DOL Begins Enforcing the ACA through Plan Audits

by Proskauer Rose LLP

Recent written audit requests to health and welfare plans from the U.S. Department of Labor (DOL) have included inquiries related to various mandates under the Affordable Care Act (the ACA or the Act). This is a significant development in the ongoing implementation of the ACA's various coverage and related mandates, in that it marks the first appearance of ACA-related topics in DOL auditing practices. While the recent U.S. Supreme Court oral arguments caused speculation as to the future of the ACA, unless and until the ACA is ruled unconstitutional by the Supreme Court, the Act is enforceable and will be enforced by the DOL. Thus, employer-provided group health plans must continue to comply and otherwise implement the ACA's various coverage and related mandates. Likewise, plan sponsors must comply with any ACA-related DOL audit requests, and be prepared to produce documents to prove that their plan complies with the ACA's various mandates.

Areas Addressed in Audits:

The DOL audit requests relating to the ACA can be divided into three types: (1) requests as to plans claiming grandfathered status; (2) requests as to plans not claiming grandfathered status; and (3) requests as to all health plans regardless of grandfathered status. For each type of request, the DOL has asked to examine the types of documents listed below.

1. For grandfathered plans (i.e., that are claiming or have claimed grandfathered status under Section 1251 of the ACA):

a. disclosure statements regarding grandfathered status included in material distributed to participants and beneficiaries describing the benefits provided under the plan; and

b. records documenting the terms of the plan on March 23, 2010, along with any ancillary documents required to verify the status of the grandfathered plan.

The DOL audit questions listed above appear to be aimed at substantiating that the plan in question complies with two requirements under the final interim regulations on grandfathered health plans under the ACA issued by the Departments of Labor, Health and Human Services, and Treasury on June 14, 2010; namely that plans must: (1) provide a specific notice that the plan believes it is a grandfathered health plan in any materials that describe the plan's benefits to participants or beneficiaries; and (2) maintain, and make available upon a government agency's request, records documenting the terms of the plan or health insurance coverage in effect on March 23, 2010, as necessary to verify, explain, or clarify the plan's grandfathered status. See our June 21, 2010 client alert that summarizes these regulations. 

2. Requests applicable to non grandfathered plans:

a. the plan's choice provider disclosure notice, along with a list of participants who received that notice;

b. documents relating to the plan's emergencies services benefits;

c. documents relating to the preventative services for each plan year on or after September 23, 2010;

d. the plan's internal claims and appeals procedures;

e. notices relating to adverse benefit determinations, the plan's final internal adverse determination notice, and the plan's final external review determination notice; and

f. contracts or agreements with independent review organizations or third-party administrators providing external review.

The DOL audit requests listed above appear to be aimed at substantiating that the plan in question complies with certain coverage mandates that apply only to nongrandfathered health plans, including covering certain preventive care services without cost sharing, as well as that any emergency hospital services must be provided without requiring prior authorization or higher cost sharing amounts, even for out-of-network services. See our June 28, 2010 client alert that addresses these mandates. In addition to these mandates, nongrandfathered health plans must adopt new internal and external claims procedures pursuant to guidance issued under the ACA. This guidance provides a safe harbor for compliance with the Act's requirement to offer a binding external review process under the plan. For this purpose, the nongrandfathered health plan must contract with three independent review organizations to handle external claims appeals. See our July 30, 2010 client alert that addresses the new claims and appeals rules.

3. Requests applicable to all plans:

a. for plans with dependent care coverage, a sample of the notice describing enrollment opportunities relating to coverage of children up to age 26;

b. a list of any participants who had coverage rescinded and the reason for such rescission;

c. if the plan imposes or has imposed a lifetime limit since September 23, 2010, documents relating to that limit for each plan year; and

d. if the plan has imposed an annual limit since September 23, 2010, documents relating to that limit.

These requests appear to be aimed at eliciting information necessary for the DOL to determine a group health plan's compliance with four primary mandates applicable to all group health plans, regardless of the plan's grandfathered status. First, the Act requires group health plans and insurance issuers that provide dependent child coverage to make that coverage available for children until they attain age 26. See our May 11, 2010 client alert that addresses this mandate. In addition, the Act does not permit the rescission of coverage absent fraud or material misrepresentation on behalf of the individual claiming coverage under the group health plan. For this purpose, a rescission is simply the retroactive termination of coverage for any reason other than non-payment of premiums. Finally, the ACA does not permit group health plans to impose lifetime or annual limits on benefits deemed to be "essential," a term that needs further definition by the oversight agencies. See our June 28, 2010 client alert that addresses the rules governing rescissions as well as lifetime and annual limits.

Best Compliance Practices:

Generally, plan sponsors and administrators must be able to demonstrate that their plans comply with the ACA, which requires documentary evidence – from plans, record keepers, and/or service providers. Written records of the steps taken to comply with the ACA since September 23, 2010, including detailed records of participation information and communications with participants about enrollment periods and coverage, should be retained in a readily accessible fashion. For example, plans should keep and be able to produce notices of coverage for children up to 26 years of age, and evidence of distribution. Likewise, any plan amendments or written policies that were adopted to implement the ACA mandates discussed above should be ready for production.

Upon receiving such an audit request, you should contact counsel immediately, as the issues are complex, and swift action is often necessary to protect the various rights and interests of the numerous entities involved in administering health and welfare plans. Please feel free to contact your Proskauer lawyer or any member of our Health Care Reform Task Force with questions on this alert or any aspect of health care reform.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer Rose LLP | Attorney Advertising

Written by:

Proskauer Rose LLP

Proskauer Rose LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.