Compliance Recap


Compliance Recap | April 2022


After several very quiet months this year, April saw renewed compliance activity. The IRS provided guidance on transportation fringe benefits unused due to COVID-19 workplace changes and announced inflation-adjusted amounts for HSAs and HRAs. The Centers for Medicare & Medicaid Services (CMS) announced Medicare Part D rates and the parameters and thresholds for qualified retiree prescription drug coverage. The Department of the Treasury and the IRS issued a proposed rule to base Marketplace premium tax credit (PTC) eligibility on the cost of family health insurance coverage rather than individual coverage to fix the “family glitch” related to PTC eligibility.

Treasury Reminds Employers that Unused Transportation Fringe Benefits Cannot Be Cashed Out or Deposited in FSA

The Department of the Treasury released Information Letter 2022-0002 in which the Office of Associate Chief Counsel (Employee Benefits, Exempt Organizations, and Employment Taxes) reminded employers the Internal Revenue Code (Code) prohibits cafeteria plans from offering qualified transportation fringe benefits, and IRS rules do not permit unused compensation reduction amounts under a qualified transportation plan to be transferred to a health flexible spending arrangement (FSA) under a cafeteria plan. As more individuals are working remotely while the COVID-19 pandemic lingers, they may have transportation deductions that remain unused at the end of the year. The Information Letter suggests that because there is some heightened risk of loss due to changing circumstances, employers should inform employees of the risk before they elect transportation fringe deductions.

CMS Releases 2023 Parameters for Medicare Part D Prescription Drug Benefit

On April 4, 2022, the Centers for Medicare & Medicaid Services (CMS) released a Medicare Part D Fact Sheet and Rate Announcement detailing the parameters and thresholds for the defined standard Medicare Part D prescription drug benefit for 2023:



Initial coverage limit


Out-of-pocket threshold


Total covered Part D spending at the out-of-pocket threshold (for beneficiaries who are ineligible for the coverage gap discount program


Minimum cost-sharing in catastrophic coverage portion of the benefit

$4.15 for generic/preferred multi-source drugs

$10.35 for all other drugs


Plan sponsors and issuers of prescription drug coverage will need to use the new parameters in determining whether their prescription drug coverage is at least actuarily equivalent to the 2023 standard Medicare Part D coverage.

Biden Administration Announces Proposed Rule to Fix Family Glitch in Obtaining ACA Marketplace Tax Credits

On April 5, 2022, the White House released a Fact Sheet in which it announced that the Treasury Department (Treasury) and the Internal Revenue Service (IRS) were issuing a proposed rule to eliminate the “family glitch” under which certain dependents cannot qualify for a premium tax credit (PTC) on the Marketplace because individual coverage provided by an employer is affordable even though family coverage – which would cover the individual seeking the PTC – is unaffordable. The Administration declared that if the Departments finalize the proposed rule, family members of workers who are offered affordable self-only coverage, but unaffordable family coverage may qualify for premium tax credits to buy Affordable Care Act (ACA) coverage, which the White House estimates could provide coverage to more than 200,000 currently uninsured people and reduce health insurance costs for over one million Americans.

Read the full UBA Compliance Advisor for more on the proposed rule.

 OCR Issues Request for Information Regarding HIPAA Breach Avoidance and Methods for Distributing Penalties and Settlement Funds

On April 6, 2022, the Office for Civil Rights (OCR) released a Request for Information (RFI) as it begins to implement and enforce 2021 legislation requiring the agency to consider whether HIPAA covered entities and business associates have adopted and applied certain recognized security practices, particularly those focused on avoiding cybersecurity threats. The RFI also seeks public input on potential information or clarifications OCR could provide in future rulemaking or guidance regarding its implementation of HIPAA and HITECH. Finally, the RFI seeks public comment on recommended methods for sharing monetary penalties or settlements with individuals harmed by a privacy violation or security breach. The RFI seeks feedback on recognized security practices and how best to address individual harm resulting from a HIPAA Rules violation, including the proper distribution of payments to individuals. Public comments are due by June 6, 2022.

Overall, the final rule seeks to strengthen the coverage offered by qualified health plans (QHPs) on the federal Marketplace. These policies will also ensure consumers can more easily find the right form of quality, affordable coverage for their circumstances.

Departments Provide Guidance on Machine-Readable File Format under New Transparency Rules

On April 19, 2022, the Departments of Labor, Health and Human Services, and the Treasury (collectively, the Departments) issued FAQ guidance regarding the Transparency in Coverage Final Rules (TiC Final Rules). The TiC Final Rules require non-grandfathered group health plans and health insurance issuers offering non-grandfathered coverage in the group and individual markets to disclose, on a public website, information regarding in-network rates and out-of-network allowed amounts and billed charges for covered items and services in separate machine-readable files by July 1, 2022. The FAQs clarify that where a plan or issuer agrees to pay an in-network provider a percentage of billed charges and cannot assign a dollar amount prior to a bill being generated, plans and issuers may report a percentage number in lieu of a dollar amount. Further, the FAQs provide that where the TiC Final Rules reporting method does not support a particular alternative reimbursement arrangement, or where an arrangement requires submitting additional information to describe the nature of the negotiated rate, plans and issuers may disclose in an open text field a description of the formula, variables, methodology, or other information necessary to understand the arrangement.

