Federal Laws and Regulation

23 Federal Laws and Regulation

Objectives
After completing this module, you will be able to:
tell how federal antitrust and financial services legislation affects health plans,
identify and describe the most important federal laws governing employee
benefits and health plans, and
summarize the main provisions of HIPAA.
Like all business entities, health plans are subject to a variety of general business laws
and regulations addressing issues such as trade practices, consumer protection,
employment and hiring practices, workplace health and safety, contract negotiations,
and taxation. In addition, as providers and financers of healthcare services, health plans
are subject to laws and regulations specific to healthcare. In this module we examine
some of the key federal laws and regulations that affect health plans. In the next module
we discuss the latest major piece of federal legislation in this area, the Affordable Care
Act of 2010 (ACA), commonly called healthcare reform. And in later modules we study
state laws and regulations and laws and regulations related to government healthcare
benefit programs.

General Business Legislation

The federal government plays an important role in regulating business activities in order
to protect the marketplace and consumers. Many federal laws and regulations do not
specifically address health plans but nonetheless have a significant impact on their
structure and operations. These include antitrust and financial services legislation.
Antitrust Legislation
Antitrust laws are designed to protect competition from unlawful restraints of trade, such
as price-fixing, market allocation, and bid-rigging. The antitrust laws also prohibit
unlawful acquisition or maintenance of monopoly power. The three main federal antitrust
laws are these:1
The Sherman Antitrust Act of 1890 established as national policy the concept
of a competitive marketing system. The Act prohibits companies from attempting
to monopolize any part of trade or commerce or to engage in contracts,
combinations, or conspiracies in restraint of trade. The Act applies to all
companies engaged in interstate or foreign commerce.
The Clayton Act of 1914 forbids certain actions believed to lead to monopolies.
These include charging different purchasers different prices for the same product
without justification and allowing a distributor to sell a product only if it agrees not
to sell competitors products. The Clayton Act applies to insurance companies
only to the extent that state laws do not regulate such activities.

Page 1 of 11

Federal Laws and Regulation

The Federal Trade Commission Act of 1914 established the Federal Trade
Commission (FTC) and gave it power to work with the Department of Justice to
enforce the Clayton Act. The primary function of the FTC is to prevent unfair
competition and deceptive business practices, which are presented broadly in the
Act. As a result the FTC also pursues violators of the Sherman Antitrust Act.
Antitrust laws also exist at the state level.
Antitrust Violations
Health plans and healthcare providers may be found in violation of antitrust laws if they
engage in any of the following activities:
Price-fixing involves the agreement by two or more independent entities on the
prices that they will charge or pay for services. For example, independent
providers generally may not collectively establish the fees that each will charge a
health plan. A price-fixing violation need not involve a strict agreement on
pricesfor instance, it could entail agreement on terms of trade or price levels.
A horizontal group boycott occurs when two competitors agree not to do
business with another competitor or purchaser. For example, two independent
hospitals generally may not agree to refuse to contract with a health plan until the
health plan ceases contract negotiations with another hospital.
Tying arrangements occur when an organization conditions the sale or
purchase of one product or service on the sale or purchase of other products or
services. For example, a specialty provider group contracting with a health plan
for oncology services generally may be prohibited from requiring the health plan
to contract with the group for other services as a condition for receiving the
groups oncology services.
Horizontal allocation or division of markets occurs when two or more
organizations agree not to compete by dividing geographic marketing areas,
product offerings, or customers. For example, two independent companies
generally may not split purchasers into two groups and each agree to market
their products to only one group.
Provider contracting is an area in which antitrust issues sometimes arise. Generally
speaking, contracting with a select network of providers does not raise antitrust issues
(although some states have limited this through any willing provider laws mentioned in
Module 13). However, some contract terms, such as exclusive contracts may, raise
antitrust issues, depending on the specific facts and circumstances of the market.
Financial Services Legislation
In 1999 Congress enacted the Financial Services Modernization Act, referred to as
the Gramm-Leach-Bliley (GLB) Act, which allows convergence among the traditionally
separate components of the financial services industrybanks, securities firms, and
insurance companies. Because health plans finance the delivery of healthcare services,
they are also considered part of the financial services industry.

