DOL Pumps It Up With New Guidance on PUMP Act Enforcement

The U.S. Department of Labor Wage and Hour Division (WHD) published Field Assistance Bulletin No. 2023-02 providing guidance to agency officials responsible for enforcement of the “pump at work” provisions of the Fair Labor Standards Act (FLSA)  including those recently enacted under the 2022 PUMP Act.

The PUMP Act was adopted along with the Pregnant Workers Fairness Act when President Biden signed the Consolidated Appropriations Act, 2023 in December 2022.

This guidance provides employers a glimpse into how the WHD understands and will enforce the rights now available to most employees under the Fair Labor Standards Act for reasonable break time and a place to express breast milk at work for a year after a child’s birth.

Here are a few highlights from the WHD’s bulletin.

• Frequency and Duration of Breaks. The WHD emphasizes that employees are entitled to breaks every time they need to pump and the length and frequency of breaks will vary by employee. Employers and employees may agree to a certain schedule based on the employee’s need to pump, but the WHD advises that employers cannot require employees to comply with a fixed schedule. The WHD also reminds employers that an employee’s needs and break schedule may need to be adjusted over time.
• Compensation. Time for pump breaks may be unpaid unless otherwise required by federal, state, or local law. Employers should pay careful attention to the FLSA’s standard requirements for counting and compensating hours worked. Employees must be paid for any time spent pumping when they are not fully relieved from duty or when pumping during an otherwise paid break.
• Privacy Requirements. The FLSA requires that employees have access to a place to pump at work that is (1) shielded from view; (2) free from intrusion from coworkers and the public; (3) available each time it is needed by the employee; and (4) not a bathroom. To ensure privacy, the WHD advises that an employer could display a sign when the space is in use or a lock on the door. Teleworking employees must also be free from observation from a computer camera or other similar device while pumping.
• Functional Space Requirements. The WHD advises that the location must be “functional” for pumping: “A space must contain a place for the nursing employee to sit, and a flat surface, other than the floor, on which to place the pump. Employees must be able to safely store milk while at work, such as in an insulated food container, personal cooler, or refrigerator. Ideally, spaces to pump breast milk should also include access to electricity, allowing a nursing employee to plug in an electric pump rather than use a pump with battery power, which may require more time for pumping. Access to sinks near to the space provided to pump so that an employee can wash their hands and clean pump attachments also improves the functionality of the space and may reduce the amount of time needed by nursing employees to pump breast milk at work.”
• Small Employer Exemption. In limited circumstances, employers with less than 50 employees nationwide may be exempt from the pump time requirements if they can demonstrate that compliance with the pump at work provisions for a particular employee would cause an undue hardship. The burden of proving this hardship is on the employer. “To assert the exemption, an employer must be able to demonstrate that the employee’s specific needs for pumping at work is an undue hardship due to the difficulty or expense of compliance in light of the size, financial resources, nature, and structure of the employer’s business.”
• Anti-Retaliation Provisions. Like most employment laws, the FLSA prohibits retaliation against anyone who has engaged in protected activity, including requesting break time or space to pump or requesting payment of wages. As an example, the WHD states that employers cannot hold time the employee took for pump breaks against them for quotas or require employees to work additional hours to make up for the time missed due to pump breaks.
• Poster. Employers should post the WHD’s updated FLSA poster.

The WHD also provides additional resources for employers on its Pump At Work webpage.

Departments Issue Guidance Requiring First Annual “Gag” Attestation by December 31, 2023

On February 23, 2023, the Departments of Labor, Health and Human Services and the Treasury (Departments) issued FAQs on the prohibition of gag clauses under the transparency provisions of the Consolidated Appropriations Act, 2021 (CAA). These FAQs require health plans and health insurance issuers to submit their first attestation of compliance with the CAA’s prohibition on gag clauses by December 31, 2023.

Effective December 27, 2020, the CAA forbids health plans and issuers from entering into contracts with health care providers, third-party administrators (TPAs)  or other service providers that would restrict the plan or issuer from providing, accessing or sharing certain information about provider price and quality and deidentified claims.

Plans and issuers must annually submit an attestation of compliance with these requirements to the Departments. The first attestation is due by December 31, 2023, covering the period beginning December 27, 2020, through the date of attestation. Subsequent attestations, covering the period since the last attestation, are due by December 31 of each following year.

Action Steps

Employers should ensure any contracts with TPAs or other health plan service providers offering access to a network of providers do not violate the CAA’s prohibition of gag clauses. Additionally, employers with fully insured or self-insured health plans should prepare to provide the compliance attestation by December 31, 2023. If the issuer for a fully insured health plan provides the attestation, the plan does not also need to provide an attestation. Also, employers with self-insured health plans can enter into written agreements with their TPAs to provide the attestation, but the legal responsibility remains with the health plan.

