Federal Laws and Regulation

23 Federal Laws and Regulation

Objectives After completing this module, you will be able to: tell how federal antitrust and financial services legislation affects health plans, identify and describe the most important federal laws governing employee benefits and health plans, and summarize the main provisions of HIPAA. Like all business entities, health plans are subject to a variety of general business laws and regulations addressing issues such as trade practices, consumer protection, employment and hiring practices, workplace health and safety, contract negotiations, and taxation. In addition, as providers and financers of healthcare services, health plans are subject to laws and regulations specific to healthcare. In this module we examine some of the key federal laws and regulations that affect health plans. In the next module we discuss the latest major piece of federal legislation in this area, the Affordable Care Act of 2010 (ACA), commonly called healthcare reform. And in later modules we study state laws and regulations and laws and regulations related to government healthcare benefit programs.

General Business Legislation

The federal government plays an important role in regulating business activities in order to protect the marketplace and consumers. Many federal laws and regulations do not specifically address health plans but nonetheless have a significant impact on their structure and operations. These include antitrust and financial services legislation. Antitrust Legislation Antitrust laws are designed to protect competition from unlawful restraints of trade, such as price-fixing, market allocation, and bid-rigging. The antitrust laws also prohibit unlawful acquisition or maintenance of monopoly power. The three main federal antitrust laws are these:1 The Sherman Antitrust Act of 1890 established as national policy the concept of a competitive marketing system. The Act prohibits companies from attempting to monopolize any part of trade or commerce or to engage in contracts, combinations, or conspiracies in restraint of trade. The Act applies to all companies engaged in interstate or foreign commerce. The Clayton Act of 1914 forbids certain actions believed to lead to monopolies. These include charging different purchasers different prices for the same product without justification and allowing a distributor to sell a product only if it agrees not to sell competitors products. The Clayton Act applies to insurance companies only to the extent that state laws do not regulate such activities.

Page 1 of 11

Federal Laws and Regulation

The Federal Trade Commission Act of 1914 established the Federal Trade Commission (FTC) and gave it power to work with the Department of Justice to enforce the Clayton Act. The primary function of the FTC is to prevent unfair competition and deceptive business practices, which are presented broadly in the Act. As a result the FTC also pursues violators of the Sherman Antitrust Act. Antitrust laws also exist at the state level. Antitrust Violations Health plans and healthcare providers may be found in violation of antitrust laws if they engage in any of the following activities: Price-fixing involves the agreement by two or more independent entities on the prices that they will charge or pay for services. For example, independent providers generally may not collectively establish the fees that each will charge a health plan. A price-fixing violation need not involve a strict agreement on pricesfor instance, it could entail agreement on terms of trade or price levels. A horizontal group boycott occurs when two competitors agree not to do business with another competitor or purchaser. For example, two independent hospitals generally may not agree to refuse to contract with a health plan until the health plan ceases contract negotiations with another hospital. Tying arrangements occur when an organization conditions the sale or purchase of one product or service on the sale or purchase of other products or services. For example, a specialty provider group contracting with a health plan for oncology services generally may be prohibited from requiring the health plan to contract with the group for other services as a condition for receiving the groups oncology services. Horizontal allocation or division of markets occurs when two or more organizations agree not to compete by dividing geographic marketing areas, product offerings, or customers. For example, two independent companies generally may not split purchasers into two groups and each agree to market their products to only one group. Provider contracting is an area in which antitrust issues sometimes arise. Generally speaking, contracting with a select network of providers does not raise antitrust issues (although some states have limited this through any willing provider laws mentioned in Module 13). However, some contract terms, such as exclusive contracts may, raise antitrust issues, depending on the specific facts and circumstances of the market. Financial Services Legislation In 1999 Congress enacted the Financial Services Modernization Act, referred to as the Gramm-Leach-Bliley (GLB) Act, which allows convergence among the traditionally separate components of the financial services industrybanks, securities firms, and insurance companies. Because health plans finance the delivery of healthcare services, they are also considered part of the financial services industry.

