Navigating EAP Compliance: A Guide for Employers

A 2022 Society for Human Resource Management report states that 73% of businesses offered Employee Assistance Program (“EAP”) services. The COVID pandemic has accentuated the critical role of organizational support for the workforce through EAPs. 

According to certain market research, the increased need to address employees' mental and physical health conditions is expected to expand EAP services by 11% or more in each of the three successive years, 2024-2027. The continued expansion of assistance services means employers with these programs must maintain ongoing compliance. 

Both newly adopting employers and veteran EAP employers should be aware of the necessary documents, filings, and notices. We’ve broken down the key considerations for employers when it comes to EAP compliance into the following buckets: 

• ERISA Compliance
• COBRA Election Notices
• HIPAA Considerations 

How to Comply with ERISA 

Many times, program providers state that they do not have to comply with ERISA because they are merely providing referrals. However, upon a closer examination of the referrals being provided are considered medical benefits by the Department of Labor (“DOL”). 

Almost all assistance programs, as a part of the referrals, provide counseling services to participants, who can then be referred out for further services. The DOL also considers mental health counseling, whether for substance abuse, stress, or other issues, as medical care and an ERISA covered benefit.

Once the employer concludes that its EAP is an ERISA covered benefit, ERISA compliance is required with the following:

• A plan document
• A Summary Plan Description (“SPD”)
• An annual Form 5500 (If the plan has 100 or more participants at the beginning of the plan year)

COBRA Election Notices 

The conclusion that the EAP is a medical benefit satisfies the definition of an employer-sponsored group health plan is subject to COBRA. Employers and COBRA administrators commonly complain about the need to include EAPs in COBRA election notices and the burden of processing premium collection for qualified beneficiaries electing continuation coverage for the benefit. Even though the employer can still charge 102% of the cost, it can seem an inappropriate and inconsequential burden given the low COBRA participation rates and low cost of coverage for most EAPs.

Some employers avoid this issue by continuing to provide active EAP coverage for the full 18-month or 36-month maximum coverage period, depending on the qualifying event. The COBRA deferred loss of coverage rules provide that additional periods of active coverage after the triggering event apply toward the COBRA maximum coverage period to reduce the period the qualified beneficiary may continue coverage through COBRA.

This approach avoids the need to offer a COBRA election notice and process the standard COBRA premium collection administration because there will be no right to continue coverage through COBRA after the extended period of active coverage.

EAPs remaining subject to COBRA will want to review the four COBRA notices and ensure timely delivery.

HIPAA Considerations for EAP Compliance 

Again, the fact that the EAP is considered a health plan adds to the compliance burden since the HIPAA definition of covered entities includes health plans. Employers, in their capacity as employers, are not subject to the HIPAA rules. However, the HIPAA rules do apply to any protected health information (“PHI”) an employer/plan administrator holds on a health plan’s behalf when the employer designs or administers the plan. EAPs that are fully insured or embedded in a fully insured policy will not have the same HIPAA burden as a self-insured EAP since the bulk of the HIPAA requirements fall on the insurer.

While most EAPs are considered an excepted benefit for purposes of HIPAA portability and the Affordable Care Act, even if the benefit is offered at no cost doesn’t mean that the EAP avoids the HIPAA rules. Self-insured EAPs will need to enter into a business associate agreement with the EAP provider, include language in the plan document required by the HIPAA rules, develop HIPAA Privacy and Security policies and procedures, perform a plan risk assessment, and train personnel.

Employers that sponsor self-insured health plan or a health flexible spending arrangement through their cafeteria plan, can easily address the EAP HIPAA requirements by forming an Organized Health Care Arrangement (“OHCA”) between the plans. An OHCA allows the employer to consolidate plans and address HIPAA for all similar plans through one application of the requirements.

Getting to EAP Compliance 

Employers should not allow the compliance burden of the EAP deter them from offering this valuable employee benefit. Instead, work with a knowledgeable service provider to make sure your Employee Assistance Program meets all areas of compliance.