Buck Bond Group
Navigating Telehealth Benefits Compliance Issues

Navigating Telehealth Benefits Compliance Issues

by and Tags: ,

Volume 42 | Issue 21

Download this FYI In-Depth as a printable PDF

Most large employers currently offer some form of telehealth benefits, and for good reason – these services can be useful to participants and employers alike as a convenient and cost-effective resource. Employers should be aware, however, that offering telehealth benefits may have implications under federal laws, including ERISA, COBRA, the ACA, Code rules governing health savings accounts, HIPAA privacy and security, and mental health parity laws. Here, we highlight specific compliance issues for telehealth programs under these federal laws, and also discuss common themes in state-based regulation of these programs.


While there is no single definition of telehealth, the Department of Health and Human Services (HHS), describes it as the “use of electronic information and telecommunications technologies to support and promote long-distance clinical healthcare, patient and professional health-related education, public health and health administration.” Telehealth can come in many different forms, including video conferencing, email, remote patient monitoring, and store-and-forward practices (making medical records and data available across long distances). It can serve different purposes, such as taking the place of an in-person office visit, monitoring vitals of a patient with an ongoing or chronic condition, and/or determining the need for a specialist referral.

Telehealth can benefit participants and employers alike as a convenient and cost-saving resource. By now, many employers have either implemented, or at least considered implementing, some form of telehealth as part of their benefit offerings — and utilization of telehealth services is on the rise.

Telemedicine versus telehealth
“Telemedicine” generally refers to clinical services whereas “telehealth” can encompass a broader range of healthcare that may not involve clinical services.

The Federal Landscape

The following is an overview of the federal laws governing telehealth benefits and the particular compliance concerns under those laws.


ERISA generally applies to employee welfare benefit plans. For purposes of ERISA, a “group health plan” is an employee welfare benefit plan “to the extent that the plan provides medical care…to employees or their dependents…directly or indirectly through insurance, reimbursement or otherwise”. “Medical care” is defined, in part, as “amounts paid for the diagnosis, cure, mitigation, treatment or prevention of disease, or amounts paid for the purpose of affecting any structure or function of the body.”

Telehealth services almost always qualify as medical care. Where an employer includes telehealth benefits as part of its existing group health plan, it does not have to satisfy any additional ERISA compliance requirements. However, if telehealth benefits are available to employees not enrolled in the medical plan, the employer will have to ensure that the benefit is either: (1) reflected in the Form 5500 and the plan document (if offered as part of the same employee welfare benefit plan) or (2) that a separate 5500 filing is made and a separate plan document is maintained for that benefit (if the benefit is offered under a separate ERISA plan). In addition, the employer will have to comply with ERISA’s disclosure requirements by providing employees eligible for telehealth benefits with summary plan descriptions (SPDs), etc.

Information on disclosure requirements
For more information about ERISA, COBRA, and ACA disclosure requirements, and the penalties for failing to adhere to them, please see our ERISA plan Reporting and Disclosure Guide.



COBRA also applies to group health plans, which are programs maintained by an employer to provide healthcare to individuals who have an employment-related connection to the employer and their families. “Healthcare,” for COBRA purposes, has basically the same definition as “medical care” does under ERISA. Thus, most telehealth benefits will be subject to COBRA.

If a telehealth benefit is only available to individuals enrolled in the employer’s medical plan, COBRA obligations generally can be addressed as part of the COBRA administration of the medical plan as a whole — the benefit can be included in the initial COBRA rights notice and bundled as part of the COBRA election for medical plan coverage. Where the benefit is available to a broader group of individuals and not limited to medical plan participants, or if the employer decides to treat the benefit as a separate group health plan, separate COBRA administration will be required. Failing to provide COBRA notices can result in Code excise taxes (generally, $100 per day per affected person) as well as ERISA penalties (generally, $110 per day per affected person). Additionally, an employee or beneficiary who brings a successful COBRA claim can recover medical expenses and attorneys’ fees.

ACA Market Mandates

If a telehealth benefit is offered outside of the group health plan, it generally will be considered a separate group health plan subject to the ACA’s group health plan mandates. These include required coverage of adult children up to age 26, prohibitions on lifetime and annual dollar limits for essential health benefits, the summary of benefits and coverage (SBC), and required coverage of specified preventative health services without cost sharing. Significant excise taxes apply under the Code and the Public Health Service Act (for non-federal governmental plans) to an employer that fails to comply with these mandates (generally $100 per day per individual per violation).

A telehealth program that qualifies as an “excepted benefit” is not subject to the ACA’s market mandates. Excepted benefits are benefits considered limited or ancillary to comprehensive group health coverage. For example, a standalone EAP telehealth benefit — or one that provides counselors online or by phone — would only be exempt from the ACA’s market mandates if it does not provide significant benefits in the nature of medical care and satisfies other conditions. (See our October 8, 2014 For Your Information to learn more about the treatment of EAPs as excepted benefits.)

Excepted benefit EAPs

An EAP can be an excepted benefit only if:

  • It does not provide significant benefits in the nature of medical care when taking in to account the amount, scope, and duration of covered services
  • Is not coordinated with another group health plan.
  • Is provided to participants at no cost.
  • Does not impose cost-sharing.

Telehealth Benefits and Health Savings Accounts (HSAs)

Section 223 of the Code provides that to be eligible to establish an HSA or to have contributions made to an HSA, an individual must be enrolled in a high deductible health plan (HDHP) and not have any “disqualifying coverage” — which includes most coverage that provides a medical benefit before the participant meets the statutory deductible applicable to HDHPs for a particular year. Certain benefits may be provided before the deductible is satisfied without being disqualifying — these include benefits for preventive care and excepted benefits such as limited scope dental and vision benefits and EAPs that do not provide significant benefits in the nature of medical care.

