As discussed in our recent article, the Consolidated Appropriations Act of 2021 (the “CAA”) levels the playing field between pharmacy benefit managers (“PBMs”) and their employee healthcare benefit plan clients (“Plans”) by creating new transparency and compensation requirements for PBMs. The CAA established new opportunities for Plans by providing resources to uncover hidden PBM cash flow. Alongside the new tools at Plans’ disposal, the CAA has also created additional responsibilities to which Plans and their fiduciaries must adhere. Failure to comply with these new obligations exposes both the Plan and its fiduciaries to potential liability.
Reporting Obligations
Under the CAA, Plans must submit considerable amounts of data to the United States Department of Treasury, Department of Labor, and Department of Health and Human Services (collectively, the “Departments”) on an annual basis. Reports must be submitted by June 1 of the year immediately following the “reference year;” meaning data reports for the year 2022 are due June 1, 2023. While the onus is on Plans to submit the annual reports, Plans often do not have access to the data they are required to report—particularly the data on prescription drug spend and rebates. As such, the CAA allows Plan service providers and vendors, such as third-party administrators (“TPAs”) and PBMs, to submit the required data on their behalf. In fact, the Departments expect PBMs and TPAs to be the entities predominantly submitting the required reports. However, it is ultimately the Plan that remains liable for ensuring the data is reported and reported accurately.
Consequently, Plans should have already confirmed with their PBMs and TPAs that reports for reference years 2020 and 2021 were properly submitted by the extended deadline of January 31, 2023. Moving forward, Plans need to negotiate terms into their agreements with PBMs or other vendors obligating these service providers to submit the annual reports in a timely and accurate manner. Failure to take these proactive measures only exposes the Plan to sanctions, as PBMs and TPAs are not subject to any liability for reporting errors under the CAA.
Fiduciary Duties and Auditing
Amongst the sweeping changes introduced through the CAA, the most impactful are the disclosure and reasonable compensation requirements discussed in our recent article, “CAA Alters Landscape for Self-Funded Plans and Creates Opportunities”. These requirements obligate service providers like PBMs to disclose all sources of direct and indirect compensation they or any of their affiliates or subcontractors will receive in connection with providing services to the Plan. Further, the CAA prevents Plan fiduciaries from entering into agreements with service providers unless the service provider’s compensation is reasonable. While the mandatory disclosures of compensation required under the Employee Retirement Income Security Act of 1974 (“ERISA”) provide a valuable tool to Plans, Plan fiduciaries cannot simply rely on these disclosures to ensure their arrangements with PBMs are reasonable and compliant with ERISA as amended by the CAA. Rather, Plan fiduciaries must routinely monitor PBMs to ensure they only receive compensation as disclosed—a task that can only be completed through regular PBM audits.
In fact, a failure to routinely audit PBMs to confirm the reasonableness of PBM arrangements may expose Plan fiduciaries to potential liability for breaches of fiduciary duties. Under ERISA, Plan fiduciaries are obligated to discharge their duties solely in the interest of Plan participants and for the exclusive purpose of defraying reasonable expenses of administering the Plan.[1] As such, Plan fiduciaries are obligated to regularly monitor service providers like PBMs to confirm the expenses connected to the PBMs’ services are reasonable. Plan fiduciaries which fail to uncover egregious PBM practices like spread pricing and rebate manipulation can potentially be held liable for breaches of co-fiduciary duties. Indeed, ERISA creates liability for a Plan fiduciary that fails to comply with their own fiduciary obligation (e.g., monitoring/auditing service providers like PBMs) and, as a result, enables another fiduciary to commit a breach.[2] Therefore, since ERISA now requires PBMs to expressly state they are providing services to the Plan as a fiduciary, if a Plan fiduciary’s failure to effectively audit a PBM enables the PBM to retain hidden cash flows at the expense of the Plan, the Plan fiduciary could potentially be held liable for breach of co-fiduciary duties. Consequently, while the mandatory disclosures under ERISA are a great starting point for Plan fiduciaries, Plan fiduciaries must nonetheless audit PBMs regularly to ensure the Plan is receiving the benefit of its bargain.
How Frier Levitt Can Help
Frier Levitt’s Plan Sponsor Practice Group has a proven track record of obtaining favorable results for health plans and plan sponsors in various areas, including review and analysis of PBM contracts, negotiation and drafting of PBM contracts, auditing (and where necessary, litigation against) PBMs to verify that they are abiding by the terms set forth in the PBM contracts, and demanding access to Plan data to uncover hidden cash flows retained by PBMs. If you are a health plan or plan sponsor organization, contact us to learn more about your contractual rights and obligations under the CAA.
[1] See 29 U.S.C. § 1104(a)(1) (emphasis added).
[2] See 29 U.S.C. § 1105(a).
