ERISA Fiduciary Duties
We help plan sponsors understand and fulfill their obligations as ERISA fiduciaries — from prudent investment selection to claims appeals procedures and prohibited transaction exemptions.
Learn more →Self-Funded Health Plan Specialists
Compliance clarity
for self-funded plans
Navigate ERISA fiduciary duties, HIPAA privacy requirements, and ACA reporting obligations with expert guidance tailored to employer-sponsored health programs.
ERISA
Fiduciary Compliance
HIPAA
Privacy & Security
ACA
Reporting & Filing
What We Do
Comprehensive compliance advisory
From plan design to annual reporting, we guide self-funded employers through every regulatory obligation.
HIPAA Privacy & Security
Self-funded plans are covered entities under HIPAA. We conduct privacy assessments, draft Business Associate Agreements, and prepare employees who handle PHI for compliance.
Learn more →ACA Reporting
We prepare and file Forms 1095-B, 1095-C, and 1094-C with accuracy. We also handle Form 5500 filings, SPD distributions, and annual PCORI fee calculations.
Learn more →Transition from Fully Insured
Moving from a group insurance carrier to a self-funded model is complex. We map your compliance obligations, identify gaps, and create a transition roadmap that avoids costly pitfalls.
Learn more →ERISA Compliance
Fiduciary duties don't come with a manual
The Employee Retirement Income Security Act imposes strict duties on anyone who exercises discretionary authority over a health plan. Acting as a fiduciary without understanding those obligations creates personal liability for plan sponsors and HR executives alike.
We provide practical guidance — not just legal disclaimers — on what it means to act prudently, loyally, and solely in participants' interests.
Plan Document Requirements
Every self-funded plan must have a written plan document. We draft and maintain compliant plan documents, summary plan descriptions, and wrap documents.
Claims & Appeals Procedures
ERISA mandates specific timelines and participant rights for claims denials and appeals. We audit your TPA's procedures and ensure ACA-enhanced appeal rights are in place.
Vendor Contracts & Prohibited Transactions
ERISA Section 406 bans transactions between the plan and "parties in interest." We review TPA, stop-loss, and PBM contracts for prohibited transaction exposure and exemption compliance.
Form 5500 Annual Reporting
Self-funded plans with 100+ participants must file Form 5500 annually. We prepare the filing, Schedule A/J attachments, and ensure timely submission to the DOL.
Key ERISA Obligations
- 01Act solely in participants' and beneficiaries' interests
- 02Act prudently — with the care of a knowledgeable expert
- 03Diversify plan investments to minimize risk of large losses
- 04Follow plan documents (unless they violate ERISA)
- 05Avoid prohibited transactions with parties in interest
- 06Pay only reasonable plan expenses
- 07Provide required notices and disclosures on time
HIPAA Compliance
Self-funded plans are covered entities — are you ready?
Unlike fully insured plans where the insurer bears HIPAA responsibility, a self-funded plan is a covered entity under HIPAA. The employer — specifically the plan — must implement Privacy and Security Rules independently.
Many employers transitioning to self-funding are surprised to learn the insurer's BAA did not follow them. They now own the obligation.
Privacy Rule Compliance
Establish a Notice of Privacy Practices, designate a Privacy Officer, train workforce members, and implement policies governing use and disclosure of Protected Health Information (PHI).
Security Rule — ePHI Safeguards
Self-funded plans that receive electronic PHI from TPAs must implement administrative, physical, and technical safeguards. We conduct security risk analyses and gap remediation.
Business Associate Agreements
Every vendor handling PHI on behalf of the plan — TPAs, stop-loss carriers, PBMs, EAPs — requires a HIPAA-compliant BAA. We draft and maintain your BAA inventory.
Breach Response & Notification
A reportable breach triggers strict HHS and individual notification timelines. We prepare breach response plans and manage notification if an incident occurs.
HIPAA Covered Entity Checklist
Privacy Officer designated
Notice of Privacy Practices issued
Security Risk Analysis completed
BAA inventory up to date
Workforce training documented
Breach response plan in place
Most self-funded employers have gaps — we close them.
ACA Reporting
Forms 1095-B, 1095-C & 5500
ACA and ERISA reporting obligations are unforgiving. Late or inaccurate filings trigger IRS penalties that compound quickly.
Form 1095-B — Minimum Essential Coverage
Self-funded employers with fewer than 50 full-time employees (non-ALEs) use Form 1095-B to report minimum essential coverage provided to employees and their dependents. Self-insured ALEs report on Form 1095-C (Part III).
- Filing deadline February 28 (paper) / March 31 (electronic)
- Furnish to employees by January 31
- Penalty per incorrect return Up to $330 (2024)
- Annual maximum penalty $3,987,000 per entity
Who files 1095-B?
Self-funded employers with under 50 FTEs, health insurance issuers, and government-sponsored programs. ALEs with self-funded plans use the 1095-C instead.
Form 1095-C — Employer-Provided Health Insurance
Applicable Large Employers (ALEs — 50+ full-time equivalent employees) must file a 1095-C for every full-time employee. Self-insured ALEs also complete Part III to report coverage for enrolled individuals, combining both the employer mandate and MEC reporting into one form.
