The scope and extent of federal regulation that affects private health coverage has vastly increased, especially with the passage of the Affordable Care Act (ACA) in 2010. As stated earlier, the ACA largely retained the framework for the regulation of private coverage, adding a long list of new provisions to different regulated pieces of our fragmented health care system. This means specific and overlapping requirements on insurers, employer-sponsored plans, and, more recently, in the No Surprises Act, also on providers.
The ACA also unleashed a firestorm of activity resulting from longstanding political and philosophical differences on the role of federal government regulation of health care. Efforts to repeal and replace the ACA, several U.S. Supreme Court cases challenging ACA provisions, and hundreds of other cases in the lower courts on the ACA and other federal requirements mean the law in this area has and will continue to be in flux.
Regulatory priorities can and have shifted depending on what party controls the White House and Congress, resulting in ever-changing federal standards. This section reviews the current landscape of federal requirements. A discussion of every single relevant federal regulation is beyond the scope of this chapter, but the major requirements have been divided into six categories:
- Access to health coverage
- Affordability of health coverage
- Benefit design and adequacy
- Reporting and disclosure of information concerning coverage
- Review and appeal of health claims
- Other federal standards
1. Access to Coverage
Federal health care reform has prioritized expanding health coverage to those without it for quite some time, especially for those not eligible for a public program such as Medicaid or Medicare, or who do not have coverage through their current employer. Prior to the passage of the Affordable Care Act in 2010, state laws and regulations were designed to address the potential for adverse selection in health insurance by allowing insurers to engage in certain practices such as “underwriting,” which allowed insurers in the individual and group markets to decline to cover or renew coverage due to a person’s health status or a group’s claims history, and helped plans maintain predictable and stable risk pools. Further, an insurer could cover the applicant, but charge a higher premium based on age, health status, gender, occupation, or geographic location. In addition, insurers could exclude benefits for certain health conditions if the person was diagnosed or treated for that condition prior to becoming insured (a “preexisting condition exclusion”).
States made some reforms, particularly in the small group market, to address these barriers to coverage. Some of these changes became part of the federal Health Insurance Portability and Accountability Act (HIPAA) of 1996. However, it was not until the ACA that the regulation of private insurance, at least the individual and small group markets, was fundamentally changed.
Core Private Insurance Coverage Protections. The ACA established core market rules designed to expand coverage to most people in the U.S. New ACA legal requirements include:
Requirements for premium stabilization & other efforts to protect the risk pool. The ACA’s private insurance market regulations also ushered in concerns that its protections, including guaranteed issue and the elimination of health underwriting for some coverage, would result in adverse selection (discussed in the first section). Regulatory efforts to prevent adverse selection have also focused on certain plans and products that do not have to meet most of the ACA rules, such as short-term limited-duration plans. Non-ACA-compliant coverage may be attractive to consumers looking for lower monthly costs, but these plans can leave consumers underinsured and may compromise the risk pool by drawing out healthier individuals.
Federal guidance and regulation aimed at protecting the risk pool as part of the ACA include:
Standards to prevent coverage gaps. Access to coverage is also enhanced by federal requirements to provide for the continuity of coverage or care to prevent gaps for those who do or could lose coverage, including:
2. Financial Protection and Affordability
High costs, in the form of both premiums and cost sharing, have been a defining feature of employer-sponsored and individually-purchased (for unsubsidized enrollees) health coverage. Federal reforms have sought to address the stability and affordability of health insurance. Key provisions include:
3. Benefit Design and Adequacy
Federal requirements also include a growing list of minimum standards for how a plan is designed or operated in an effort to ensure that enrollees have coverage that is comprehensive enough to cover medically necessary care, with processes that do not unnecessarily limit access to covered benefits. Such requirements include laws that prohibit plans from imposing annual dollar limits on coverage, requiring waiting periods longer than 90 days before employer-sponsored coverage kicks in. States may have additional benefit mandates for state-regulated plans, such as comprehensive coverage requirements for state-regulated plans, such as comprehensive coverage requirements for mental health or substance use disorders or fertility services.
Required coverage
The ACA requires all private, non-grandfathered health plans to cover preventive services with no cost sharing for enrollees. These requirements change over time as preventive service recommendations are updated and new services are added. In general, these include:
The preventive care coverage requirement has been the subject of extensive litigation since the ACA was passed. A KFF brief provides more detail on this litigation. The contraceptive coverage requirement has been the topic of two U.S. Supreme Court cases and several regulations, now allowing employers to not cover contraception if they have a religious objection.
Other required design standards across most health plans
Large group, small group, individual, and self-insured health plans are required to abide by other benefit design standards that aim to contain out-of-pocket costs and improve access to and quality of care. These design standards include:
Design standards limited to individual and small group plans. Federal requirements on health plan design standards for certain segments of the individual and small-group markets have evolved since the ACA was passed. Plans must meet these rules as part of annual certification requirements for qualified health plans. Examples of these standards include:
4. Disclosure, Reporting and Transparency
In the 2023 KFF Consumer Survey of insured adults, most Marketplace and employer-sponsored insurance (ESI) enrollees reported difficulty understanding some aspect of their health insurance compared to consumers enrolled in Medicaid and Medicare:
Lack of information or understanding about key features of an individual’s health coverage can put patients at financial risk and result in negative health outcomes. Employers and other health purchasers have also struggled to get the information they need to make prudent decisions about cost-effective coverage options and hold their service providers accountable for their plan designs, contracting, and administration activities. Regulations have increased over time to make more information available to enrollees or prospective enrollees, as well as to federal agencies to conduct their oversight responsibilities. What to disclose and how much information is useful is a continuing policy challenge.