Page 2 of 11

Federal Laws and Regulation

In broad terms the GLB Act stipulates how the financial services industry may be
structured and how it is regulated and supervised. The GLB Act also establishes the
rights of customers in regard to the protection of the privacy of personal financial
information.
All financial institutions must disclose their privacy policies regarding the sharing
of nonpublic personal information with both affiliates and third parties. Such
disclosure must take place at the time of establishing a customer relationship and
not less than annually as long as the relationship continues.
They must notify customers of any sharing of nonpublic personal information with
nonaffiliated third parties.
They must provide customers with an opportunity to opt-out of sharing nonpublic
personal information subject to certain limited exceptions.2
Although the GLB Act does not specifically target healthcare organizations, it may have
consequences for these organizations. For example, the GLB Act called on regulators in
the states to enact laws governing specific financial services entities, and the National
Association of Insurance Commissioners (NAIC) responded by proposing a Privacy of
Consumer Financial and Health Information Model Regulation to govern the activities of
healthcare organizations and insurers. State regulations based on the NAIC Model
Regulation (discussed in the next module) affect the way healthcare organizations,
insurers, and other users share protected health information.

Employee Benefit and Healthcare Legislation

Several federal laws govern how employers provide healthcare benefits to their
employees and how health plans provide insurance coverage or administer employee
benefits. We will discuss a number of these laws in this section, and then in a separate
section we will examine a major federal healthcare law, the Health Insurance Portability
and Accountability Act of 1996 (HIPAA). And as noted earlier, in the next module we will
study the Affordable Care Act of 2010 (ACA).
Employee Retirement Income Security Act (ERISA)
The Employee Retirement Income Security Act (ERISA) is a broad law that
establishes the rights of health plan and pension plan participants, standards for the
investment of plan assets, and requirements for the disclosure of plan provisions and
funding. ERISA applies to all employer-sponsored or union-sponsored health and
pension plans.
ERISA contains strict reporting and disclosure requirements. Employers and plan
fiduciariesthat is, persons or organizations that hold, manage, and have discretionary
authority over money belonging to another person or organizationmust prepare and
distribute summary plan descriptions and file reports with the Department of Labor and
the Internal Revenue Service.
Preemption

Page 3 of 11

Federal Laws and Regulation

One of the most significant features of ERISA is its preemption provision, stipulating
that ERISA generally takes precedence over any state laws that regulate employee
welfare benefit plans. However, the preemption provision leaves to the states the
authority to regulate insurance, banking, and securities. Consequently, state insurance
laws (such as those relating to policy provisions, group size, group eligibility, and
mandated benefits) apply to health insurance coverage provided to an employee benefit
plan but do not apply directly to the plan. This is true regardless of whether the plan is
fully funded (fully insured) or self-funded (self-insured). (Recall that in a self-funded plan
the employer, rather than a health plan or insurance company, is financially responsible
for paying claims and related expenses.)
Example: Alpine Corporation is self-fundedthat is, it provides health benefits to its
employees itself, with no insurance company involvement. Alpines health plan is
subject to ERISA but not to state laws and regulations governing insurance. On the
other hand, Piedmont, Inc. is fully insured; its employee health plan is provided by
Delta Insurance Company. Piedmonts involvement in its plan is subject to ERISA,
and in addition Deltas involvement in the plan is subject to state insurance laws and
regulations.
The preemption provision encourages employers to create employee benefit plans by
providing a uniform system of regulation and oversight. Furthermore, under ERISA selffunded plans are exempt from state taxes on insurers premium revenues.
ERISAs preemption provision also has important implications for health plans,
especially in cases in which an employee raises questions about a plans decision not to
authorize benefit payment based on medical necessity or appropriateness. Under
ERISA, persons who receive healthcare benefits through employee benefit plans must
file legal challenges involving coverage decisions or plan administration at the federal
level, and ERISA is generally the governing law for such cases.
For health plans the major advantage of having cases tried at the federal rather than the
state level is that, unlike most state laws, ERISA limits damage awards in lawsuits to the
cost of the medical services or treatment. It does not allow plan members to receive
additional compensatory damages or punitive damages. For example, suppose a plan
member files a lawsuit against a health plan in federal court on the grounds that the
health plans decision to deny payment of benefits on the basis of a lack of medical
necessity was improper. If the court determines that benefits were improperly denied,
the plan member can recover the denied benefits. The plan member cannot receive
monetary awards in compensation for her pain and suffering or awards designed to
deter health plans from making inappropriate coverage decisions in the future.
A number of court cases have challenged health plans ability to invoke the ERISA
preemption, and proposals have been made to eliminate the preemption or to allow plan
members to sue health plans in state court and receive additional compensatory and
punitive damages. However, in June 2004 the U.S. Supreme Court issued a decision in
the consolidated case of Aetna Health Inc. v. Davila and CIGNA HealthCare of Texas,
Inc. v. Calad. The Courts decision unanimously upheld the ERISA preemption, affirming
that Congress intended ERISAs framework to be the exclusive means of challenging
coverage decisions and that individuals cannot challenge such decision in state courts.
Consolidated Omnibus Budget Reconciliation Act of 1986 (COBRA)

