
All MRFs must include specific pricing information that is associated with an applicable provider’s National Provider Identifier (NPI), Tax Identification Number (TIN), and a Place of Service Code, although the provider’s name is not required.
This MRF must show negotiated rates (or comparable amounts) under a plan or coverage for each covered item or service furnished by in-network providers. If a plan does not use negotiated rates for provider reimbursement, then the plan should disclose derived amounts to the extent these amounts are already calculated in the normal course of business. If the plan uses underlying fee schedule rates for calculating cost-sharing, then the plan should include the underlying fee schedule rates in addition to the negotiated rate or derived amount. For all individual items and services and items and services in a bundled payment arrangement, rates must be reflected as dollar amounts and must be associated with the provider's National Provider Identifier (NPI), TIN, and Place of Service Code.
Plans also must include the last date of the contract term for each provider-specific applicable rate that applies to each item or service (including rates for both individual and bundled items and services). It must also indicate where a reimbursement arrangement other than a standard fee-for-service model applies (such as capitation or a bundled payment arrangement). With the exception of information relevant to prescription drug products that are included as part of an alternative payment arrangement (such as a bundled payment arrangement), the In-Network Rate File will exclude information relevant to prescription drugs, as that information will be provided in the third MRF as of an indefinite future date.
The Departments recently issued FAQ guidance to clarify instances where otherwise required detail cannot be provided. Specifically, the Departments stated that where a plan or issuer agrees to pay an in-network provider a percentage of billed charges and cannot assign a dollar amount prior to a bill being generated, plans and issuers may report a percentage number in lieu of a dollar amount. Further, the FAQs provide that where the TiC rules’ reporting method does not support a particular alternative reimbursement arrangement, or where an arrangement requires submitting additional information to describe the nature of the negotiated rate, plans and issuers may disclose in an open text field a description of the formula, variables, methodology, or other information necessary to understand the arrangement.
The TiC rules require a plan to include unique out-of-network allowed amounts and billed charges for covered items or services furnished by out-of-network providers during the 90-day period that begins 180 days prior to publishing the MRF. However, a plan must omit this info in relation to a particular item or service and provider when including the information would require the plan to report payment of out-of-network allowed amounts in connection with fewer than 20 different claims for payments under a single plan or coverage. Nothing in the regulations requires the disclosure of information that would violate any applicable health information privacy law.
The plan must express each out-of-network allowed amount as a dollar amount for each covered item or service that is furnished by an out-of-network provider and associated with the NPA, TIN, and Place of Service Code of each respective provider.
A plan must disclose the aggregate of the actual amount the plan paid to the provider, plus the participant's or beneficiary's share of the cost. So, if a plan’s terms state that the plan sponsor pays $160 for a covered service, and the participant pays $40, the amount required to be disclosed in the MRF is $200. This unique payment amount would be associated with the particular covered item or service (identified by billing code) and the particular out-of-network provider who furnished the item or service.
Example: Assume a plan publishes an MRF reporting out-of-network historical allowed amount data. The plan's Allowed Amount File must detail each discrete out-of-network allowed amount the plan calculated in connection with a covered item or service furnished by an out-of-network provider between January 1 and April 1. Assume that during this 90-day period, the plan paid 23 claims from a particular provider for certain covered rapid flu tests (CPT Code 87804). The plan calculated out-of-network allowed amounts of $100 for three claims, $150 for 10 claims, and $200 for the remaining 10 claims. The plan must report that it calculated three different out-of-network allowed amounts of $100, $150, and $200 for rapid flu tests (CPT Code 87804) in connection with covered services furnished by that provider from January 1 to April 1. On July 30, the plan would update the file to show the unique out-of-network allowed amounts for CPT Code 87804 for the provider’s services rendered from February through April. On August 30, the plan would update the file to show such payments for services rendered from March through May, and so on.
There could be cases where disclosing required payment information may enable users to identify the patient who received the service. There may also be instances when the TiC rules’ public disclosure requirement would violate federal or state laws governing health information that are more stringent than HIPAA rules regarding use, disclosure, and security of health data and so would have to further de-identify data. For example, some of the claims for payment from an out-of-network provider could relate to services provided for substance use disorder, which could implicate disclosure limitations under 42 CFR part 2 governing the confidentiality of substance use disorder patient records. In these cases, plans are not required to provide out-of-network allowed amount data for a particular provider and a particular item or service when compliance would require a plan to report fewer than 20 different claims for payment, or where disclosure would violate applicable health information privacy laws.
The TiC rules define an MRF as a digital representation of data or information in a file that a computer system can import, read, and further process without human intervention and without losing relevant meaning. Each MRF must use a non-proprietary, open format to be identified in technical implementation guidance (for example, JSON, XML, CSV). Plans should be aware that the rules specify that a PDF file will fail to comply with required standards.
MRFs are further required to comply with technical, non-substantive implementation guidance to be provided by the Departments. The guidance will provide technical direction that identifies the specific open, non-proprietary file format in which plans should produce MRFs. Guidance will communicate the way that the data should be organized and arranged. The technical implementation guidance will be available online through GitHub, a website and cloud-based service that helps developers store and manage their code, as well as to track and control changes to their code.
The MRF must be accessible at no cost to any user and cannot require a user to establish an account, password, or other credentials. Also, a user cannot be required to submit any personal identifying information such as a name or email address to access MRF content.
Carriers, TPAs, and other third parties have been preparing for the July 1 deadline for months. Many have offered various solutions up to and including building out a public website on behalf of a plan. Most have either modified existing service agreements (or entered into new agreements) with plans to help them ensure compliance with the TiC rules.
Fully insured plan sponsors should take steps (if they have not already done so) to obligate the carrier in writing to handle TiC rules compliance to guard against liability for compliance failures. Further, employers will want a clear picture of where the MRFs will live and how they can direct participants to them.
Similarly, self-funded plan sponsors will want to enter into a written contract that requires their TPA to provide all required information and indemnify the sponsor for any shortcomings. Sponsors will want to know exactly where the data will be stored and that it will be maintained as required by the TiC rules.
The Departments have not provided specific guidance beyond what is noted above. However, particularly in cases where a carrier or other third party has contractually agreed to perform all public disclosures, plan sponsors should, at a minimum, provide a link to where the third party houses the required disclosures. This will require coordinating with a plan sponsor’s IT team to coordinate how and where to best post such a link.
Finally, plan sponsors should consider clearly communicating to employees where they can access the required disclosures and learn more about their plan costs. The TiC rules do not require such communication but giving affected individuals this information should reduce the number of questions busy HR professionals will have to answer regarding this subject.