Editor’s note: This post was updated on August 7 to include a discussion of the recent OIG report on security issues regarding the federal data hub, which will be used by the exchanges for accessing data from different sources, primarily federal agencies, to verify eligibility for premium tax credits and cost-sharing reduction payments.
The Affordable Care Act has been plagued by misinformation and misunderstanding since long before its adoption. One of the ACA’s provisions that has been most misunderstood is its requirement that members of Congress and their personnel staff purchase qualified health plans through the exchanges. The Office of Personnel Management, which is legally responsible for health benefits for federal government employees, finally released on August 7 a proposed rule clarifying how this coverage is going to be provided. OPM released with the proposed rule a Benefits Administration Letter, fact sheet, and set of Frequently Asked Questions.
As is well known, individuals and small employer groups will be able to purchase health insurance through the state or federally facilitated exchanges to take effect as of January 1, 2014. Most Americans will not be covered through the exchanges, however, but will continue to receive health insurance through employer-sponsored insurance or through government programs like Medicare or Medicaid. The ACA explicitly does not require any individual or small employer to purchase health insurance through the exchanges and preserves markets for purchasing individual and small-group coverage outside the exchange (although premium tax credits and cost-sharing reduction payments are only available through the exchanges and individual states can limit the individual and small-group markets to the exchanges).
Only one group of Americans is required to purchase insurance through the exchanges: members of Congress and their personnel staffs (in Washington and in the districts, but not committee staff or other congressional employees).
The history. The requirement that members of Congress purchase coverage through the exchange was included in the law because of a political gambit offered by an opponent of the law, Charles Grassley. Reportedly, Senator Grassley, intending to embarrass Democratic supporters of the law, offered an amendment requiring members of Congress to purchase coverage through the exchanges through which many of their constituents would be purchasing coverage. Democrats, however, embraced the idea and added it to the ACA. Far from exempting Congress from ACA requirements, as some have reported, the amendment subjects members to a legal requirement that will apply to no other Americans.
The problem. The requirement, however, created a problem. The exchanges are only open to individuals and small employers. No large employers participate in the exchange, at least not yet. There is no provision, therefore for large employers, including the largest — the United States government — to pay for exchange coverage. Members of Congress and their staff will generally not be qualified for premium tax credits because they will have income above 400 percent of poverty. Requiring them to pay for coverage out of pocket in after-tax dollars would be unfair and would also make these jobs very unattractive. So how will their insurance be paid for?
The intent of Congress as to how coverage would be paid for was clear all along, as demonstrated by a 2010 Congressional Research Service report . Congressional coverage would be paid for in the same way coverage for other federal employees is funded — through the federal Office of Personnel Management. The ACA requires the federal government to “make available” exchange coverage to Congress, and Senator Grassley stated at the time he offered his amendment that its intent was “to require that Members of Congress and congressional staff get their employer-based health insurance through the same exchanges as … constituents.” It was only a matter of time until OPM clarified this.
What’s in the rule? The proposed rule provides, as expected, that the federal government will pay a share of exchange premiums, 72 percent of the cost of the weighted average of Federal Employee Health Benefit Program (FEHBP) plans or 75 percent of the premium of the chosen plan, whichever is less. It clarifies a number of other issues as well. First, it clarifies that coverage through the exchanges for members of Congress and their personal staff will begin on January 1, 2014. Regular FEHBP coverage will terminate on December 31, 2013.
A second issue is who is covered by the provision. It clearly applies to members of Congress, although the question of how it applies to delegates from the territories is left open for comment, since the territories will not necessarily have exchanges. The requirement also applies to “employees employed by the official office” of a member of Congress, which is interpreted as meaning personal congressional staff as opposed to committee or leadership committee staff, or other employees of Congress. But congressional staff are, apparently, not always clearly assigned to one category or another.
The proposed rule would allow the employing office of each member absolute discretion to decide whether a particular staff member is designated as personal staff subject to the exchange purchase requirement, but once a designation is made it must be made for the entire year. It also must be made prior to October 1 for any given year so that staff members will be able to choose a plan during the annual open enrollment period (although there will be a 30-day grace period for the 2014 coverage year). There may be some room for manipulation in allowing members of Congress to designate which of their staff are subject to the rule, but presumably members will have ample incentives for designating staff as personal staff that will outweigh their desire to keep their staff out of the exchange.