Page 4 of 11

Federal Laws and Regulation

The Consolidated Omnibus Budget Reconciliation Act of 1986 (COBRA) addresses

the continuation of group health coverage after an individuals normal eligibility ends.
COBRA requires group health plans to allow employees and dependents to continue
their coverage for a certain amount of time following the loss of eligibility, if that loss is
caused by a qualifying event. Qualifying events include the termination of employment,
reduced work hours, and the death or divorce of an employee.
Generally, COBRA applies to businesses with 20 or more employees. Many states have
similar requirements for businesses with fewer than 20 employees (so-called mini
COBRA laws).
The plan administrator of a group health plan must notify covered individuals of their
rights under COBRA when they become covered under the plan and when a qualifying
event occurs. When a qualifying event occurs, the affected individuals have a specified
time within which they can elect to continue their group health benefits.
Following termination or reduction in hours, an employee, his or her spouse, and
dependent children can continue coverage for up to 18 months. If an employee dies or is
divorced or legally separated, his or her spouse and dependent children can continue
coverage for up to 36 months. A dependent child who ceases to be an eligible
dependent under a group health plan can continue coverage for up to 36 months. Once
an employee or dependent obtains other group health coverage (for example, through
new employment), coverage under COBRA ceases.
The continuation coverage under COBRA must be identical to the regular coverage
under the health plan. The employee normally pays the full cost of the continuation
coverage, and the plan administrator may also charge an administrative fee of 2 percent
of this cost. Employers are not required to pay any portion of cost.
HMO Act of 1973
As you recall from earlier modules, the HMO Act of 1973 and its amendments were
instrumental in defining the structure and operations of HMOs and paved the way for
HMOs to enter the healthcare market. The HMO Act also sets the requirements HMOs
must satisfy to become federally qualified. These requirements cover the following four
basic operational areas:
Benefits. Federally qualified HMOs must offer a comprehensive benefit package
that includes outpatient and inpatient services, unlimited home healthcare
benefits, and outpatient behavioral healthcare. HMOs are allowed to deliver
these services only through staff or group models, individual practice
associations (IPAs), or direct contract arrangements. Benefit structures must
require only minimal copayments by members.
Enrollment. Qualified HMOs must enroll individuals eligible for group coverage
without regard to health status.
Financing. Qualified HMOs must have a fiscally sound operation and adequate
protections against insolvency.

Page 5 of 11

Federal Laws and Regulation

Quality assurance. Qualified HMOs must establish ongoing quality assurance

programs that meet the requirements of the Centers for Medicare and Medicaid
Services (CMS). These programs must stress outcomes and performance review
of services by physicians and other healthcare professionals.
Although federal qualification is voluntary and is less important in today's market than in
the past, many HMOs still maintain their federal qualification status.
Other Laws
A number of other federal laws have an impact on health plans. A few of the most
important are shown in Figure 23.1.
Figure 23.1
Some Federal Laws That Affect Healthcare Organizations3
Legislative Act

Who Must
Comply

Protected Class

Effect on Healthcare

Employers with 20
or more
employees

Employees age 40
and older

All active employees,

regardless of age, must
be eligible for the same
healthcare coverages,
and older employees
cannot be charged more
than younger ones.

Title VII of the Civil Employers with 15

Rights Act
or more
employees and
engaged in
interstate
commerce

All employees

Discrimination based on
race, color, religion, sex,
or national origin is
prohibited. Employers
must ensure that health
plan provisions are not
discriminatory.

Pregnancy
Discrimination Act
(amendment to
Civil Rights Act)

Employers with 15
or more
employees and
engaged in
interstate
commerce

All employees

Employer-sponsored
group health plans must
provide coverage for
pregnancy, childbirth,
and related conditions
on the same basis as for
other medical
conditions.

