Penalties for Benefits Noncompliance

June 7, 2022
Penalties for Benefits Noncompliance
Inflation is not only fueling price increases; it's also requiring employers to pay more in penalties for not complying with benefits laws under the Employee Retirement and Income Security Act of 1974 (ERISA). The U.S. Department of Health & Human Services (HHS) announced increases in penalties for noncompliance with benefits laws involving:
  • Privacy
  • Security
  • Notification rules
HHS's penalties increase annually under the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015. Year-over-year inflation adjustments that affect penalties for benefits non-compliance are based on the Consumer Price Index for All Urban Consumers (CPI–U). The adjustments became effective for fines levied on or after March 17, 2022, for any violations that occurred on or after November 2, 2015.

History of benefits compliance

Employers have been offering employee benefits since the late 1800s. The American Express railroad company set up the first retirement plan in 1875. And the Granite Cutters Union is credited with forming the first national sick benefit program in 1877. Since those early days, employers have rolled out multiple benefits plans that largely fall into four broad categories:
  • Medical
  • Retirement
  • Insurance
  • Disability
Then - nearly 100 years after the first retirement plan began – the federal government stepped in to regulate employee benefits through ERISA.
Employers aren't required by law to provide benefits, But once they do, they must comply with ERISA and other restrictions.
A review of the laws' provisions and the benefits they cover is key to understanding the penalties of non-compliance.

How ERISA works

ERISA is one of the federal laws that outlines rules for private-sector employers' health or welfare benefits plans. The law sets minimum standards for plan sponsors and administrators. Lawmakers designed its provisions to:
  • Protect employees and ensure that those who qualify for benefits receive them.
  • Set specific standards of conduct for administrators and fiduciaries who manage benefits plans.
  • Establish rules for reporting benefits information to the government and disclosing plan information to participants.
Employers have the freedom to provide more than the law requires, but no less.

ERISA-covered plans

ERISA-covered health or welfare benefit plans include any plan that an employer or employee organization establishes or maintains. The law addresses funds, programs, and plans, which include:
  • Unemployment, sickness, disability, accident, or death benefits
  • Medical care, hospitalization, and surgical benefits
  • Training programs, including apprenticeships
  • Vacation days
  • Scholarship funds
  • Daycare centers
  • Prepaid legal services
  • Other benefits outlined in the Labor Management Relations Act of 1947
Employers and employee groups may jointly establish or maintain a plan.

Reporting and disclosure requirements

ERISA's reporting and disclosure provisions require employers to:
  • Describe plan summaries to participants, employees, and their independents that are covered by benefits plans, including the Consolidated Omnibus Budget Reconciliation Act (COBRA) or a state health care continuation plan.
  • File a Form 5500 each year with the U.S. Department of Labor (DOL) if they have more than 100 plan participants.
  • Offer COBRA when a covered employee or the employee's dependents cease to be eligible for health care continuation. This rule applies to employers with 20 or more employees.
  • Comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which prohibits discrimination against employees because of a pre-existing medical condition or other medical conditions.
Employers must understand that there are several interdependencies between these regulations.

Health benefits penalties

Surveys indicate that employees consider health care coverage as the most crucial benefit. And since it's also the most expensive of employee benefits, employers will want to avoid incurring monetary penalties for not complying with health benefits rules.
Penalties for failing to comply with the benefits offered under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) are among the highest.
The law sets national standards for protecting a patient's private and sensitive health information from dissemination without the patient's consent or knowledge. These health benefits rules have a range of low to high penalty increases.

HIPAA's privacy and security rules

The chart below shows 2022 penalties for violating these rules, with 2021 rates in parentheses for comparison. *Per violation Despite the penalty increases, HHS used its discretion and enforced the maximum annual penalty of up to:
  • $25,000 for a Tier 1 violation
  • $100,000 for Tier 2
  • $250,000 for Tier 3
Also, the Office for Civil Rights (OCR) steps in to evaluate violations. It sets penalty amounts that it determines are appropriate for HIPAA.

