Self-Funding Compliance Considerations

October 12, 2023

What Is Self-Funding?

Plans are either “fully-insured” or “self-insured.”

  • Fully-Insured: the insurance carrier issues an insurance policy, the employer pays a fixed premium to the insurance carrier, and the carrier pays incurred claims from the insurer’s assets.
  • Self-Insured: the employer pays all plan expenses and incurred claims out of its general assets until any stop-loss limits are met. Employers and employees typically contribute toward the cost of coverage.

Note: plans that are “partially” insured are self-insured for compliance purposes.

Why Self-Insure?

  • Flexibility: benefits, services, and providers are more customizable.
  • Cost-effective: pays only costs of own employees, controls plan reserves, potentially improves cash flow, limits profits/margins paid to insurer.
  • Transparency: Payments tied to specific claims (not insurance pool), so employers can see exactly where the healthcare spend is going.
  • Different legal framework:
    • Fully-Insured: subject to state law, pay state health premium taxes (usually 2-3%), regulated by state insurance commissioner.
    • Self-Insured: subject to federal law and regulation by DOL/IRS/HHS (generally exempt from state laws under ERISA).

Why NOT to Self-Insure?

  • Certainty: While typically more expensive, fully insured plans are less volatile because the employer’s financial cost is the fixed monthly premium.
    Risk: Employer may have insufficient assets or cash flow to assume the risk of paying healthcare claims (usually smaller companies).
  • Complexity (legal and administrative):
    • Potential risk of in-house fraud.
    • More employer involvement, such as plan design, contracting, oversight, management, participant communications, and engagement.

Third-Party Administrators (TPAs)

  • Employers typically engage a third-party administrator (“TPA”) to administer a self-insured plan.
    • Selecting a TPA is a fiduciary act
    • Employers usually conduct periodic requests for proposals to select and monitor TPAs
  • TPA responsibilities include:
    • Establishing and maintaining the provider network
    • Credentialing network providers
    • Adjudicating, processing, and paying claims
    • Making adverse benefit determinations and sending required notices
    • Adjudicating appeals and coordinating external review
    • Customer service
  • Negotiate administrative services agreements and business associate agreement with TPA. Do not sign form vendor agreements!
  • Key provisions include: 
    • TPA’s status as a fiduciary
    • Indemnification
    • Limitation of liability
    • Governing law/dispute resolution
    • Data privacy, security, confidentiality, and breach responses
    • Fees
    • Reporting
    • Mental health parity comparative analysis
    • Service levels/performance guarantees

Prepare and Distribute Plan Documents

ERISA requires a formal written plan document, a summary plan description (SPD), and a summary of benefits and coverage (SBC). With self-funded plans, the plan documents are more tailored, and the sponsor is ultimately responsible for drafting and amending the plan.

The sponsor is also ultimately responsible for distributing all required documents and notices. The employer should require the TPA (via contract) to timely prepare and provide draft plan-related documents for employer review/revision.

Applicable Federal Laws

  • Employee Retirement Income Security Act (ERISA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Consolidated Omnibus Budget Reconciliation Act (COBRA)
  • Patient Protection and Affordable Care Act (ACA)
  • The Americans with Disabilities Act (ADA)
  • The Age Discrimination in Employment Act (ADEA)
  • Consolidated Appropriations Act, 2021 (CAA)
  • The Pregnancy Discrimination Act
  • Mental Health Parity Act (MHPA) and Mental Health Parity and Addiction Equity Act (MHPAEA)
  • Genetic Information Nondiscrimination Act (GINA)
  • Women’s Health and Cancer Rights Act (WHCRA)
  • Newborns’ and Mothers’ Health Protection Act (Newborns’ Act)

Plan Design & Coverage

Generally, ERISA preempts state laws that “relate to” ERISA plans, but:

  • Self-insured plans must pick a state benchmark plan to identify certain covered benefits as “essential health benefits” for ACA purposes.
  • States can still regulate TPA and PBM activity if the laws or regulations do not effectively dictate the terms on which ERISA plans operate.

