Anjali Downs (adowns@ebglaw.com) is a Member of the Firm, Kevin Malone (kmalone@ebglaw.com) is Senior Counsel, and David Shillcutt (dshillcutt@ebglaw.com) is Associate Attorney in the Washington, DC, office of Epstein Becker & Green PC.
On December 27, 2020, deep within the lengthy Consolidated Appropriations Act (CAA), Congress enacted additional compliance and oversight requirements for group health plans and health insurers (plans and insurers) (referred to as the Strengthening Parity in Mental Health and Substance Use Disorder Benefits Act).[1] The purpose of these new requirements is to codify existing subregulatory guidance regarding certain requirements for compliance programs under the Mental Health Parity and Addiction Equity Act (MHPAEA).[2] Since its passage in 2008, MHPAEA has required health plans and insurers to ensure that beneficiaries have access to benefits that are designed and delivered in a manner that does not discriminate against individuals with mental health conditions or substance use disorders. The new requirements in the CAA provide further specificity as to the types of documentation and comparative analysis that are required for plans and insurers to demonstrate that their nonquantitative treatment limitations (NQTLs) are nondiscriminatory. NQTLs include a very broad range of managed care practices, including medical necessity criteria and clinical coverage guideline development, utilization management, provider network recruitment and reimbursement rate methodologies, and other practices that constitute a limit on the scope or duration of services.[3] The CAA mandates a step-wise NQTL compliance approach that essentially mirrors and codifies the guidance in the U.S. Department of Labor (DOL) Self-Compliance Tool.[4] To comply with these step-wise NQTL compliance requirements, plans and insurers need to develop and maintain detailed documentation about the processes, strategies, and evidentiary standards they rely upon in the implementation of these NQTLs.
While these requirements specific to NQTLs are unique to MHPAEA, the associated documentation and comparative analyses activities should feel familiar because they mirror some of the traditional documentation and auditing and monitoring functions of a corporate compliance program. Ultimately, plans and insurers need to demonstrate, upon request, that they are continually maintaining compliance with regard to parity—in effect maintaining the capacity to rebut a presumption of noncompliance at any time. This includes auditing and monitoring factors used to determine and apply the NQTLs for mental health/substance use disorder services to demonstrate that they are comparable and no more stringent than those for medical/surgical services in the same classification. Moreover, when noncompliance is identified, the plan or insurer has a system to proactively implement corrective action.
Section 203 of the CAA provides five specific factual and data analytical information steps for each NQTL that plans and insurers must make available upon request:
-
The specific plan or coverage terms or other relevant terms regarding the NQTLs and a description of all of the benefits (mental health/substance use disorder and medical/surgical) to which each term applies in each benefit classification, i.e., inpatient (in/out of network), outpatient office-based (in/out of network), outpatient other (in/out of network), emergency, and prescription drugs;
-
The factors used to determine that the NQTLs will apply to mental health/substance use disorder benefits and medical/surgical benefits;
-
The evidentiary standards used for the factors (every factor shall be defined, with any other source or evidence relied upon identified);
-
The comparative analysis demonstrating that the process, strategies, evidentiary standards, and other factors used to apply the NQTLs are designed and applied comparably and no more stringently than other NQTLs for traditional medical/surgical coverage; and
-
The specific findings and conclusions reached by the plans and insurers with respect to the health insurance coverage, including analysis related to compliance.
The CAA also contains an oversight element that requires the U.S. Department of Health & Human Services, DOL, and the Internal Revenue Service (collectively, the departments) to request comparative analyses of at least 20 plans per year, though experience to date suggests that the actual number of plans subject to enforcement will be much higher. Specifically, the departments will look at plans that involve potential violations of MHPAEA, complaints regarding noncompliance, and any other instances the secretary determines are appropriate. If the departments find that a plan or coverage offered by a plan or insurer is not in compliance, the plan or insurer must specify corrective action. The plan or insurer has 45 days to implement the corrective action. The CAA also contains certain notification requirements if the noncompliance continues. The departments will share information regarding a plan’s or insurer’s compliance with these requirements with the applicable regulators in states in which the plan or insurer operates.