Most federal disclosure, reporting, and transparency requirements fall into two categories: Disclosure of information to enrollees and/or the public (Table 9) and reporting to the federal government (Table 10). Note that the requirements provided in these tables are not exhaustive, but include examples of some of the main reporting, disclosure, and transparency requirements that plans, providers, and facilities are subject to.
Ongoing reporting by private plans to federal agencies is a tool for agency oversight to assess compliance with regulations and evaluate trends. In some instances, agencies are required to use this information to report aggregate information to the public and Congress.
5. Claims and Appeals Processes
Access to a fair system of review for consumer grievances about plan actions and claims denials has been a key element of federal consumer protection.
A 1997 Clinton Administration initiative, the Patient Bill of Rights, resulted in several federal agencies taking regulatory actions to enhance consumer protections for patients and workers. As part of this initiative, the DOL updated claims and appeals rules that applied to private-sector employer plans regulated by ERISA to make the claims review process:
- Faster (shortened timeframe for plans to make a decision on claims and appeals)
- Fairer (ensure plan decision makers were free of conflicts of interest)
- Fuller (more transparent through the disclosure of more information to consumers –including language access standards--about the reason for a claim denial).
The DOL issued regulations in 2000 governing the “internal” claims review process, conducted internally by a plan or plan-sponsor employer. For the first time, these updated rules accounted for managed care features such as prior authorization, whereby health plans determine medical necessity before the plan covers an item or service, requiring, for example, shorter time frames for claim decisions and appeals for these “pre-service” claims.
These rules were the basis for reforms applied across all private health coverage in the ACA. These reforms provided a federal floor of protections for the internal claims and appeal process and added an option for consumers to appeal a denied claim and an appeal process for review by an entity independent of the plan in a process called “external review.” Only certain types of claims, such as those that involve clinical judgment, are eligible for external review.
Policymakers have renewed scrutiny of the prior authorization process as well as claims review and appeals generally. Claims and appeals standards that apply to Medicare Advantage plans, Medicaid, and some Marketplace plans have recently been updated to reduce delays in decision making and to provide more transparency about the outcomes of claims and appeals decisions.
6. Other Federal Standards
Several other federal laws and regulations provide consumer protections in private health insurance, often indirectly, that sometimes have stronger enforcement mechanisms and penalties than federal insurance laws. These include:
Civil Rights Law. The Civil Rights Act of 1964 (and later amendments to it, including the Pregnancy Nondiscrimination Act) and the Americans with Disabilities Act of 1990 created protections against discrimination based on race, color, national origin, sex, age, and disability. At a minimum, these standards apply to employers with 15 or more employees, and, in effect, regulate those employers’ group health plan coverage.
Section 1557 of the ACA included a nondiscrimination provision that potentially applies many existing civil rights laws directly to health care entities, including insurers that receive federal funds. The extent of its reach has been the subject of several sets of regulations, with the latest iteration under the Biden Administration finalized in 2024. The rule reinstates protections against discrimination for LGBTQ+ people seeking health care and coverage, including for gender-affirming care.
Antitrust Laws. Antitrust laws in health care prohibit anticompetitive practices and mergers by health care providers, hospitals, and insurers, which can reduce competition and increase prices. As provider consolidation increases, federal agencies such as the DOJ and the Federal Trade Commission (FTC) have ramped up enforcement initiatives in recent years, as outlined in a KFF brief. Health insurers have also faced antitrust scrutiny as the market shares of the largest health insurers continue to dominate in most locations. Oversight of pharmacy benefit managers, now mostly owned or affiliated with the leading health insurers, is one area of focus.
Privacy Laws. As digital technology has advanced, so have policy concerns about protecting consumer health information, as the fast development of new technology (e.g. health-related apps) has made it difficult for regulation to keep up. The leading federal privacy requirements for health plans’ use of certain patient information, set out in HIPAA regulations, are now almost 25 years old. Efforts to update this regulation are underway, including specific standards for information regarding abortion after the Supreme Court invalided the constitutional right to abortion in 2022. In addition, the Federal Trade Commission has sought to regulate areas not covered directly by HIPAA, such as software applications increasingly marketed as part of health coverage.
Special privacy protections for substance use disorder information are regulated under a law known as “Part 2.” This law aims to protect the confidentiality of this information while still allowing providers to share patients’ mental health and substance use disorder information with plans and others to coordinate care and administer benefits.
Gag Clauses. Plans and issuers are prohibited from entering into an agreement with a provider, third-party administrator, or other service provider (including pharmacy benefit managers) that restricts the plan and issuer from accessing claim, cost, or quality information on providers, enrollees, plan sponsors, and other entities, known as a “gag clause.” Plans and issuers must annually submit an attestation of compliance with these requirements to the federal government.