Prohibition on Gag Clauses

A gag clause is a contractual term that directly or indirectly restricts specific data and information that a health plan or issuer can make available to another party. Effective December 27, 2020, the CAA generally prohibits group health plans and issuers offering group health insurance from entering into agreements with health care providers, TPAs or other service providers that include certain gag clause language. Specifically, these contracts cannot restrict a plan or issuer from:

1. Providing provider-specific cost or quality-of-care information or data to referring providers, the plan sponsor, participants, beneficiaries or enrollees (or individuals eligible to become participants, beneficiaries or enrollees of the plan or coverage);
2. Electronically accessing de-identified claims and encounter information or data for each participant, beneficiary or enrollee upon request and consistent with privacy rules under the Health Insurance Portability and Accountability Act (HIPAA), the Genetic Information Nondiscrimination Act (GINA), and the Americans with Disabilities Act (ADA); and
3. Sharing information or data described in (1) and (2) above or directing such information to be shared with a business associate, consistent with applicable privacy rules.

For example, if a contract between a TPA and a health plan provides that the plan sponsor’s access to provider-specific cost and quality-of-care information is only at the discretion of the TPA, that contractual provision would be considered a prohibited gag clause.

Plans and issuers must ensure their agreements with health care providers, networks or associations of providers, TPAs or other service providers offering access to a network of providers do not contain provisions that violate the CAA’s prohibition on gag clauses.

Gag Clause Compliance Attestations

Health plans and issuers must annually submit an attestation of their compliance with the CAA’s prohibition on gag clauses to the Departments. The first attestation must be submitted no later than December 31, 2023, covering the period beginning December 27, 2020, through the date of the attestation. Subsequent attestations are due by December 31 of each following year, covering the period since the last attestation.

According to the Departments’ FAQs, health plans and issuers that do not submit their attestations by the deadline may be subject to enforcement action.

COVERED HEALTH PLANS

The attestation requirement applies to fully insured and self-insured group health plans, including ERISA plans, non-federal governmental plans and church plans. Additionally, this requirement applies regardless of whether a plan is considered “grandfathered” under the ACA. However, plans that only provide excepted benefits and account-based plans, such as health reimbursement arrangements (HRAs), are not required to submit an attestation.

RELYING ON ISSUERS/TPAS TO SUBMIT ATTESTATION

With respect to fully insured group health plans, the health plan and the issuer are each required to submit a gag clause compliance attestation annually. However, when the issuer of a fully insured group health plan submits a gag clause compliance attestation on behalf of the plan, the Departments will consider the plan and issuer to have satisfied the attestation submission requirement.

Employers with self-insured health plans can satisfy the gag clause compliance attestation requirement by entering into a written agreement under which the plan’s service provider, such as a TPA, will provide the attestation on the plan’s behalf. However, even if this type of agreement is in place, the legal requirement to provide a timely attestation remains with the health plan.

ATTESTATION WEBSITE

The Departments launched a website through the Centers for Medicare and Medicaid Services for health plans and issuers to submit their gag clause compliance attestations. The Departments have also provided instructions for submitting the attestation, a system user manual, and a reporting entity Excel template for plans and issuers to submit the required attestation, all of which are available here.

Relief Granted on Rx Drug Reporting

The Departments of Labor, Treasury, and Health and Human Services (the Departments) issued reporting relief for health plans and issuers facing difficulty meeting the December 27^th, 2022, deadline of reporting prescription drug and health care spending information.

The Consolidated Appropriations Act, 2021, (CAA) requires that health plans and issuers report, on an annual basis, certain prescription drug and health care spending information. The first reporting (for 2020 and 2021) was originally due in December 2021 but was delayed to December 27, 2022. The reporting has proved to be a challenge for many plan sponsors and issuers.

As such, the Departments announced two important pieces of relief:

1. The Departments will not take enforcement action against a plan or issuer that uses a good faith, reasonable interpretation of the regulations and the reporting instructions in making its submission for the 2020 and 2021 plan years.
2. The Departments will permit a grace period until January 31, 2023 for the 2020 and 2021 submissions due on December 27th.