Page 2 of 11

Federal Laws and Regulation

In broad terms the GLB Act stipulates how the financial services industry may be structured and how it is regulated and supervised. The GLB Act also establishes the rights of customers in regard to the protection of the privacy of personal financial information. All financial institutions must disclose their privacy policies regarding the sharing of nonpublic personal information with both affiliates and third parties. Such disclosure must take place at the time of establishing a customer relationship and not less than annually as long as the relationship continues. They must notify customers of any sharing of nonpublic personal information with nonaffiliated third parties. They must provide customers with an opportunity to opt-out of sharing nonpublic personal information subject to certain limited exceptions.2 Although the GLB Act does not specifically target healthcare organizations, it may have consequences for these organizations. For example, the GLB Act called on regulators in the states to enact laws governing specific financial services entities, and the National Association of Insurance Commissioners (NAIC) responded by proposing a Privacy of Consumer Financial and Health Information Model Regulation to govern the activities of healthcare organizations and insurers. State regulations based on the NAIC Model Regulation (discussed in the next module) affect the way healthcare organizations, insurers, and other users share protected health information.

Employee Benefit and Healthcare Legislation

Several federal laws govern how employers provide healthcare benefits to their employees and how health plans provide insurance coverage or administer employee benefits. We will discuss a number of these laws in this section, and then in a separate section we will examine a major federal healthcare law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA). And as noted earlier, in the next module we will study the Affordable Care Act of 2010 (ACA). Employee Retirement Income Security Act (ERISA) The Employee Retirement Income Security Act (ERISA) is a broad law that establishes the rights of health plan and pension plan participants, standards for the investment of plan assets, and requirements for the disclosure of plan provisions and funding. ERISA applies to all employer-sponsored or union-sponsored health and pension plans. ERISA contains strict reporting and disclosure requirements. Employers and plan fiduciariesthat is, persons or organizations that hold, manage, and have discretionary authority over money belonging to another person or organizationmust prepare and distribute summary plan descriptions and file reports with the Department of Labor and the Internal Revenue Service. Preemption

Page 3 of 11

Federal Laws and Regulation

One of the most significant features of ERISA is its preemption provision, stipulating that ERISA generally takes precedence over any state laws that regulate employee welfare benefit plans. However, the preemption provision leaves to the states the authority to regulate insurance, banking, and securities. Consequently, state insurance laws (such as those relating to policy provisions, group size, group eligibility, and mandated benefits) apply to health insurance coverage provided to an employee benefit plan but do not apply directly to the plan. This is true regardless of whether the plan is fully funded (fully insured) or self-funded (self-insured). (Recall that in a self-funded plan the employer, rather than a health plan or insurance company, is financially responsible for paying claims and related expenses.) Example: Alpine Corporation is self-fundedthat is, it provides health benefits to its employees itself, with no insurance company involvement. Alpines health plan is subject to ERISA but not to state laws and regulations governing insurance. On the other hand, Piedmont, Inc. is fully insured; its employee health plan is provided by Delta Insurance Company. Piedmonts involvement in its plan is subject to ERISA, and in addition Deltas involvement in the plan is subject to state insurance laws and regulations. The preemption provision encourages employers to create employee benefit plans by providing a uniform system of regulation and oversight. Furthermore, under ERISA selffunded plans are exempt from state taxes on insurers premium revenues. ERISAs preemption provision also has important implications for health plans, especially in cases in which an employee raises questions about a plans decision not to authorize benefit payment based on medical necessity or appropriateness. Under ERISA, persons who receive healthcare benefits through employee benefit plans must file legal challenges involving coverage decisions or plan administration at the federal level, and ERISA is generally the governing law for such cases. For health plans the major advantage of having cases tried at the federal rather than the state level is that, unlike most state laws, ERISA limits damage awards in lawsuits to the cost of the medical services or treatment. It does not allow plan members to receive additional compensatory damages or punitive damages. For example, suppose a plan member files a lawsuit against a health plan in federal court on the grounds that the health plans decision to deny payment of benefits on the basis of a lack of medical necessity was improper. If the court determines that benefits were improperly denied, the plan member can recover the denied benefits. The plan member cannot receive monetary awards in compensation for her pain and suffering or awards designed to deter health plans from making inappropriate coverage decisions in the future. A number of court cases have challenged health plans ability to invoke the ERISA preemption, and proposals have been made to eliminate the preemption or to allow plan members to sue health plans in state court and receive additional compensatory and punitive damages. However, in June 2004 the U.S. Supreme Court issued a decision in the consolidated case of Aetna Health Inc. v. Davila and CIGNA HealthCare of Texas, Inc. v. Calad. The Courts decision unanimously upheld the ERISA preemption, affirming that Congress intended ERISAs framework to be the exclusive means of challenging coverage decisions and that individuals cannot challenge such decision in state courts. Consolidated Omnibus Budget Reconciliation Act of 1986 (COBRA)