CMS Releases 2023 Benefit and Payment Parameters Final Rule

On April 28, 2022, the Centers for Medicare and Medicaid Services (CMS) released its 2023 Benefit and Payment Parameters Final Rule. Overall, the final rule seeks to strengthen the coverage offered by qualified health plans (QHPs) on the federal Marketplace. CMS asserts that these policies will also ensure consumers can more easily find the right form of quality, affordable coverage for their circumstances. One primary difference from the proposed rule published in January 2022 is that the Department of Health and Human Services (HHS) did not amend regulations to explicitly identify and recognize discrimination based on sexual orientation and gender identity as prohibited forms of discrimination based on sex consistent with the Supreme Court's decision in Bostock v. Clayton County. HHS stated that because it is currently working on final rules regarding this subject under the Affordable Care Act (ACA) Section 1557, it will await including any rule under the Benefit and Payment Parameters to ensure consistency.

IRS Announces 2023 HSA and HDHP Amounts

On April 29, 2022, IRS released Rev. Proc. 2022-24 to define the 2023 inflation-adjusted amounts that apply to health savings accounts (HSAs) and high-deductible health plans (HDHPs). The newly announced figures include the maximum contribution limit for an HSA, the minimum permissible deductible for an HDHP, and the maximum limit on out-of-pocket expenses (e.g., deductibles, copayments, and other amounts aside from premiums) for qualifying HDHPs. These limits will differ depending on whether an individual is covered by a self-only or family coverage tier under an HDHP.

The new 2023 limits are as follows:









HSA Maximum Contribution






HSA Maximum Catch-up Contribution






HDHP Minimum Deductible






HDHP Maximum Out-of-Pocket Expense







OCR Releases Annual HIPAA Reports to Congress

The Health Information Technology for Economic and Clinical Health (HITECH) Act requires the Office for Civil Rights (OCR) to report to Congress annually the Health Insurance Portability and Accountability Act of 1996 (HIPAA) breaches and complaints it receives during the calendar year. For 2020 (the most recent year for which OCR is reporting), OCR’s HIPAA Breach Report highlights that it received 656 notifications of breaches affecting 500 or more individuals, representing an increase of 61% from the number of reports received in calendar year 2019. These reported breaches affected a total of 37,641,403 individuals. The most reported category of breaches was hacking, and the largest breach of this type involved approximately 3.5 million individuals. The report also outlines trends covered entities should monitor and offers OCR’s tips on best practices to remain HIPAA-compliant, particularly as cyberattacks continue to escalate. Specifically, the report admonishes covered entities to make sure they conduct proper security risk assessments and implement risk management programs.

OCR’s HIPAA Privacy, Security and Breach Notification Compliance Report shows that it received 27,182 new complaints alleging violations of the HIPAA Rules and the HITECH Act, representing a decrease of 4% from the number of complaints received in calendar year 2019. OCR resolved 26,530 complaints. Further, OCR completed 566 compliance reviews and required the subject entity to take corrective action or pay a civil money penalty in 86% (485) of these investigations. Covered entities should note that 674 out of 746 investigations opened by OCR stemmed from reported breaches. Thus, taking the steps outlined in the HIPAA Breach Report to prevent breaches, is the best way to avoid having OCR launch an investigation against a covered entity.

Question of the Month

Q: Does coverage under an Employee Assistance Program (EAP), disease management program, or wellness program make an individual ineligible to contribute to a health savings account (HSA)?

A: In general, an individual will still be allowed to contribute to an HSA even if they are covered under an EAP, disease management program, or wellness program if the program is not considered a “health plan” because it does not provide significant benefits in the nature of medical care or treatment. Generally, screening and other preventive care services do not count as significant medical care or treatment. The following examples help illustrate this point.

Example 1. An employer offers a program that provides employees with benefits under an EAP, regardless of enrollment in a health plan. The EAP is specifically designed to assist the employer in improving productivity by helping employees identify and resolve personal and work concerns that affect job performance and the work environment. The benefits consist primarily of free or low-cost confidential short-term counseling to identify an employee's problem that may affect job performance and, when appropriate, referrals to an outside source to help the employee resolve the problem. The issues addressed during the short-term counseling include, but are not limited to, substance abuse, alcoholism, mental health or emotional disorders, financial or legal difficulties, and dependent care needs. This EAP is not a health plan because it does not provide significant benefits in the nature of medical care or treatment. The EAP will not cause the employee to be ineligible to contribute to an HSA.

Example 2. An employer maintains a disease management program that identifies employees and their family members who have, or are at risk for, certain chronic conditions. The disease management program provides evidence-based information, disease specific support, case monitoring, and coordination of the care and treatment provided by a health plan. Typical interventions include monitoring laboratory or other test results, telephone contacts or web-based reminders of health care schedules, and providing information to minimize health risks. This disease management program is not a health plan because it does not provide significant benefits in the nature of medical care or treatment. The disease management program will not cause the employee to be ineligible to contribute to an HSA.

Example 3. An employer offers a wellness program for all employees regardless of participation in a health plan. The wellness program provides a range of education and fitness services designed to improve the overall health of the employees and prevent illness. Typical services include education, fitness, sports, and recreation activities, stress management and health screenings. Any cost charged to the individual for participating in the services are separate from the individual's coverage under the health plan. This wellness program is not a health plan because it does not provide significant benefits in the nature of medical care or treatment. The wellness program will not cause the employee to be ineligible to contribute to an HSA