Family and
Medical Leave Act
(FMLA)

Employers with 50
or more
employees

Employees who
are ill, need to care
for a seriously ill
family member, or
have a new child
(including adopted)

Employees must be
allowed to take up to 12
weeks of unpaid leave
during any 12-month
period. Employers must
continue to make group
health benefits available

Age
Discrimination in
Employment Act
(ADEA)

Page 6 of 11

Federal Laws and Regulation

during this leave.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) imposes
requirements on employer-sponsored and union-sponsored group insurance plans and
insurance companies that provide coverage in the group and individual markets. HIPAA
provisions are divided into two main categories:
Title I contains provisions designed to increase the availability and continuity of
healthcare coverage for persons in the individual and group markets.
Title II mandates administrative simplification standards designed to protect the
confidentiality of health information and facilitate data exchange among entities
that finance and deliver healthcare services.
Almost all states have enacted laws that mirror the requirements of Title I of HIPAA. In
states with protections at least as stringent as those of HIPAA, state regulators enforce
these state laws. In states that have not developed acceptable provisions, HIPAA
protections apply and are enforced by the federal government.
Title I: Availability and Continuity of Healthcare Coverage
Individual Coverage Provisions
Title I of HIPAA guarantees the availability of health insurance coverage for individuals
who meet certain qualifications. All such qualified individuals who apply for individual
insurance coverage from a private insurer or a state high-risk pool (depending on state
law) must be issued a policy automatically, without a medical examination and
regardless of preexisting conditions.
In general, to qualify for HIPAA guaranteed individual issue a person must meet these
requirements: She recently had at least 18 months of health coverage (group or
individual insurance or a public program such as Medicare or Medicaid), her most recent
coverage was group coverage, and she is currently ineligible for either group coverage
or coverage under a public program. An individual who loses group coverage because
he changes jobs and his new employer does not provide healthcare coverage may also
qualify for guaranteed individual issue.
Group Coverage Provisions
Title I of HIPAA also includes key group healthcare coverage provisions, including
limitations on the use of preexisting condition exclusions, guaranteed availability of
coverage for small groups, guaranteed renewability of coverage for all groups, and
special enrollment periods for certain individuals (such as newborns or adopted
children).
Title I of HIPAA ensures that individuals are not denied healthcare coverage or charged
more for that coverage by a group plan because of their health status (defined to include

Page 7 of 11

Federal Laws and Regulation

an individuals health status, medical conditions, treatment history, claims experience,

and genetic information). Group plans and insurers also may not apply waiting periods,
cost-sharing mechanisms, or other eligibility rules in a way that that discriminates
against individuals on the basis of health status.
Title I of HIPAA has been amended by subsequent acts that create additional
protections for individuals with group healthcare coverage. These include the following:
The Mental Health Parity Act of 1996 (MHPA) prohibits group health plans or
insurers that provide coverage to businesses with more than 50 employees from
applying more restrictive annual and lifetime limits on coverage for mental illness
than for physical illness. It should be clarified that MHPA does not require health
plans to offer mental health coverage, but it imposes requirements on those
plans that do so. This law has been amended to expand the parity requirements
to any financial requirement or treatment limitation that may be imposed by a
health plan or insurer.
The Newborns and Mothers Health Protection Act of 1996 (NMHPA)
specifies that group health plans or group healthcare insurers cannot require that
hospital stays following childbirth be shorter than 48 hours for normal deliveries
or 96 hours for cesarean births. NMHPA does not require group plans and
insurers to offer maternity hospitalization benefits, but it imposes requirements on
those group plans and insurers that do so.
The Womens Health and Cancer Rights Act of 1998 (WHCRA) requires
health plans (both group and individual coverage) that offer medical and surgical
benefits for mastectomy to provide coverage for reconstructive surgery following
mastectomy. Again, the law does not require group plans and insurers to offer
mastectomy benefits, but it imposes requirements on those that do so.
Title II: Administrative Simplification
Title II of HIPAA requires the Department of Health and Human Services (HHS) to
develop administrative simplification standards. Some of these are designed to
standardize electronic healthcare transactions, such as claims and eligibility inquiries.
Others are intended to ensure the privacy and security of individually identifiable
health information (health information that, by itself or in conjunction with other
available information, identifies an individual). HHS has developed a number of
regulations that establish Title II administrative simplification standards.
These standards apply to health plans, healthcare providers that use electronic
transactions, and healthcare clearinghouses. A healthcare clearinghouse is a private
or public entity that converts provider data into the correct format for each health plan
and converts health plan data into the appropriate provider format. The clearinghouse
also sorts and transmits all data. Billing services, repricing companies, community health
management information systems, and value added networks may be healthcare
clearinghouses.
Electronic Transaction Standards and Code Sets