Self-insured plans generally have wide discretion in terms of benefits and exclusions, but:

  • To receive tax-favored treatment, expenses must qualify as “medical expenses” under the Internal Revenue Code.
  • Federal benefit mandates (e.g., mental health parity, preventative health services, No Surprises Act, COBRA, and ACA) still apply to self-insured plans.

Nondiscrimination Rules Affect Plan Design

Self-insured plans have flexibility to design the terms of plan eligibility, benefits, and contributions and to vary these terms by employee class. Variances in benefits must comply with the applicable nondiscrimination rules. Various nondiscrimination rules apply, such as:

  • Code Section 105(h): Establishes nondiscrimination rules for eligibility and benefits to help ensure self-insured plans do not discriminate in favor of highly compensated employees.
  • Code Section 125: Establishes nondiscrimination rules for cafeteria plans (applies when contributions are paid on a pretax basis).
  • HIPAA: Prohibits health plans from discriminating based on an individual’s health factor. Allows different benefits to be offered to different classes of employees based on bona fide business classifications.

Code Section 105(h)

Section 105(h) ensures that HCIs are not favored under the self-funded plan designs. These rules do not (yet) apply to fully-insured plans.

HCIs include:

  • One of the five highest-paid officers;
  • A shareholder who owns more than 10% of the value of employer’s stock; or
  • Among the highest-paid 25% of all employees (other than excludable employees who are not participants).

Eligibility Test: Plan cannot favor HCIs regarding eligibility to participate.

  • 70% or more of all employees must benefit from the plan; or
  • 80% or more of all employees are eligible to benefit under the plan if 70% or more of all employees are eligible to benefit under the plan; or
  • Plan benefits employees under a classification set up by the employer and found by the IRS not to be discriminatory.

Benefits test: All benefits provided to HCIs are provided to other participants. There must be no discrimination in operation.

Funding Considerations

ERISA imposes fiduciary duties with respect to “plan assets.” Plan assets include:

  • Participant contributions paid toward plan premiums (contributions).
  • Certain amounts attributable to plan assets (e.g., rebates).
  • Segregated funds held for the purpose of paying plan benefits.
  • Employers typically have employees pay their contributions on a pretax basis through a cafeteria plan. DOL provides an exception for ERISA’s trust requirement.

Health Insurance Portability and Accountability (HIPPA)

HIPAA requires “covered entities” to, among other things, safeguard protected health information (“PHI”):

  • Self-insured plans are HIPAA “covered entities.”
  • Adopt and implement HIPAA policies and procedures for Privacy Rule, Security Rule, and Breach Notification Rule.
  • Must include specific provisions in plan document to share PHI with workforce members who are behind the “HIPAA firewall.”
  • Must train workforce on HIPAA policies and procedures.
  • Must have business associate agreements with the plan’s business associates.

Key HIPPA Compliance Steps

  • Establish HIPAA policies and procedures.
  • Appoint a HIPAA privacy officer and security officer.
  • Determine which employees will have access to PHI.
  • HIPAA “firewall”
  • Limited to employees with plan administrative functions (“need to know”)
  • Implement HIPAA training schedule.
  • Document training
  • Risk assessment (administrative, physical, technical safeguards).

ACA Reporting

All employers with self-insured plans must report offers of coverage under the ACA.

  • Non-applicable large employer:
    • Form 1094-B (all parts)
    • Form 1095-B (Parts I, III, and IV)
  • Applicable large employer:
    • Form 1094-C (Parts I, II, III, and IV)
    • Form 1095-C (Parts I, II, and III)
  • Forms 1095-C /1095-B must be furnished to applicable individuals
  • Forms 1094-B and 1095-B/1094-C and 1095-C filed with the IRS

Price Transparency Reports (TiC)

Federal regulators issued the final Transparency in Coverage Rule in October 2020. Post links to Machine-Readable Files (“MRFs”) on publicly available website, updated monthly with detailed pricing information.