Key themes in compliance risks
At the national level, DOL has identified three priority areas for enforcement for 2021: “(1) processes for determining whether provider reimbursement rates might indicate a MHPAEA violation, (2) accuracy of provider network directories, and (3) treatment limitations regarding Autism Spectrum Disorder.”[5]
The key compliance risk that many plans and insurers are facing for these and other NQTLs is that many plans and insurers have not undertaken a compliance analysis at a level of granularity that is sufficient to fully determine, or document, compliance. Careful review of the guidance in the Self-Compliance Tool and most recent FAQs regarding the CAA implementation[6] suggests that DOL investigators expect to see an extensive level of detail in the five-step analyses, and a far greater rigor of analysis than many plans and insurers currently provide. As the most recent FAQs note, “comparative analyses that consist of conclusory or generalized statements without specific supporting evidence and detailed explanations or a mere production of a large volume of documents without a clear explanation of how and why each document is relevant to the comparative analyses are insufficient [to meet the CAA requirements].”
Plans and insurers that have not previously undertaken compliance analyses at this level of detail may find it challenging to comply with the CAA requirements to document the factors, sources, and evidentiary standards that they use to apply these NQTLs because their existing policies and procedures may not clearly identify and define these factors, sources, and evidentiary standards. In many cases, relevant leadership and staff currently exercise broad discretion in applying NQTLs, which makes it difficult or nearly impossible to use existing policies/procedures to objectively demonstrate that the NQTLs are designed and operated in a way that is comparable and no more stringent with regard to mental health or substance use disorder benefits.
Even where clearly defined factors and evidentiary standards do exist, the process of developing the five-step analyses required by the CAA sometimes reveals compliance concerns that were not intentionally created and that had previously gone undetected. These hidden compliance concerns are especially common with regard to compliance with the “as applied” or “in operation” component of the parity analysis. Many compliance programs do not currently use operation measures to monitor NQTL implementation, but regulators have increasingly sought quantitative data to demonstrate that NQTLs are in fact applied comparably and no more stringently to mental health/substance use disorder benefits. For example, an increasing number of market conduct exams include a review of claims data, denial rates, provider reimbursement rates, and other data and finding evidence of noncompliance with regard to provider reimbursement, pharmacy benefits management, and various forms of utilization management.
Another current area of compliance risk involves coverage limits and utilization management for residential treatment programs for mental health and substance use disorder conditions. A significant and growing volume of litigation is focused on exclusions for certain residential treatment provider types (particularly in educational or wilderness settings) and on medical necessity criteria that require acute levels of need for these sub-acute treatment settings. Most regulators do not require plans and insurers to submit compliance analyses for the coverage criteria and medical policies that are applied to each individual benefit, and thus there have been few regulatory enforcement actions to date with regard to these policies. However, the litigation risk is significant, and this may become a greater focus for regulatory enforcement in the future.
Steps in the parity analysis
Although the structure of the five-step framework for analysis is very similar to preexisting guidance, including the DOL Self-Compliance Tool, the requirement to develop and maintain such documentation on a proactive basis is new. Previously, many plans and insurers focused on the identification and resolution of specific compliance concerns, rather than taking a prospective view of parity compliance. The new documentation requirements of the CAA shift the essential question that plans and insurers must ask from “Does this policy or procedure violate parity?” to instead addressing the following questions:
-
How can we objectively demonstrate that this policy or procedure does not violate parity?
-
How do plans and insurers get themselves in a position to be able to demonstrate this?
-
Where do compliance obligations reside within the organization?
-
Who is ultimately responsible and held accountable?
One way to answer these questions is to design and implement a comprehensive and proactive parity compliance program. While not identical to the seven elements of a corporate compliance program, the key steps and approach to implementation in a parity compliance program are similar. The purpose of developing a parity compliance program is that it will demonstrate the plan’s or insurer’s good faith efforts to comply with the CAA requirements and, more importantly, the MHPAEA. The following elements constitute the basis of a parity compliance program:
-
Conduct a parity assessment that starts with an analysis of the existing parity compliance documentation and interviews with key personnel who are responsible for or involved in developing (1) medical coverage policies and utilization management; (2) pharmacy benefits management, including vendor oversight as applicable; and (3) provider contracting and reimbursement. The risk assessment will ultimately assess the strengths, weaknesses, and gaps in current compliance documentation; identify risks; assess the strengths and weaknesses of current compliance process; identify necessary training; and develop a detailed auditing and monitoring work plan.