Page 8 of 11

Federal Laws and Regulation

As required by HIPAA, HHS has developed regulations that standardize the form and
content of electronic healthcare transactions. Transactions subject to these standards
include: healthcare claims or encounter data, health plan eligibility inquiries and
responses, provider referrals and authorizations, claims status inquiries and responses,
health plan enrollment and disenrollment requests, claim payment and remittance,
health plan premium payment, coordination of benefits information, and healthcare
claims attachments.
HHS has identified existing industry format standards and code sets, such as the ICD-9CM diagnosis codes and CPT-4 procedure codes, that must be used when conducting
electronic healthcare transactions. HHS has also created a new system in which all
healthcare providers apply for a National Provider Identifier (NPI) to be used for
electronic transactions, replacing the various provider identifiers used by different health
plans.
Privacy and Security Standards
HIPAA requires HHS to develop standards to ensure the privacy and security of health
information. These standards control the use and disclosure of health information by
health plans, healthcare providers, and healthcare clearinghouses, and they provide
individuals with certain rights with respect to their information. The privacy standards
include the following rules:
Healthcare providers must generally obtain an individuals written consent to use
protected health information. Health plans, healthcare providers, and
clearinghouses may use or disclose healthcare information for their own
treatment, payment, or operations without obtaining the individuals consent.
The transmission of individually identifiable health information for purposes other
than medical treatment, payment, or healthcare operations without the patients
written authorization is generally prohibited.
Patients are allowed to access their medical records and request amendment of
incorrect or incomplete medical information.
Patients are allowed to request that restrictions be placed on the accessibility
and use of protected health information.
Healthcare providers, healthcare clearinghouses, and health plans must institute
privacy and security policies and procedures and workforce training programs.
Healthcare providers, health plans, and healthcare clearinghouses must institute
privacy protections in contracts with any business that uses health information on
their behalf.
HIPAA security standards are designed to prevent unintended access to protected
health information and mandate features entities must include in their operations to
ensure that such information is secure. These features include administrative
procedures and physical devices and mechanisms to protect data integrity and
confidentiality. The security standards are scalablethat is, the procedures and
mechanisms used by a particular entity may vary depending on the size, structure,

Page 9 of 11

Federal Laws and Regulation

security needs, and business requirements of the entity. The HIPAA Privacy Rule
requires covered entities to:
ensure the confidentiality, integrity, and availability of all electronic protected
health information (EPHI) that the covered entity creates, receives, maintains, or
transmits;
protect against any reasonably anticipated threats or hazards to the security or
integrity of such information;
protect against any reasonably anticipated uses or disclosures of such
information that are not permitted or required by the Privacy Rule; and
ensure compliance by its workforce and any business that contracts with the
covered entity.

Conclusion
There are many federal laws that have a significant impact on health plans, and we have
looked briefly at some of the most important:
Under antitrust laws, health plans must not engage in activities that restrain a
free, competitive marketplace, such as price-fixing and market allocation.
Under financial services legislation, plans must protect the privacy of consumers
financial information.
ERISA governs employer-sponsored health plans, establishing participant rights,
investment standards, and disclosure requirements. ERISA also exempts
employer plans (but not insurers) from state regulation.
COBRA gives employees and dependents certain rights to continue employersponsored health coverage for a time after they lose eligibility.
The HMO Act of 1973 sets standards for HMOs that choose to be federally
qualified.
Under various laws, employers may not discriminate among employees based on
race, age, gender, and similar factors in regard to health coverage.
HIPAA contains many provisions designed to increase the availability and
continuity of healthcare coverage, protect health information, and facilitate data
exchange.
Notes
1

Adapted from Sharon B. Allen, Dennis W. Goodwin, and Jennifer W. Herrod, Life and Health
nd
Insurance Marketing, 2 Ed., LOMA, 1998. Used with permission, all rights reserved.

Page 10 of 11

Federal Laws and Regulation

Financial Services Modernization Act (Gramm-Leach-Bliley), Summary of Provisions,

www.senate.gov/.
3

Adapted from Harriett. E. Jones and Dani L. Long, Principles of Insurance: Life, Health, and
nd
Annuities, 2 Ed., LOMA, 1999. Used with permission, all rights reserved.

Page 11 of 11