  • In-Network Rates
  • Out-of-Network Allowed Amounts
  • Prescription Drugs
    • Enforcement was previously delayed

September 2023 guidance removes nonenforcement policy; plans should provide this file

Issue: Plan sponsors of self-insured plan may not have a public plan website
Solution: Employer can enter into a written agreement for the TPA to maintain the site and update the MRFs

RxDC Data Collection Reports

Requires collection and publication of specified plan data and information related to group health plans, drug costs, rebates, and fees.

  • 2022 report was due by June 1, 2023.
  • 2023 report is due June 1, 2024.

Issue: Reporting obligation lies with the plan, which generally does not have the information necessary to report.
Solution: The rules permit (and expect) employers to delegate responsibility to TPA/PBM to submit the Rx Data Collection Report.

Note: Plan is ultimately responsible for reporting, even if TPA does not perform.

No Gag Clause Attestations

Group health plans are prohibited from entering into an agreement with a health care provider, provider network, TPA, or other service provider that would restrict the plan from:

  • Providing provider-specific cost or quality of care information or data.
  • Electronically accessing de-identified claims and encounter information.
  • Sharing either of these types of information with a business associate.

Plans must annually submit an attestation of compliance to federal regulators. The first attestation is due no later than December 31, 2023, and each December 31 thereafter. Submit here.

Who Performs Reporting?

Fully-Insured Reporting:

  • Insurance company submits the attestation, and
  • Group health plan submits the attestation
  • If the plan’s coverage consists of group health insurance coverage and the insurer submits the attestation on behalf of the plan, regulators consider the plan and insurer to have satisfied the attestation requirement.

Self-Insured Reporting:

  • Group health plan submits the attestation
  • It can enter into a written agreement with its service provider (e.g., TPA) under which the service provider attests on the plan’s behalf.
  • If service provider fails to submit the attestation, the plan is in violation of the attestation requirement.

Compliance Tips

Review contracts (e.g., administrative services agreements, business associate agreements, pharmacy benefit management agreements, and statements of work) for prohibited “gag clauses.”

  • Amend contracts if indicated.
  • Include provisions for “no gag clause” rule in future contracts/amendments.
  • Determine who is responsible for preparing and submitting the attestation.
  • For self-insured plans, obtain written agreements with service providers.
  • Submit by deadline if a third party will not do so for the plan.

Mental Health NQTL (MHPAEA, ACA, CAA)

“NQTL” means Non-Quantitative Treatment Limitations. An NQTL is any nonnumerical limit on the scope or duration of benefits for treatment.


  • Step therapy
  • Prior authorization
  • Licensure limits
  • Geographic limits

In general, under federal law, health plans must offer mental health/substance use disorder (MH/SUD) treatment in parity with medical/surgical (M/S) treatment. Federal law requires plans to perform and document an NQTL comparative analysis.

NQTL analysis:

  • Identify the NQTL
  • Identify the factors considered in the design of the NQTL
  • Identify the sources (processes, strategies) used to define the NQTL factors
  • Are the sources comparable and no more stringently applied to MH/SUD and M/S benefits?
  • DOL has detailed list of information that should be included in the comparative analysis
  • NQTL comparative analysis must be made available to regulators and participants upon request!
  • High enforcement priority for the U.S. Department of Labor!


  • PCORI = Patient-Centered Outcomes Research Institute
  • Created by ACA, extended by the CAA through 2029 (at least)
  • Is a fee reported and paid once per year based on the average number of lives covered under the policy or plan
    • $3.22 (PYE between October 1, 2023 and September 30, 2024)
    • If fully insured → PCORI paid by issuer of policy
    • If self-insured → PCORI paid by plan sponsor
  • Reported on Form 720 (Quarterly Federal Excise Tax Return)
  • Payment due July 31
OUR OFFICE Contact Us.
We are proud to be located in the heart of Indiana. Call, send us an email, or stop by.

Send us a message on LinkedIn, Facebook, or through email.

Foot NPS

LoCascio Hadden and Dennis, LLC. Copyright© 2022. All rights reserved. Privacy Policy.