- Starting in 2022, employer-sponsored health plans must submit prescription drug and healthcare spending information to the Departments annually.
- The first report is due December 27, 2022, then annually on June 1.
- Employers may rely on a third-party reporting entity to submit information on their behalf.
- Employers must rely on their vendors to supply much of the information required for submission.
- Employers should take steps to ensure that reporting entities are fulfilling their obligations to report.
As part of the Consolidated Appropriations Act of 2021 (CAA), employer-sponsored health plans will be required to submit certain information about prescription drug and healthcare spending to the Centers for Medicare and Medicaid Services (CMS) annually called the Prescription Drug Data Collection Report (RxDC). Employers will look to their third-party administrators (TPAs) and pharmacy benefit managers (PBMs) to assist with the data collection and reporting. The Department of Labor (DOL) the Department of Health and Human Services (HHS) and the Treasury department (collectively known as “the Departments”) intend to use this information to issue public reports on prescription drug pricing costs and trends beginning in 2023. In November 2021, the Departments issued a press release and interim final rules (IFR). On June 29, 2022, CMS released updated reporting instructions for this new requirement. Learn more in our previous IFR article and August 2022 alert.
The CAA originally required plans and carriers to submit the required information for the first time by December 27, 2021, and then by June 1 of each year thereafter. However, in August 2021, the Departments delayed enforcement to December 27, 2022 for reports on 2020 and 2021 data. Subsequent annual reports will be due June 1.
The RxDC is a requirement on plans. While TPAs, PBMs and Carriers will likely help comply with the requirement, the ultimate responsibility to comply lies with the employers. Fully insured plans may transfer liability to their carriers if the carriers confirm in writing that they are taking responsibility for the reporting obligations.
The IFR requires employer-sponsored health plans and carriers to annually submit certain information on prescription drug and other healthcare spending to the Departments. The instructions break down the required information into two categories, Plan Lists (P) and Data Lists (D).
- P1. Individual and student market plan list
- P2. Group health plan list
- P3. Federal Employee Health Benefit (FEHB) plan list
- D1. Premium and Life-Years
- D2. Spending by Category
- D3. Top 50 Most Frequent Brand Drugs
- D4. Top 50 Most Costly Drugs
- D5. Top 50 Drugs by Spending Increase
- D6. Rx Totals
- D7. Rx Rebates by Therapeutic Class
- D8. Rx Rebates for the Top 25 Drugs
The Plan Lists identify the plans in a submission. There are three Plan Lists to identify a plan.
- P1 is required for plans in the individual or student market.
- P2 is required for employer-based health plans that are not FEHB plans.
- P3 is required for FEHB plans.
The P and D1 files require employers to report a limited amount of plan specific data. For purposes of this alert, we will refer to the P2 file which is the file that employer-sponsored group health plans will submit. The data collected is specific to the plan submitting. Employers will need to submit information such as:
- The beginning and end dates of the plan year
- The number of plan members
- States where coverage is offered
- The market segment (fully insured or self-funded, and small or large employer)
- Identifying information for the plan, TPA and PBM
- Group health plan number and ERISA plan number
Most the information listed in the plan file is information the employer will have on file and should be provided to the reporting entity to complete the submission.
The data files collect premium and spending information at an aggregated state or market level, or separately for each plan. It is likely that PBMs will submit this information on an aggregate level rather than individually. The IFR recognizes that it is possible that no single entity will have all the information necessary, so some coordination will need to occur between stakeholders such as the employer sponsor of a plan and their carrier or administrator.
TPAs or PBMs reporting on behalf of self-funded plans can, within each state and market segment, combine the data for all self-funded plans on whose behalf it is reporting. A self-funded plan is not required to have a TPA or PBM report on its behalf but is encouraged to do so. Plan sponsors should receive assurance from their TPA and/or PBM that they will be reporting on their behalf.
Plan Data (D1)
Data file D1 includes data specific to the group health plan such as:
- TPA identifying information
- The state where the employer is headquartered or the plan is contracted
- The average number of plan members
- Earned premiums for fully insured plans or premium equivalent rates for self-funded plans
- Administrative Services Only (ASO), (TPA) and stop-loss premiums paid
- The average monthly employer and employee contributions
Most the information listed in the D1 file is information the employer will have on file and should be provided to the reporting entity to complete the submission. For reference years 2020 and 2021 only, the Departments are providing nonenforcement relief related to the requirement to report the average monthly premium paid by employers versus members. The instructions state that if reporting entities have the required information they should report it, and that starting with reference year 2022 these data elements will be required.
Healthcare Data (D2)
Healthcare spending is reported in the D2 file. This file includes information such as that for hospital care, primary care, specialty care, medical benefit drug costs, laboratory costs, durable medical equipment, and wellness services billed on claims, plus additional information. The RxDC reporting instructions provide detailed information about the healthcare spending data that should be included in the submission.
