May 22, 2023

4 Steps for Large Employers to Meet Fiduciary Duties and Mitigate Legal Risk


Darren Fogarty
Associate Director of Purchaser Value and Policy (Interim)


ERISA makes very clear the liability for CAA compliance ultimately rests with the employer and its designated plan fiduciary. There are four steps employers can take today to demonstrate good-faith compliance and mitigate legal exposure and consequences.
Tweet Email
Although vendors will be instrumental in assisting employers and plan fiduciaries in meeting the CAA’s requirements, employers cannot delegate their fiduciary obligations away and must take steps to engage the CAA head on.
Tweet Email

The Consolidated Appropriations Act (CAA) has created both opportunities and risks for employers when it comes to overseeing employee health benefits.

The CAA finally gives employers access to the kinds of cost-benefit data long available with virtually every other business decision. The law equips them to better perform their role as stewards of company and employee finances by assessing the value of the health care services they purchase for employees. Over time, these new insights will likely set in motion an unprecedented shift in the health care market’s balance of power. For that reason, it’s no surprise that vendor compliance with these new pricing, contractual and compensation disclosure mandates has been fragmented, incomplete or non-existent.

Employers must now take steps to develop rigorous fiduciary processes around health care purchasing. Consistently demonstrating good faith efforts to comply with the CAA will lead toward a safe harbor that should mitigate future legal exposure and adverse compliance action. Equally important, employer expectations will compel vendors to either alter their behavior or risk losing important accounts and business.

The challenge employers face should not be underestimated. ERISA makes very clear the liability for CAA compliance ultimately rests with the employer and its designated “plan fiduciary.” This may be an individual plan sponsor (who retains personal fiduciary liability), an internal committee, the board of directors or some combination of these. Although vendors will be instrumental in assisting employers and plan fiduciaries in meeting the CAA’s requirements, employers cannot delegate their fiduciary obligations away and must take steps to engage the CAA head on.

4 Steps Your Organization Can Take to Help Protect Itself from Legal Exposure

There are four steps employers can take today to demonstrate good-faith compliance with the CAA’s fiduciary obligations and mitigate downstream legal exposure and consequences.

1) Develop processes and criteria for evaluating vendor performance. Under ERISA, plan fiduciaries must run their health plan (including pharmacy, vision and dental benefits) solely in the interest of employees and their dependents with the exclusive purpose of providing benefits. They must also avoid conflicts of interest and show the plan pays only reasonable expenses. Because the CAA makes available new sets of transparency information, plan sponsors will find their opportunity and duty to oversee vendors has increased.

Employers must now develop and document a process for monitoring vendor performance for value and alignment with the health plan’s interests. This monitoring process should include regular review of the plan’s vendors to determine whether fees and claims are reasonable. Employers should benchmark their vendors’ compensation against others in the market and should periodically review their current vendors to assess reasonableness and examine the continued suitability of these relationships.

2) Request vendor compensation information. The CAA requires health plan fiduciaries to request details on the direct and indirect compensation their insurance brokers, consultants, pharmacy benefit managers and third-party administrators expect to receive. These compensation disclosures should include a detailed explanation of the services provided and direct and indirect compensation, including bonuses, referral fees, rebates and commissions, as well as the source of that compensation.

If you can’t understand a compensation disclosure document, push until the specifics are clear. Beware of ambiguous phrases like “we may or may not receive compensation.” Ensure the disclosure is signed not just by a representative of the firm, but also by someone in senior management who is able to authoritatively attest to its accuracy.

If the vendor refuses to provide the information or fails to do so within 90 days, employers are required to notify the Department of Labor and terminate the contract. Similarly, if the compensation is excessive or “unreasonable” or if it implies conflicts of interest, the vendor relationship would become a “prohibited transaction” under ERISA that the employer could not lawfully continue.

3) Work with legal counsel to ensure all gag clauses are removed from your service provider contracts. The CAA explicitly bans the presence of “gag clauses” in health plan service provider contracts, which are contractual terms that would restrict an employer’s access or ability to share health care cost and quality data. Prior to the CAA, these were extremely commonplace. Now, contracts entered into after December 27, 2020 cannot legally contain them.

Earlier this year, CMS announced employers will need to submit on December 31, 2023 their first attestation of having removed all gag clauses in their contracts. Moving forward, employers will need to attest annually.

Employers need to take great care in ensuring, with expert legal counsel, that they are compliant with this requirement. More importantly, they should view the CAA’s prohibition on gag clauses as an opportunity to access their full, de-identified claims data, including allowed amounts. Many employers have struggled to receive full information before and had to make health care purchasing decisions in the dark. The CAA has provided the light employers need to access and analyze their data.

4) Request plan-level prescription drug data collection (RxDC) data from your pharmacy benefit manager (PBM). The CAA mandates yearly submission of information on prescription drugs and health care spending, known as RxDC reporting. Often, this data is gathered and submitted in large part by a plan’s third-party administrator and PBM without the employer ever seeing the information.

However, RxDC data, originating from PBMs, contains potentially valuable information for an employer. Specifically, it includes novel information on the financial impact of rebates, fees and other drug manufacturer payments on the health plan and its impact on premiums and employee out-of-pocket costs.

Employers should request their plan-level RxDC data. If your PBM declines to provide it to you, document that you attempted to obtain it. If they do provide it, enlist the help of an independent, third-party pharmacy consultant to analyze the rebate information for new insights on how it affects your plan’s premiums and your employees’ out-of-pocket expenses.

What’s Next for Employers

As the post-CAA health care environment solidifies, new third-party intermediaries will undoubtedly emerge to provide employers with new tools, actionable insight and comparative cost and compensation data around the full spectrum of health care services, from hospitals to consultants to PBMs.

In the meantime, organizations must move forward as effectively as they can in uncovering baseline cost and compensation data. Ultimately, every step toward scrutinizing and defining value in the organization’s health plan is an exercise in fiduciary prudence and sound judgment that ensures organizational resources are used in the most effective way possible.


This content is educational in nature and should not be taken as legal advice. Consult with your legal counsel before making any decisions for your health plan, especially those related to CAA compliance.

Related Content

Changing the Game: Groundbreaking Drug Benefit Purchasing Standards for Large Employers

PBGH’s PBM Purchasing Standards build on a long history of combatting rising drug costs and helps employers and other health care purchasers combat abusive PBM contracting practices.

Employees Ready for Action to Address High Health Care Costs

For years, employees have faced increasing premiums and cost-sharing. But how well do they understand the sources of those increases, and how ready are they for employers or policymakers to take action?

What Employers Need to Know About Removing Gag Clauses from Health Care Contracts

Before the clock strikes midnight on December 31, 2023, private employers and other public health care purchasers will have been required to attest to their benefit plan contracts being free of gag clauses.

One Health Issue Impacting Almost Half of America’s Workforce

A recent survey of more than 1,000 working women found that 40% of women age 50 to 65 years old stated that menopause symptoms interfered with their work performance or productivity on a weekly basis.