The Departments have also addressed a few issues regarding the filing requirements, including the data aggregation rules and optional reporting on vaccines. They also clarified the permissibility of multiple submissions (by one reporting entity on behalf of more than one plan or issuer) and multiple reporting entities (for the same plan or issuer). The Departments will allow certain limited information to be reported via email. The FAQs can be found at: https://www.dol.gov/agencies/ebsa/about-ebsa/our-activities/resource-center/faqs/aca-part-56

December 27, 2022, Deadline for Mandatory Rx Data Collection Reporting

As group health plan sponsors, employers are responsible for ensuring compliance with the prescription drug data collection (RxDC) reporting requirements added to ERISA by the Consolidated Appropriations Act of 2021 (CAA).  Under ERISA section 725, enforced by the US Department of Labor (DOL), group health plans (not account-based plans, e.g., health reimbursement arrangements and health savings accounts, or excepted benefit arrangements) must report details regarding the plan’s prescription drug benefit utilization, including the drugs most frequently dispensed, the most expensive drugs, and the drugs with the highest cost increase for a given calendar year.  Reporting is to be made annually to the US Department of Health and Human Services’ (HHS) CMS enterprise portal’s Health Insurance Oversight System (HIOS) module, starting with the report due by December 27, 2022, for the 2020 and 2021 calendar years.  After that, annual reporting is due by June 1^st following the calendar year (so, the 2022 calendar year report is due by June 1, 2023).  The DOL must thereafter post aggregated information on its website so that the public can see trends in prescription drug utilization and pricing.        

What’s required.  Under regulations issued jointly by HHS, DOL, and the US Treasury Department, plans must submit RxDC reports which include –

• General information about the plan like the plan sponsor, plan year, number of participants, market segment (small or large group and fully-insured or self-insured), insurer and other vendors, and the states in which coverage is offered, etc. (“plan list” information – see the template document for reporting, using code P2 for group health plans, at this link);
• Eight data files:
  • Premium/cost and life-year (average number of covered members) data (D1),
  • spending by six categories – hospital, primary care, specialty care, other medical costs and services, known medical benefit drugs, and estimated medical benefit drugs (D2),
  • top 50 most frequently dispensed brand name drugs by state and market segment (D3),
  • top 50 most costly drugs by state and market segment (D4),
  • top 50 drugs by spending increase by state and market segment, excluding drugs issued an Emergency Use Authorization or not FDA-approved (D5),
  • prescription drug spending totals (D6),
  • prescription drug rebates by therapeutic class (D7),
  • and prescription drug rebates for the top 25 drugs by state and market segment (D8); and
• A narrative that describes the impact of prescription drug rebates on premium and cost-sharing, how the employer size was estimated (for self-insured plan sponsors), how bundled or alternative payment arrangements attributable to drugs covered under a medical benefit were estimated, and how net payments from government reinsurance and cost-sharing reduction programs were considered (if applicable).  The narrative also is used to identify any drugs prescribed for which a National Drug Code (NDC) was not on the CMS RxDC code crosswalk, and the types of rebates and other remuneration included in or excluded from the D8 data file.     

How to comply.  HIOS issued specific reporting instructions which explain the reporting requirements in detail and assure plan sponsors that submission for a plan “is considered complete if CMS receives all required files, regardless of who submits the files.”  Many group health plan vendors (insurers, third-party administrators, pharmacy benefit managers, etc.) have proactively contacted plan sponsors to assure them that the vendor will report at least some of the information on the plan’s behalf.  However, not all vendors are willing to accept responsibility for the RxDC reporting requirements.  Employers need to know which reporting obligations will be fulfilled by the group health insurer or other vendor and which reporting obligations must be satisfied by the plan sponsor.  Most plan sponsors are wise to be prepared to upload at least some of the data to the HIOS module themselves, which means first setting up a HIOS account on the CMS portal.  HIOS accounts can take a couple of weeks to set up, so it’s important for plan sponsors to act on this now if they’ve not already done so.  CMS has provided detailed instructions for setting up the HIOS account. 

Compliance issues.  The statute and regulations impose the RxDC reporting requirements on group health plans, which, by default, usually means that requirements and liability for noncompliance are imposed on plan sponsors (generally, employers).  Thus, each group health plan sponsor should ensure that all of the RxDC reporting requirements are satisfied for each group health plan subject to the reporting requirements.  Employers should obtain written agreements from plan vendors identifying what data each vendor will upload.  Note that the employer remains liable for noncompliance (and subject to excise tax and potential civil penalties), even if it has an enforceable agreement with its vendor to ensure compliance unless the plan is fully-insured and the agreement is with the insurer.  Unfortunately, only the reporting entity can view the files it uploads to HIOS, so there is no way for an employer to confirm on the HIOS module that a vendor uploaded the file(s) it agreed to upload on behalf of the employer’s group health plan.  Instead, the employer should obtain written assurance from the plan’s vendor(s) and rely on contractual provisions for recourse if a vendor fails to fulfill its RxDC reporting service as agreed.

New Guidance Delays Some Key CAA and Other Health Benefit Effective Dates

New regulatory guidance from three federal agencies that enforce private-sector benefits laws will make employers’ daunting 2021 health benefit to-do lists slightly—but only slightly—more manageable heading into 2022.

