Speak to an Advisor: 800.727.4114
phone location_on
Blog

Top Health Plan Compliance Issues for 2026

Posted: in Compliance , Healthcare


Employers should pay close attention to the key compliance issues that could affect how health plans are designed and administered in 2026.

For example, beginning in 2026, many employers subject to reporting under the ACA will first take advantage of the simplified method for providing individual statements. Beyond that, several expected developments deserve monitoring, including possible updates to federal mental health parity rules and related enforcement measures. Overall, the compliance landscape is marked by uncertainty, due to new regulatory priorities under the Trump administration, ongoing benefits-related litigation, and changes in federal staffing. This year, federal agencies are balancing the rollout of the OBBBA with President Donald Trump’s broader directives, including efforts to increase health care transparency. However, the pace and scope of regulatory activity may be constrained by federal budgetary limitations and staffing challenges.

As employers consider the following key health plan compliance issues for 2026, they should evaluate how these developments could influence the structure and management of their health benefits going forward.

Simplified ACA Reporting

At the end of 2024, Congress passed legislation that eased ACA reporting requirements for employers. The ACA requires applicable large employers (ALEs) and non-ALEs with self-insured health plans to provide information to the IRS about the health plan coverage they offer (or do not offer) to their employees while providing related statements to individuals. Yet, with the new legislation, employers that take certain steps no longer need to automatically distribute these individual statements, unless an individual specifically requests one. In late February 2025, the IRS released guidance on this relief, leaving employers only a brief period to apply the change for statements due in March 2025. Because of the limited time frame, many employers are expected to begin using this relief starting in 2026.

For this relief to apply in 2026, an employer must post a clear and conspicuous notice on its website by March 2, 2026, stating that employees may receive a copy of their statement upon request. The notice must include an email address, a physical address to which a request may be sent and a telephone number to contact the employer. This website notice must remain posted through Oct. 15, 2026. In general, employers must fulfill requests within 30 days of receiving them.

Crossroads for Mental Health Parity Rules

In May 2025, federal agencies announced they would not enforce a 2024 final rule that expanded parity requirements for mental health and substance use dis-order (MH/SUD) benefits. This decision stems from a lawsuit filed by an employer trade group challenging the rule’s validity. The case has been put on hold while the Trump administration reviews the rule and considers whether to revise or repeal it. Many of the final rule’s provisions were originally set to take effect in 2026. At the same time, the Trump administration is taking a broader look at its overall approach to enforcing mental health parity.

The Mental Health Parity and Addiction Equity Act (MHPAEA) requires parity between a group health plan’s medical/surgical (M/S) benefits and MH/SUD benefits. Notably, MHPAEA requires health plans and health insurance issuers to conduct comparative analyses of nonquantitative treatment limitations (NQTLs), which include a variety of strategies that generally limit the scope or duration of benefits, such as prior authorization requirements. The 2024 final rule primarily focused on stricter parity requirements for NQTLs. Under the final rule, health plans and issuers would be required to collect and review outcomes data and take reasonable steps to fix any significant differences in access between MH/SUD and M/S benefits. They would also need to make sure their comparative analyses of NQTLs include specific, detailed elements to show compliance.

Due to the non-enforcement policy, employer-sponsored health plans are not required to comply with the 2024 final rule. However, employers should make sure their health plans continue to comply with MHPAEA’s statutory requirements, including the comparative analysis requirement for NQTLs. Employers should reach out to the health plan’s issuer or third-party administrator (TPA) to confirm that comparative analyses of NQTLs will be updated, if necessary, for the plan year beginning in 2026. Employers should also stay alert for any changes to the 2024 final rule. While the U.S. Department of Labor has made MHPAEA compliance a top enforcement priority in recent years, shifting priorities and limited resources could change that focus going forward.

Ongoing Health Plan Litigation

Alongside monitoring legislative and regulatory developments in 2026, employers should also keep an eye on litigation involving several important health plan compliance issues. While a recent U.S. Supreme Court ruling limited the ability of federal courts to issue nationwide injunctions of government policies, federal courts still have the authority to block regulatory actions that are unlawful, arbitrary or beyond an agency’s authority. In addition, a Supreme Court ruling from 2023 ended the long-standing deference given to federal agencies’ interpretations of the law, making it more likely that federal rulemaking will be successfully challenged in the courts.

In 2026, ALEs should keep an eye on a case now before the U.S. Court of Appeals for the 5th Circuit that could affect how “pay-or-play” penalties under the ACA are assessed. In April 2025, a federal district court in Texas ruled that the IRS cannot assess these penalties unless the U.S. Department of Health and Human Services (HHS) first issues a certification to the employer. Currently, the IRS relies on Letter 226-J to notify employers of potential liability without any prior certification from HHS. The 5th Circuit’s upcoming decision may impact how pay-or-play penalties are enforced going forward.

Employers should also be aware of the growing number of fiduciary lawsuits tied to health plans. Most private-sector employers must follow the fiduciary duty standards set by the Employee Retirement Income Security Act (ERISA) when managing their employee benefit plans. These standards require fiduciaries to prudently select and monitor plan service providers.

Recent litigation has underscored how important it is for employers to meet these obligations when man-aging group health plans. Although many of these cases are focused on prescription drug benefits and the selection of pharmacy benefit managers (PBMs), the same fiduciary responsibilities apply to all plan ser-vice providers. As 2026 approaches, employers should review their fiduciary compliance to limit potential liability, including documenting the process for selecting and monitoring health plan service providers.