Page 4 of 11

Federal Laws and Regulation

The Consolidated Omnibus Budget Reconciliation Act of 1986 (COBRA) addresses the continuation of group health coverage after an individuals normal eligibility ends. COBRA requires group health plans to allow employees and dependents to continue their coverage for a certain amount of time following the loss of eligibility, if that loss is caused by a qualifying event. Qualifying events include the termination of employment, reduced work hours, and the death or divorce of an employee. Generally, COBRA applies to businesses with 20 or more employees. Many states have similar requirements for businesses with fewer than 20 employees (so-called mini COBRA laws). The plan administrator of a group health plan must notify covered individuals of their rights under COBRA when they become covered under the plan and when a qualifying event occurs. When a qualifying event occurs, the affected individuals have a specified time within which they can elect to continue their group health benefits. Following termination or reduction in hours, an employee, his or her spouse, and dependent children can continue coverage for up to 18 months. If an employee dies or is divorced or legally separated, his or her spouse and dependent children can continue coverage for up to 36 months. A dependent child who ceases to be an eligible dependent under a group health plan can continue coverage for up to 36 months. Once an employee or dependent obtains other group health coverage (for example, through new employment), coverage under COBRA ceases. The continuation coverage under COBRA must be identical to the regular coverage under the health plan. The employee normally pays the full cost of the continuation coverage, and the plan administrator may also charge an administrative fee of 2 percent of this cost. Employers are not required to pay any portion of cost. HMO Act of 1973 As you recall from earlier modules, the HMO Act of 1973 and its amendments were instrumental in defining the structure and operations of HMOs and paved the way for HMOs to enter the healthcare market. The HMO Act also sets the requirements HMOs must satisfy to become federally qualified. These requirements cover the following four basic operational areas: Benefits. Federally qualified HMOs must offer a comprehensive benefit package that includes outpatient and inpatient services, unlimited home healthcare benefits, and outpatient behavioral healthcare. HMOs are allowed to deliver these services only through staff or group models, individual practice associations (IPAs), or direct contract arrangements. Benefit structures must require only minimal copayments by members. Enrollment. Qualified HMOs must enroll individuals eligible for group coverage without regard to health status. Financing. Qualified HMOs must have a fiscally sound operation and adequate protections against insolvency.

Page 5 of 11

Federal Laws and Regulation

Quality assurance. Qualified HMOs must establish ongoing quality assurance programs that meet the requirements of the Centers for Medicare and Medicaid Services (CMS). These programs must stress outcomes and performance review of services by physicians and other healthcare professionals. Although federal qualification is voluntary and is less important in today's market than in the past, many HMOs still maintain their federal qualification status. Other Laws A number of other federal laws have an impact on health plans. A few of the most important are shown in Figure 23.1. Figure 23.1 Some Federal Laws That Affect Healthcare Organizations3 Legislative Act Who Must Comply Employers with 20 or more employees Protected Class Effect on Healthcare

Age Discrimination in Employment Act (ADEA)

Employees age 40 and older

All active employees, regardless of age, must be eligible for the same healthcare coverages, and older employees cannot be charged more than younger ones. Discrimination based on race, color, religion, sex, or national origin is prohibited. Employers must ensure that health plan provisions are not discriminatory. Employer-sponsored group health plans must provide coverage for pregnancy, childbirth, and related conditions on the same basis as for other medical conditions. Employees must be allowed to take up to 12 weeks of unpaid leave during any 12-month period. Employers must continue to make group health benefits available

Title VII of the Civil Employers with 15 Rights Act or more employees and engaged in interstate commerce Pregnancy Discrimination Act (amendment to Civil Rights Act) Employers with 15 or more employees and engaged in interstate commerce