Most importantly, the frequently asked questions (FAQ) guidance delays several of the most challenging 2021 and 2022 compliance requirements under the Consolidated Appropriations Act, 2021 (CAA) and the Patient Protection and Affordable Care Act (ACA): so-called “advanced explanations of benefits” (EOBs) providing good-faith estimates of the out-of-pocket costs for scheduled medical services; a “price comparison tool” to enable participants to compare cost-sharing amounts for specific network providers; extensive drug cost information that was to have been reported to the federal regulators in December 2021; and public pricing disclosures related to in-network rates, out-of-network allowed costs, and prescription drug prices.

The FAQ guidance, issued August 20, 2021, by the U.S. Department of Labor, U.S. Department of Health and Human Services, and U.S. Department of the Treasury, also provides some relief or useful clarifications related to other key 2021 health benefit compliance items for employers, including gag clauses, identification cards, continuity-of-care requirements, and provider directories.

The FAQ guidance neither delays nor provides other relief related to the new surprise medical billing requirements under the No Surprises Act, which was enacted as part of the CAA and is set to take effect January 1, 2022, or the Mental Health Parity and Addiction Equity Act “comparative analysis” required by the CAA, which is already in effect.

Here is a summary of the key employer takeaways in the new FAQ guidance.

Advanced EOBs

Under the No Surprises Act, plans are required to provide good-faith estimates of expected provider charges for a specific scheduled service, along with good-faith estimates of the cost sharing that would apply to a participant, and the amount already incurred toward any financial responsibility limits. This was initially set to take effect January 1, 2022, but the guidance indicates that the agencies will defer enforcement until regulations are issued on these plan disclosures and the disclosures required by medical providers. (Question 6)

Price Comparison Tool and Public Price Disclosures

Under the No Surprises Act, plans are required to offer online tools and phone support to enable participants to compare cost-sharing amounts for specific network providers in a specific region. Separately, under the ACA, plans are required to offer three “machine-readable files” on a public website covering in-network rates, out-of-network allowable amounts, and prescription drug prices. Both the No Surprises Act and ACA requirements were set to take effect on January 1, 2022. The guidance delays the effective date of the No Surprises Act requirements to January 1, 2023, and the ACA in-network and out-of-network requirements to July 1, 2022. The ACA prescription drug requirement is delayed until the agencies issue regulations on the matter. (Questions 1-3)

Drug Cost Reporting

The CAA requires employer plans to report very detailed prescription drug cost information to the agencies, including the 50 most commonly covered drugs per plan, the 50 most expensive drugs per plan, and the total health spending for each plan broken out into specific categories. The initial reports were to be provided to the agencies by December 27, 2021, and then by June 1, 2022. The agencies will defer enforcement related to the 2021 and 2022 reports until they issue further guidance, though the agencies “strongly encourage plans” to get ready to report 2020 and 2021 plan year data no later than December 27, 2022. (Question 12)

Gag Clauses

Under the CAA, plans cannot enter into network or other agreements that would prevent them from making available provider-specific cost or quality-of-care information to providers or participants, electronically accessing de-identified claims and encounter information for each participant (consistent with privacy laws), or sharing either of those types of information with business associates. Plans have to attest to the agencies each year that they have no such clauses in their agreements. This requirement took effect on enactment of the CAA on December 27, 2020, and is not changed by the FAQ guidance. The agencies have indicated that additional guidance is forthcoming on how plans will attest to their compliance. (Question 7)

Insurance Cards

Under the No Surprises Act, plans have to update physical or electronic insurance cards to include network and out-of-network deductibles and out-of-pocket limits and consumer assistance contact information. This is set to take effect on January 1, 2022, a date unchanged by the FAQ guidance. The guidance does clarify, though, that the agencies will consider both data actually on the cards and data “made available through information that is provided on the ID card.” (Question 4)

Continuity of Care

Under the No Surprises Act, when a provider or network contract is terminated, plans have to take steps to protect hospitalized or other continuing care patients. This requirement will take effect on January 1, 2022. The guidance clarifies that the agencies intend to issue formal regulations on this requirement, but will not do so before the effective date. Until such regulations take effect, plans will be held to a good-faith compliance standard. (Question 10)

Provider Directories

Under the No Surprises Act, plans are required to take several steps to improve provider directories, such as updating them at least every 90 days, and more promptly notifying participants about whether a particular provider is in the network. These requirements will take effect on January 1, 2022, and the guidance does not change that. The agencies do indicate that they intend to issue formal regulations in the future, and may also have specific additional guidance on required disclosure of balance billing information. (Questions 8 and 9)