- ALE threshold 50+ FTEs in prior year
- Employer mandate penalty (4980H(a)) $2,970/FTE per year (2024)
- Employer mandate penalty (4980H(b)) $4,460/affected employee (2024)
- Incorrect return penalty Up to $330 per return
Safe harbor codes matter
Line 16 safe harbor codes on Form 1095-C can shield ALEs from employer mandate penalties. Incorrect codes — or missing codes — are a common and costly audit trigger.
Form 5500 — Annual Report to the DOL
ERISA requires self-funded health plans with 100 or more participants to file Form 5500 annually with the Department of Labor. Plans with fewer than 100 participants may qualify for the simplified Schedule J filing, though this is often overlooked.
- Filing deadline Last day of 7th month after plan year end
- Extension available 2.5 months with Form 5558
- DOL late filing penalty $250/day, up to $150,000
- IRS late filing penalty $250/day, up to $150,000
DFVC Program
Late filers can use the DOL's Delinquent Filer Voluntary Compliance program to avoid maximum penalties — but only if you act before the DOL contacts you first.
PCORI Fee — Patient-Centered Outcomes Research
Self-funded employers (not their TPAs) are required to pay the PCORI fee annually via IRS Form 720. The fee funds comparative effectiveness research. Unlike fully insured plans where the insurer pays, self-funded employers bear this obligation directly — and many miss it.
- 2024–2025 fee rate $3.22 per covered life
- Filing form IRS Form 720 (Part II)
- Due date July 31 following the plan year end
- Program expiration Plan years ending before Oct. 1, 2029
Common oversight
Many employers transitioning from fully insured plans forget the PCORI fee because their prior insurer handled it. It's small — but failure to file Form 720 still carries IRS penalties and interest.
Transition Guide
Common pitfalls when going self-funded
Transitioning from fully insured to self-funded is one of the most significant benefits decisions an employer makes. These are the mistakes we see most often — and help clients avoid.
01
Assuming the insurer's compliance transfers over
Fully insured plan sponsors lean on their carrier for HIPAA, ACA, and ERISA compliance. When you go self-funded, those obligations shift entirely to the employer-plan. Sponsors who don't reassign responsibility face immediate gaps.
02
Inadequate stop-loss policy structure
Stop-loss is not insurance in the traditional sense — it reimburses the plan, not participants. Specific and aggregate deductibles, run-in vs. run-out provisions, and laser exclusions must be structured carefully to avoid catastrophic exposure.
03
Missing or non-compliant plan documents
A self-funded plan must have a written plan document and a Summary Plan Description distributed to every participant. Without them, participants can't understand their rights and the employer has no legal basis for coverage decisions — opening the door to litigation.
04
Overlooking state insurance laws
ERISA preempts most state insurance mandates for self-funded plans — but not all. State continuation (mini-COBRA), prompt payment laws in certain contexts, and network adequacy requirements may still apply. Some states have no-fault provisions that catch self-funded employers off guard.
05
Cash flow mismanagement in the first year
Unlike premium payments, self-funded claim payments are unpredictable. Employers that don't establish a dedicated benefit trust account — or who rely on operating cash to pay claims — run into liquidity problems during high-utilization months.
06
Failing to vet the TPA thoroughly
The Third Party Administrator is the operational backbone of a self-funded plan. Weak claims adjudication, poor data reporting, and inadequate appeals handling can create enormous liability. TPA contracts must clearly define the employer's fiduciary role vs. the TPA's administrative role.
Transitioning soon or already self-funded with gaps?
Request a Compliance AssessmentSelf-Assessment Tool
ERISA Fiduciary Risk Assessment
10 questions across five compliance domains. Takes 3 minutes. Results reveal your fiduciary exposure and priority action items.
Client Perspectives
Trusted by plan sponsors across industries
"We transitioned to self-funding two years ago and had no idea HIPAA compliance was now our problem. The Compliance Plan identified six gaps in our first assessment and had us compliant within 60 days."
"The ACA reporting guidance alone was worth the engagement. We had been filing 1095-C codes incorrectly for two years. The Compliance Plan corrected the returns, filed amended forms, and helped us avoid a significant IRS inquiry."
"Our stop-loss carrier denied a $480,000 claim because of a policy language issue we missed at renewal. The Compliance Plan now reviews every stop-loss contract before we sign. We haven't had a dispute since."
Get Started
Request a compliance consultation
Whether you're evaluating a move to self-funding or need to close gaps in an existing program, we'll start with a focused conversation — no obligation.
Complimentary initial assessment call
Written summary of findings provided
Response within one business day
Confidential — information protected by engagement agreement
We advise on:
ERISA Fiduciary
HIPAA Privacy
HIPAA Security
ACA Reporting
Form 5500
Form 1095-C
Stop-Loss Review
TPA Contracting
Plan Documents
SPD Compliance
Wrap Documents
PCORI Fee
Request received
Thank you — we'll be in touch within one business day to schedule your consultation.