All employees

All employees

Family and Medical Leave Act (FMLA)

Employers with 50 or more employees

Employees who are ill, need to care for a seriously ill family member, or have a new child (including adopted)

Page 6 of 11

Federal Laws and Regulation

during this leave.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) imposes requirements on employer-sponsored and union-sponsored group insurance plans and insurance companies that provide coverage in the group and individual markets. HIPAA provisions are divided into two main categories: Title I contains provisions designed to increase the availability and continuity of healthcare coverage for persons in the individual and group markets. Title II mandates administrative simplification standards designed to protect the confidentiality of health information and facilitate data exchange among entities that finance and deliver healthcare services. Almost all states have enacted laws that mirror the requirements of Title I of HIPAA. In states with protections at least as stringent as those of HIPAA, state regulators enforce these state laws. In states that have not developed acceptable provisions, HIPAA protections apply and are enforced by the federal government. Title I: Availability and Continuity of Healthcare Coverage Individual Coverage Provisions Title I of HIPAA guarantees the availability of health insurance coverage for individuals who meet certain qualifications. All such qualified individuals who apply for individual insurance coverage from a private insurer or a state high-risk pool (depending on state law) must be issued a policy automatically, without a medical examination and regardless of preexisting conditions. In general, to qualify for HIPAA guaranteed individual issue a person must meet these requirements: She recently had at least 18 months of health coverage (group or individual insurance or a public program such as Medicare or Medicaid), her most recent coverage was group coverage, and she is currently ineligible for either group coverage or coverage under a public program. An individual who loses group coverage because he changes jobs and his new employer does not provide healthcare coverage may also qualify for guaranteed individual issue. Group Coverage Provisions Title I of HIPAA also includes key group healthcare coverage provisions, including limitations on the use of preexisting condition exclusions, guaranteed availability of coverage for small groups, guaranteed renewability of coverage for all groups, and special enrollment periods for certain individuals (such as newborns or adopted children). Title I of HIPAA ensures that individuals are not denied healthcare coverage or charged more for that coverage by a group plan because of their health status (defined to include

Page 7 of 11

Federal Laws and Regulation

an individuals health status, medical conditions, treatment history, claims experience, and genetic information). Group plans and insurers also may not apply waiting periods, cost-sharing mechanisms, or other eligibility rules in a way that that discriminates against individuals on the basis of health status. Title I of HIPAA has been amended by subsequent acts that create additional protections for individuals with group healthcare coverage. These include the following: The Mental Health Parity Act of 1996 (MHPA) prohibits group health plans or insurers that provide coverage to businesses with more than 50 employees from applying more restrictive annual and lifetime limits on coverage for mental illness than for physical illness. It should be clarified that MHPA does not require health plans to offer mental health coverage, but it imposes requirements on those plans that do so. This law has been amended to expand the parity requirements to any financial requirement or treatment limitation that may be imposed by a health plan or insurer. The Newborns and Mothers Health Protection Act of 1996 (NMHPA) specifies that group health plans or group healthcare insurers cannot require that hospital stays following childbirth be shorter than 48 hours for normal deliveries or 96 hours for cesarean births. NMHPA does not require group plans and insurers to offer maternity hospitalization benefits, but it imposes requirements on those group plans and insurers that do so. The Womens Health and Cancer Rights Act of 1998 (WHCRA) requires health plans (both group and individual coverage) that offer medical and surgical benefits for mastectomy to provide coverage for reconstructive surgery following mastectomy. Again, the law does not require group plans and insurers to offer mastectomy benefits, but it imposes requirements on those that do so. Title II: Administrative Simplification Title II of HIPAA requires the Department of Health and Human Services (HHS) to develop administrative simplification standards. Some of these are designed to standardize electronic healthcare transactions, such as claims and eligibility inquiries. Others are intended to ensure the privacy and security of individually identifiable health information (health information that, by itself or in conjunction with other available information, identifies an individual). HHS has developed a number of regulations that establish Title II administrative simplification standards. These standards apply to health plans, healthcare providers that use electronic transactions, and healthcare clearinghouses. A healthcare clearinghouse is a private or public entity that converts provider data into the correct format for each health plan and converts health plan data into the appropriate provider format. The clearinghouse also sorts and transmits all data. Billing services, repricing companies, community health management information systems, and value added networks may be healthcare clearinghouses. Electronic Transaction Standards and Code Sets