Employers will need to rely on their TPAs or carriers to provide this information. It is likely that TPAs and carriers will submit the files on their clients’ behalf, but they are not required to do so.
Pharmacy Data (D3-D8)
Files D3-D8 report on pharmacy-specific information such as the most frequently used brand drugs, the costliest drugs, drugs that experienced a spending increase from the previous year, the total prescription drug spend, and specific information on rebate amounts.
Employers will need to rely on their TPAs or PBMs for carved-out pharmacy benefits to provide the information required to submit this section of the report. It is likely that PBMs and TPAs will submit the files on their clients’ behalf, but they are not required to do so.
A narrative response is required for some of the data files. The narrative response requires plans to provide additional information on items such as net payments from reinsurance or cost-sharing reduction programs, allocation and impact of rebates, and information on drug information missing from the CMS-crosswalk.
CMS encourages carriers, TPAs, and PBMs to submit aggregated data, and while it is not required to aggregate it is likely that most vendors will provide data in this manner. The IFR encourages vendors to aggregate data by its book of business rather than each plan specifically. Data must be aggregated by state, as determined by a self-funded plan’s principal place of business or a fully insured’s situs state or by market segment which is broken down into seven specific markets (e.g., individual, fully insured small group, self-funded small group).
Reporting Requirements and Submission Process
Data should be submitted through the Prescription Data Collection (RxDC) module on the Health Insurance Oversight System (HIOS) located on the CMS Enterprise Portal. Employers do not need to create a HIOS account if a third party is reporting on their behalf, only reporting entities need to register with HIOS.
Reporting entities must register with HIOS and request RxDC submitter status to file reports. Because the credentialing process can take several days, potential submitters are encouraged to get credentialed as early as possible.
Files must be submitted in a specific format outlined in the RxDC instructions. Additional information on file format requirements is found in the RxDC Data Dictionary. CMS provides model CSV templates for reporting entities’ use on the CMS website.
Plans, issuers, and carriers can contract with issuers, TPAs, PBMs or other third-party vendors to submit data on their behalf. The entity that submits some or all required information is called a reporting entity.
Multiple Reporting Entities
Multiple vendors can be reporting entities and submit data on a plan’s behalf, but the instructions are clear that multiple entities should not be reporting the same data as the HIOS system cannot identify duplicate information. The RxDC instructions provide this example:
“A self-funded group health plan may contract with a TPA to submit the Spending by Category data file (D2) and separately contract with a PBM to submit the Top 50 Most Costly Drugs file (D4). The submission for a plan, issuer, or carrier is considered complete if CMS receives all required files, regardless of who submits the files.”
CMS concedes that some coordination between vendors will be required and encourages vendors to work together to create data files. Each reporting entity may only view the files that it uploads to preserve confidentiality.
There is currently no confirmation process in place on the CMS portal to confirm data submission. Plans, issuers, and carriers are encouraged to confirm submission directly with their reporting entity.
Enforcement & Penalties
Neither the IFR nor the RxDC instructions provide details on department enforcement or penalties for non-compliance. It is possible that should penalties be imposed, they will be enforced by the Internal Revenue Service (IRS) at approximately $100 per day per violation.
Employer Obligations and Next Steps
The reporting responsibility lies with the group health plan sponsor, but their carriers, TPAs and PBMs will have most of the information necessary to submit the required data on behalf of employer-sponsored plans. There are some data elements that these organizations may not currently have in their systems, which may require some coordination with employers to collect the necessary information. Plan sponsors should be aware of what information the reporting entities will submit on their behalf and whether they need multiple reporting entities to complete the submission. Plan sponsors should confirm in advance of the due date that the data was submitted.
Fully insured plans should be able to rely on the carrier to submit all required data to satisfy the requirement. Fully insured plans should obtain in writing the responsibility of the carrier to report.
Self-insured plans should contact their TPAs and PBMs to determine what assistance these vendors will provide and review any service agreement provisions regarding reporting responsibility, liability in the case of errors or failure to report, and any additional fees incurred for the additional responsibility.
EPIC is monitoring any developments with this new requirement to determine how we can best assist our clients and will release additional resources as more information becomes available.
EPIC Employee Benefits Compliance Services
For further information on this or any other topics, please contact your EPIC consulting team.
EPIC offers this material for general information only. EPIC does not intend this material to be, nor may any person receiving this information construe or rely on this material as, tax or legal advice. The matters addressed in this document and any related discussions or correspondence should be reviewed and discussed with legal counsel prior to acting or relying on these materials.
THE 2022 COMPLIANCE WEBINAR SERIES!
Sign up for our Compliance Matters Newsletter
With this subscription, you’ll receive our monthly Compliance Matters newsletter, as well as special Compliance Alerts and invitations to our Compliance Webinars.