HIPAA's notice of special enrollment rules

This rule requires group health plans to allow enrollment outside the regular enrollment periods. These rules cover circumstances in which a person:
  • Loses eligibility in other plans.
  • Becomes ineligible for Medicaid or CHIP because coverage ended.
  • Has a new spouse, acquires a dependent through marriage, or experiences the birth or adoption of a child.
  • Becomes eligible for premium assistance under Medicaid or a state-sponsored Children's Health Insurance Program (CHIP).
Qualified benefits plans seldom can make exceptions outside of these events and still retain their qualified status.

Medicare secondary payer (MSP) rules

These provisions prohibit employers from incenting employees to enroll in Medicare and drop their employer-sponsored plans.
  • Penalty: $10,360 per violation, up from $9,753.
Penalties under MSP rules also include fines for failing to provide employees with information that identifies various situations that demonstrate when a group health plan is their primary coverage.
  • Penalty: $1,325 per violation, up from $1,247.
These fines are assessed per instance. So if the company has 200 employees and fails to provide the information described in the second example, the penalty would be at least $265,000.

Summary of benefits and coverage (SBC) rules

Under the Patient Protection and Affordable Care Act (ACA), these rules entitle plan participants to receive summaries of their health plan coverage that is easy to understand. It also requires receipt of a formal document that outlines a plan's critical details for anyone who enrolls or re-enrolls in a group health plan. The document allows them to make sound and intelligent decisions about their benefits coverage. Failure to comply results in penalties.
  • Penalty: $1,264 per violation, up from $1,190.

ACA's 490H(a) Penalty

Employers must remember that the IRS will continue to enforce this ACA provision, addressing employer shared responsibility payments and employer reporting requirements.
  • Penalty: $229.17 a month, or $2,750 a year.

Family Medical Leave Act (FMLA)

The law allows employees 12 weeks of unpaid, job-protected leave for personal health reasons or to take care of an ill family member. Employers who violate the law may be liable for a worker's:
  • Lost wages
  • Other forms of compensation
  • Benefits
They also may have to reinstate, promote or provide other forms of relief to a worker. 
  • Penalty: Up to $178 for each offense.

COBRA notices

The law requires notifying employees who are no longer eligible for an employer-sponsored plan of their rights under COBRA.
  • Penalty: Fines of up to $110 a day.
Additionally, the IRS imposes a tax on COBRA violations ranging from:
  • $100 a day ($200 for more than one family member)
  • $2,500 for non-compliance after sending employers an examination notice
  • To as much as $500,000 for an employer's "unintentional failures."

Newborns' and Mothers' Health Protection Act

The law allows 48 hours of hospitalization for mothers following a vaginal birth and 96 hours following a cesarian delivery.
  • Penalty for non-compliance: Fines of up to $100,000 if an employer doesn't take corrective action by a specific deadline.

DOL penalty increases

The chart below shows increased fines from the Employee Benefits Security Administration (EBSA), a division of the DOL, from 2021 to 2022. Penalty increases include those under ERISA rules.

The takeaway

Although small businesses (SMBs) with fewer than 50 employees are often exempt from various federal laws, non-compliance can have nonmonetary ramifications for employers. Attracting and retaining talent in a competitive labor market and sustaining a positive culture are just some of the problems companies face while struggling with compliance issues. SMBs can find benefits compliance assistance with benefits laws on these agencies' websites: DOL; the ACA information on HHS's website,; and HHS.  

This communication is for informational purposes only; it is not legal, tax or accounting advice; and is not an offer to sell, buy or procure insurance.

This post may contain hyperlinks to websites operated by parties other than TriNet. Such hyperlinks are provided for reference only. TriNet does not control such web sites and is not responsible for their content. Inclusion of such hyperlinks on does not necessarily imply any endorsement of the material on such websites or association with their operators.

ESAC Accreditation
We comply with all ESAC standards and maintain ESAC accreditation since 1995.
Certified PEO
A TriNet subsidiary is classified as a Certified Professional Employer Organization by the IRS.