Relief for New Mexico Residents Impacted by Wild Fires Residents of New Mexico affected by recent wild fires may be eligible for a temporary suspension of their premium payments to allow continuing insurance coverage. Learn More

All Articles

Service Providers, Access to Data, and Excessive Costs: What Can Health Plans Do to Mitigate the Risk of Liability?

Download a PDF of this Q&A

March 20, 2024


Ullico Casualty Group, LLC and The Union Labor Life Insurance Company note a growing concern that plan sponsors and fiduciaries of health plans may come under fire for relying on their service providers to make prudent healthcare spending decisions on their behalf. Fiduciaries are expected to ensure that the healthcare claims paid and the service provider fees charged are reasonable. Plan sponsors and fiduciaries have rightfully grown concerned about the risk of liability if their plan has overpaid for the healthcare enrollees have received.

Q&As for Multiemployer Plans

What is CAA and how does it allow for obtaining claims data?

In 2020, Congress passed the Consolidated Appropriations Act, 2021, which imposed new transparency obligations on group health plans. While no regulations have yet been issued, the CAA provision prohibiting contractual “gag clauses” provides that an agreement between a group health plan and a health care provider, network or service provider offering network services may not contain a term that restricts the group health plan from disclosing provider-specific costs or quality of care information. Covered group health plans must attest each year to their compliance with this provision.

Have there been any lawsuits filed with respect to lack of data and fiduciary responsibility?

Since 2020, there has been an uptick in lawsuits concerning plan sponsor access to claims data and group health plan mismanagement of plan healthcare spending. In The Kraft Heinz Co. Employee Benefits Administration Board v. Aetna Life Insurance Co., Kraft sued Aetna for access to claims data and alleged mismanagement of funds. While this case has since been settled, similar cases are still ongoing.
Following on the heels of plan sponsors’ lawsuits seeking greater claims data transparency, a participant recently sued Johnson & Johnson, her plan sponsor, for mismanaging its group health plan by allegedly overpaying its pharmacy benefit manager for drugs that were generally available at a much lower cost. See Lewandowski v. Johnson & Johnson. The participant alleged that the plan fiduciaries breached their ERISA duty of prudence and loyalty (i.e., to act solely in the plan’s interest) when they selected the PBM when there were other less expensive PBM arrangements available. The participant alleged harm to the plan enrollees in the form of the higher prescription drug cost-sharing and premiums. This suit has further magnified plan sponsors’ concerns whether they have sufficient information to ensure their plans’ healthcare payments are appropriate, and whether they are adequately selecting and monitoring their service providers.

Why do multiemployer plan fiduciaries experience challenges when attempting to obtain healthcare data from their service providers?

Service providers negotiate discounts, allowable charges and other healthcare provider rates on a book of business basis, meaning data that accurately reflects the cost of care is not tailored to a specific health plan. Service providers generally consider this information proprietary and frequently choose not to share it with plan fiduciaries or share only limited amounts. Another obstacle fiduciaries face is the lack of contractual rights to access their plans’ claims data. A fiduciary is not party to the service provider’s contract with the healthcare provider. Therefore, fiduciaries should consider creating contractual rights to their group health plan data during the contracting process with their service providers.

What should multiemployer plan fiduciaries consider when contracting with their service providers in order to fulfill their fiduciary duties under ERISA?

A fiduciary is obligated by ERISA to conduct a prudent process when engaging a service provider. The fiduciary is not necessarily obligated to review every single claim or hire the service provider that would be the lowest cost to the plan. With this standard in mind, fiduciaries should consider seeking rights in the service provider contract and interviewing the service provider in a manner that would demonstrate to the Department of Labor, or a court, that its selection process was prudent. For example, prior to entering into a contract with a service provider, a fiduciary could conduct requests for proposal (otherwise known as “RFPs”) which address the plan’s rights to claims data and compare several service providers’ representations. Fiduciaries should make sure they understand the contracted network, associated discounts and fees, the claims payment accuracy, and network breadth before engaging the service provider.

Could an experienced benefits consultant in this area be helpful in the RFP process?

A fiduciary may rely on a consultant’s help when deciding which TPA is the best to engage. The fiduciary should be mindful of any conflicts of interest the service provider and the fiduciary’s engaged experts (e.g., a consultant) may have when assessing a service provider’s value offering. For instance, if a consultant would receive a referral bonus for recommending a particular service provider to a plan, the fiduciary should be aware of this financial incentive and assess the service provider’s value offering with this in mind.

What contract concerns regarding data could be addressed in the RFP process?

In the actual contract itself, the fiduciary should consider requesting particular guarantees for accessing its plan’s claims data, establishing ongoing audit rights, or creating enforceable performance measures. The fiduciary should also consider who it wants to share claims data with. By law, a group health plan’s HIPAA business associates will also be permitted access to a plan’s claims data. For other third-parties the fiduciary wants to share its claims data with, the fiduciary should seek to establish such disclosure rights in the service provider contract. Importantly, the fiduciary should document its evaluation and contracting process so it may demonstrate to a court or regulator that it carried out its fiduciary duties properly.

What steps should multiemployer plan fiduciaries take to make sure they fulfill their duty of prudence when monitoring service providers?

Fiduciaries must demonstrate that they conducted a prudent process when monitoring their service providers. Obtaining claims data is not the equivalent of fulfilling an ERISA fiduciary duty. Fiduciaries are expected to understand their service providers’ administrative fees and ensure their service provider is performing its role correctly as well as collecting fees for itself appropriately. Plan fiduciaries should obtain representations that they are receiving disclosure of all direct and indirect compensation for the service provider to avoid fiduciary self-dealing concerns. This due diligence requires the fiduciary to, for example, periodically conduct requests for proposal, negotiate for and conduct market checks, and exercise audit rights. Fiduciaries are permitted to rely on experts in areas that the fiduciary needs support. However, when engaging experts, the fiduciary is not relieved of its fiduciary duties. The fiduciary should not blindly follow contract consultants’ advice as the fiduciary remains ultimately responsible for fulfilling its duty of prudence in monitoring both the cost and quality of a service provider’s services.