-
Develop formal policies and procedures that govern parity compliance, the integration into the general compliance program governance, including internal and external reporting procedures, internal issue escalation, vendor contracting and oversight, and the process of updating policies and procedures and NQTL analyses at regular intervals and for ad hoc updates.
-
Designate key personnel who will be responsible for ongoing parity compliance and governance. Similar to a compliance committee, this oversight team should consist of a diverse team of people, including people from traditional compliance roles and those with operational/business responsibilities who will take ownership for ensuring parity principles are applied. This oversight team will assemble documentation and analysis from all department and vendors to develop parity reporting for regulatory inquiries and/or to address compliance issues as they arise. This oversight team will also be responsible for providing routine updates to the board of directors and other senior leadership.
-
Train personnel on the policies and procedures and the parity requirements. Training should be focused on not just explaining the laws, but on imparting on all personnel their role in parity compliance. Trainings should be documented as part of the compliance program, including as a strategy for ensuring compliance with the “as applied” aspect of many NQTL analyses.
-
Develop an internal auditing and monitoring program that proactively addresses the five-step analysis in a systematic manner and identifies a specific timeline for updating operations measure data for each NQTL type and the resulting analysis as well as other ad hoc updates to reflect policy/practice changes.
-
Identify areas of concern and implement appropriate corrective action, including internal communications related to complaints/grievances, issues identified by regulators, and trends in regulatory oversight and litigation.
Timing
The new NQTL documentation requirements took effect February 10, and the departments have begun requesting compliance documentation in accordance with their enforcement obligations. Many investigations to date have provided just 10 days to respond to the initial request for the plan’s five-step compliance analysis for one or more NQTLs, along with a list of “all” NQTLs applied by the plan. It is currently unclear how many different NQTL analyses the departments may ultimately request over the course of an investigation, or how many rounds of follow-up questions and opportunities to supplement or amend the originally submitted analyses may be involved. However, if the DOL investigator determines that the plan’s analyses do not fulfill the five required components, the plan or insurer has only 45 days to demonstrate compliance. Because the development of these five-step analyses is a labor-intensive process that frequently takes longer than 45 days to complete (especially if multiple analyses are needed), plans and insurers should begin the process of developing a parity compliance program immediately so that they are in a position to respond proactively instead of starting the review at the initial request.
Conclusions
Compliance is not possible until a plan or insurer performs the full analysis. The primary focus of current regulatory oversight is on the development and maintenance of adequate analyses, and most of the examples provided in the recent FAQs point to deficiencies in the adequacy of the analyses. Plans and insurers need to develop a parity compliance program to proactively address these requirements.
Most current policies and procedures were not designed to fit the parity framework, and trying to apply the five-step analysis to existing policies and procedures can be a frustrating and time-consuming process of trying to cram a square peg into a round hole. It is often more efficient to take the current compliance requirements as an opportunity to first design the five-step parity analysis in a vacuum of sorts—according to the factors, sources, and evidentiary standards that the plan or insurer determines that it should be applying—and next review the existing policies and procedures to determine what revisions may be necessary to align with the new parity analysis. This requires the NQTL analysis to be performed as a policy-making activity, not merely a documentation/defense of existing practices. The efficiency and effectiveness of the process can also be enhanced by conducting analyses under privilege and with the advice of qualified counsel.
Most importantly, it is important to create awareness that parity touches almost everything that a plan does with regard to benefit design, claims determinations, provider contracting, and related functions. Basic knowledge and issue-flagging capabilities have to be embedded throughout the organization, including infrastructure to monitor implementation, elevate concerns as needed, and generate compliance documentation upon request.
Takeaways
-
Adjust expectations by framing the nonquantitative treatment limitations requirements as an enterprise-wide transformation beyond anything the managed care industry has faced in the past two decades.
-
Develop five-step parity analyses for key nonquantitative treatment limitations types, and develop a process for generating additional compliance analyses upon request.
-
Don’t rely on an isolated team of parity experts. Identify key staff responsible for ensuring parity principles, with someone having ultimate responsibility and oversight.
-
Parity is a continuous obligation. Ongoing compliance requires the integration of parity principles into policy development and other internal audit and oversight activities.
-
The parity tests are comparative. Plans and insurers retain the flexibility to change their practices, provided that changes are documented and analyzed for parity.