In addition, employers should be aware of a recent surge of class-action lawsuits involving health plan premium surcharges related to tobacco use. When a health plan imposes a surcharge (or provides a reward) based on a health-related standard (such as not using tobacco or meeting an exercise goal), it must comply with HIPAA’s nondiscrimination requirements. These lawsuits generally allege that health plans failed to meet these requirements by not offering a reasonable alternative standard to avoid the surcharge, by only applying the premium reduction on a prospective basis after completing the alternative standard, and by not describing the availability of the alternative standard in all plan materials. With this heightened scrutiny, employers preparing for the 2026 plan year should make sure any surcharge or reward tied to a health-related standard is offered through a wellness program that fully meets HIPAA’s nondiscrimination requirements, including clear communication to participants about the availability of a reasonable alternative standard.

Health Care Transparency

The Trump administration is expected to continue focusing on health care transparency in 2026. Early into his second term, President Trump released an executive order highlighting transparency as a key part of efforts to improve Americans’ health and provide consumers with more meaningful price information. The order directed federal agencies to take specific steps to advance transparency, such as making price information more easily comparable and strengthening enforcement policies.

For 2026, employers should review their compliance with applicable health plan transparency requirements. Most employers depend on their issuers, TPAs or other service providers to handle these obligations because they do not have the information needed for transparency disclosures. To stay compliant, employers should confirm that written agreements with issuers, TPAs or other service providers clearly spell out responsibility for compliance. They should also monitor those service providers to confirm their plans’ compliance with applicable legal requirements. For added protection, cautious employers may want to request regular reporting from service providers to verify transparency compliance.

Employers should also stay alert to regulatory and legislative developments that could impact health plan transparency. Federal agencies may, for instance, release guidance on machine-readable files for covered prescription drugs and set a deadline for making those files publicly accessible. It is also possible that federal lawmakers will advance proposals that include PBM reforms. For years, PBMs have faced criticism for limited transparency, yet they remain subject to minimal federal oversight. Lawmakers from both parties have expressed support for PBM reforms, including requiring PBMs to share details on compensation, drug spending and rebate practices with plan fiduciaries. In the absence of strong federal oversight, states have passed their own laws to regulate PBMs and increase transparency, though ongoing litigation has created some uncertainty regarding the enforceability of these state laws.

HIPAA Privacy and Cybersecurity

Employers with self-insured health plans, as well as those with fully insured health plans that have access to protected health information (PHI), may need to update their administrative policies and privacy notices in light of recent HIPAA developments. In June 2025, a federal district court in Texas invalidated a final rule that had expanded HIPAA’s privacy protections for reproductive health care. That rule barred health plans and other regulated entities from using or disclosing PHI related to lawful reproductive health care in certain situations. The court’s decision eliminated these protections nationwide, and the Trump administration chose not to appeal, effectively ending HIPAA’s special privacy safeguards for reproductive health care for now. While HIPAA’s general privacy protections remain in place, employers should review their HIPAA policies and privacy notices and remove any provisions tied to reproductive health care protections.

In addition, employers that maintain HIPAA privacy notices for their health plans should update them for special privacy protections for patient records regarding substance use disorder treatment provided by a federally assisted treatment program (that is, a “Part 2 program”). The deadline for updating privacy notices for the additional privacy protections for Part 2 program records is Feb. 16, 2026. Employers with self-insured health plans should also distribute their updated privacy notices by this deadline. Note that while self-insured health plans must maintain and provide their own privacy notices, fully insured health plans are not required to maintain or provide privacy notices unless the plan sponsor has access to PHI. In that case, fully insured health plans that have access to PHI must maintain a privacy notice and provide it upon request. It is unclear if HHS will update its model notices to incorporate the new requirements before the compliance deadline.

Employers that handle PHI should also monitor developments related to HIPAA cybersecurity. In early 2025, at the end of the Biden administration, HHS proposed significant updates to the HIPAA Security Rule to strengthen cybersecurity protections for electronic PHI (ePHI). According to HHS, the proposed rule would modernize existing standards to better respond to the growing cybersecurity threats facing the health care industry. It remains uncertain whether the Trump administration will finalize these changes in 2026, although cybersecurity generally has bipartisan support. Employers with self-insured health plans and those with fully insured health plans that have access to ePHI should monitor developments and be pre-pared to improve safeguards for ePHI if the changes are finalized.

In 2026, employers face a compliance landscape marked by both change and uncertainty. Simplified ACA reporting requirements will ease some administrative burdens, yet potential revisions to federal mental health parity rules and enforcement remain important to watch. Shifts in regulatory priorities under the Trump administration, ongoing benefits related litigation, and federal budget and staffing changes add further unpredictability. For employers, staying informed and adaptable will be essential to navigating health plan compliance in the year ahead.

Contact SSG for assistance regarding your health plan.

Previous Icon Prev
See All News See All News Icon
Next Next Icon
Employee Benefits
Health Benefits Consulting Market Management Plan Administration HR Advocacy Workplace Wellness
Explore
Company Blog Webinars Careers
Resources
Compliance Support Insurance Providers
Connect
Contact Us
We know you’re busy, but you still need to be informed.
No spam, just straight-forward, valuable benefits related content and important compliance updates.
Subscribe