Page 8 of 11

Federal Laws and Regulation

As required by HIPAA, HHS has developed regulations that standardize the form and content of electronic healthcare transactions. Transactions subject to these standards include: healthcare claims or encounter data, health plan eligibility inquiries and responses, provider referrals and authorizations, claims status inquiries and responses, health plan enrollment and disenrollment requests, claim payment and remittance, health plan premium payment, coordination of benefits information, and healthcare claims attachments. HHS has identified existing industry format standards and code sets, such as the ICD-9CM diagnosis codes and CPT-4 procedure codes, that must be used when conducting electronic healthcare transactions. HHS has also created a new system in which all healthcare providers apply for a National Provider Identifier (NPI) to be used for electronic transactions, replacing the various provider identifiers used by different health plans. Privacy and Security Standards HIPAA requires HHS to develop standards to ensure the privacy and security of health information. These standards control the use and disclosure of health information by health plans, healthcare providers, and healthcare clearinghouses, and they provide individuals with certain rights with respect to their information. The privacy standards include the following rules: Healthcare providers must generally obtain an individuals written consent to use protected health information. Health plans, healthcare providers, and clearinghouses may use or disclose healthcare information for their own treatment, payment, or operations without obtaining the individuals consent. The transmission of individually identifiable health information for purposes other than medical treatment, payment, or healthcare operations without the patients written authorization is generally prohibited. Patients are allowed to access their medical records and request amendment of incorrect or incomplete medical information. Patients are allowed to request that restrictions be placed on the accessibility and use of protected health information. Healthcare providers, healthcare clearinghouses, and health plans must institute privacy and security policies and procedures and workforce training programs. Healthcare providers, health plans, and healthcare clearinghouses must institute privacy protections in contracts with any business that uses health information on their behalf. HIPAA security standards are designed to prevent unintended access to protected health information and mandate features entities must include in their operations to ensure that such information is secure. These features include administrative procedures and physical devices and mechanisms to protect data integrity and confidentiality. The security standards are scalablethat is, the procedures and mechanisms used by a particular entity may vary depending on the size, structure,

Page 9 of 11

Federal Laws and Regulation

security needs, and business requirements of the entity. The HIPAA Privacy Rule requires covered entities to: ensure the confidentiality, integrity, and availability of all electronic protected health information (EPHI) that the covered entity creates, receives, maintains, or transmits; protect against any reasonably anticipated threats or hazards to the security or integrity of such information; protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the Privacy Rule; and ensure compliance by its workforce and any business that contracts with the covered entity.

Conclusion
There are many federal laws that have a significant impact on health plans, and we have looked briefly at some of the most important: Under antitrust laws, health plans must not engage in activities that restrain a free, competitive marketplace, such as price-fixing and market allocation. Under financial services legislation, plans must protect the privacy of consumers financial information. ERISA governs employer-sponsored health plans, establishing participant rights, investment standards, and disclosure requirements. ERISA also exempts employer plans (but not insurers) from state regulation. COBRA gives employees and dependents certain rights to continue employersponsored health coverage for a time after they lose eligibility. The HMO Act of 1973 sets standards for HMOs that choose to be federally qualified. Under various laws, employers may not discriminate among employees based on race, age, gender, and similar factors in regard to health coverage. HIPAA contains many provisions designed to increase the availability and continuity of healthcare coverage, protect health information, and facilitate data exchange. Notes
1

Adapted from Sharon B. Allen, Dennis W. Goodwin, and Jennifer W. Herrod, Life and Health nd Insurance Marketing, 2 Ed., LOMA, 1998. Used with permission, all rights reserved.

Page 10 of 11

Federal Laws and Regulation

Financial Services Modernization Act (Gramm-Leach-Bliley), Summary of Provisions, www.senate.gov/.

3

Adapted from Harriett. E. Jones and Dani L. Long, Principles of Insurance: Life, Health, and nd Annuities, 2 Ed., LOMA, 1999. Used with permission, all rights reserved.

Page 11 of 11