Unless a telehealth program is limited to these permissible benefits (and most are not), an employer must ensure that telehealth benefits are provided in a way that maintains their employees’ HSA eligibility. This generally means requiring participants to pay the fair market value of the telehealth services until they meet their deductible; the plan will pay a benefit only after the deductible is satisfied.

Buck comment. Will offering participants telehealth services at a negotiated rate lower than the rate offered to individuals paying for the same services outside of a group health plan affect HSA eligibility? No. The IRS has stated that an HDHP may make healthcare services available to covered individuals at discounted rates before they satisfy the deductible without affecting HSA eligibility. The key factor is that the individual, and not the plan, pays the costs of the healthcare (taking into account the discount) until the HDHP deductible is satisfied.

HIPAA Privacy and Security Rules

A telehealth program is generally subject to HIPAA’s privacy and security rules, just as an in-person provider visit under a group health plan would be. The HIPAA privacy rule governs the use of protected health information (PHI) and the security rule sets forth standards for storing and transferring electronic PHI.

Telehealth services should be integrated into the group health plan’s HIPAA privacy and security processes. Particular PHI concerns in the telehealth context include the need for fully encrypted data transmissions, peer-to-peer secure network connections, and a prohibition on storage of video.

Mental Health Parity

The Mental Health Parity and Addiction Equity Act of 2008 (MHPAEA) generally prohibits group health plans that provide mental health or substance use disorder (MH/SUD) benefits from imposing less favorable conditions or more stringent limits on those benefits than they do on the same classification of medical and surgical (M/S) benefits. To learn about these classifications, please see our January 14, 2014 For Your Information. MHPAEA requires parity in financial requirements (e.g., deductibles or copayments), quantitative treatment limitations (e.g., number of covered visits) and in nonquantitative treatment limitations (NQTLs). NQTLs are non-numerical limits on the scope or duration of benefits, such as a pre-authorization requirement or a medical management technique. MHPAEA does not require a plan to cover any specific MH/SUD conditions; rather, it provides that if a plan does cover a MH/SUD condition, it must do so in parity with medical/surgical benefits. For a discussion of MHPAEA and NQTLs, see our May 14, 2018 For Your Information.

Telehealth services would likely be considered to fall in the “outpatient service” classification for purposes of MHPAEA. Thus, depending on its terms, a group health plan that covers telehealth services for M/S conditions on an in-patient or outpatient basis may also have to cover telehealth services for MH/SUD conditions on the same basis in order to comply with MHPAEA.

Buck Comment. In considering MHPAEA compliance for telehealth benefits, employers should be aware that some telehealth vendors provide MH/SUD services as an offering separate from M/S services. Because the obligation to comply with MHPAEA falls on group health plans, employers should not assume that a vendor’s standard offering includes MH/SUD services — but rather ask specifically about this aspect of telehealth benefits.

Additionally, employers that offer telehealth benefits should ensure that cost-sharing associated with these services does not cause problems in complying with parity requirements — both in terms of the type (co-payment versus coinsurance) and dollar amount. For example, there may be parity issues if a plan charges a copay for telehealth benefits that include MH/SUD services but uses a coinsurance model for non-telehealth benefits in the same classification, or if a plan charges a higher co-pay for telehealth benefits that include MH/SUD services than it does for non-telehealth benefits in the same classification.

Integration with Existing Group Health Plan

As discussed above, a key decision for employers that want to offer a telehealth benefit is whether to integrate the program into an existing group health plan. Doing so streamlines compliance, as a telehealth program integrated into the group health plan does not need to separately meet ERISA documentation and filing requirements or the ACA’s group health plan market reforms. Additionally, the group health plan’s COBRA administration can incorporate the telehealth program.

Alternatively, offering a stand-alone telehealth program can benefit a larger group of employees — such as those who decline or are ineligible for coverage under the employer’s medical plan. But, as previously outlined, the program might have to separately satisfy ERISA and COBRA requirements. The program does not need to comply with the ACA’s market mandates if it is designed not to provide significant medical care benefits — but of course that limits the scope of the benefit and its value to participants and beneficiaries.

Plan sponsors must balance any advantages of offering the program as a stand-alone benefit against the compliance burdens and risks associated with doing so.

State-Based Regulation of Telehealth Services

In addition to navigating federal compliance issues, employers that offer telehealth programs need to be aware that differing — and evolving — state laws also affect these benefits. The types of state laws relevant to telehealth services provided through both insured and self-funded group health plans include:

  • Licensing requirements. Physicians and other providers must be licensed or otherwise permitted in a given state to deliver telehealth services to patients in that state. These laws can complicate the administration of telehealth benefits to plan participants residing in certain states, although interstate agreements are increasingly mitigating these issues.
  • Regulation of scope of services. Some states regulate the types of virtual interactions that providers can have with patients. For example, a state may not permit a physician-patient relationship to begin with an audio visit, but instead require that the first encounter be an in person visit.
  • Informed consent requirements. Some states require that patients provide informed consent (i.e., consent after receiving an explanation of telehealth and any risks associated with using it) before a provider can render telehealth services.
  • Restrictions on online prescribing. Some states restrict the types of prescriptions that providers can write based on a telehealth appointment.

States continue to pursue their own telehealth policies in light of advancing technologies, and new state-based authority is enacted every year.

Telehealth Vendors
Many employers contract with telehealth vendors to provide these benefits rather than set up their own telehealth programs. While employers must monitor these service providers’ compliance, it is typically the vendors, rather than employers, that directly address state-based telehealth requirements.

In Closing

An employer that is considering adding or changing an existing telehealth benefit should be aware of various compliance issues in setting up and maintaining these offerings.