Third, the rule clarifies that plans that are certified as qualified health plans by an exchange will also qualify as “health benefit plans” for FEHBP coverage. The federal government will, therefore, be able to make a contribution to cover a share of the premiums of an exchange plan.
Fourth, the proposed rule states that members of Congress and their personal staff will continue to qualify for their coverage through the exchange once they retire and will become annuitants under the same terms as other federal annuitants.
Fifth, the rule seems to say that the FEHBP self and family contribution levels will be used for determining federal contributions for coverage, even though premiums in the exchange will be determined based on the actual composition of a family (i.e. the number of adults and children in a family, up to three children).
Finally, members and staff subject to this rule will be able to make before tax payments for their share of the premiums for exchange coverage through salary reduction agreements, as can other federal employees. They will not be eligible for premium tax credits through the exchange if their FEHBP coverage is affordable.
Unaddressed questions. The proposed rule and the guidance released with it leave a number of questions unaddressed, some of which have obvious answers and some of which are left open presumably for further guidance or clarification under the final rule. First, presumably the enrollee will choose the level of coverage (bronze, silver, gold, or platinum) and a plan within the level they choose, and the government contribution will be the same regardless of the plan chosen. The FEHBP is already an exchange of sorts, and federal employees already have the choice of choosing richer plans for which they pay more or less generous plans for which they pay less. This will continue.
Second, the proposal does not address age rating or differences in the premiums charged by plans in different states and in different geographic areas within states. FEHBP plans are not age rated on an individual basis (see here for an explanation of how the FEHBP sets premiums) and the basic FEHBP premium is the same throughout the country. Exchange plans vary by age and geography, with a three-to-one maximum difference between premiums based on age..
The rule does not clarify whether OPM government contributions will vary in any way based on age or geography. If they do not, we may see the ironic situation where members of Congress (who tend not to be young adults) and their older staff pay much more for coverage and young staff members pay little for coverage. Members and their staff who reside in high premium states will pay more; those in low premium states will pay less. Of course, members or personal staff who use tobacco will likely be subject to significant additional costs as well, given the 50 percent allowable tobacco surcharge for exchange plans. D.C. does not permit tobacco surcharges, which might make its exchange attractive to members of Congress who are tobacco users.
Third, the proposed rule does not address how exchange coverage will coordinate with Medicare. Although the relationship between the FEHBP program and Medicare for active and retired federal employees is complicated, basically the two programs coordinate benefits to provide comprehensive coverage. Since the exchanges are not meant to cover Medicare beneficiaries, it is hard to imagine how exchange coverage for members of Congress and their staff will interact with Medicare. Many members of Congress are over age 65, however, so this is a real issue.
Fourth, the Benefit Administration Letter and FAQ specify that members and covered staff must enroll through the exchange that covers the place where they reside. Presumably district staff will be covered by the exchanges covering the states where they reside. D.C. staff are likely to be covered in the place where they reside, most likely D.C., Maryland, or Virginia. D.C. and Maryland have their own exchanges; Virginia has a federal exchange. Members may be covered either in their home state or in the D.C. area, depending on where they actually reside. Because most exchange plans are likely to be network plans, there will be a considerable incentive to get coverage through a plan that includes local health care providers, which will usually mean getting coverage through the exchange that covers the place where an enrollee actually lives.
In any event, members of Congress are going to have a personal stake, including a financial stake, in making the exchanges work, which was what the Democrats, if not Senator Grassley, intended.
Data hub security issues. In other news, the HHS Office of Inspector General released an August 2, 2013 report entitled “Observations Noted During the OIG Review of CMS’s Implementation of the Health Insurance Exchange—Data Services Hub.” This report was based on fieldwork performed through May of 2013, so it is somewhat outdated. The implications of that fact, however, are not clear — the security implementation situation may have improved or degenerated during the intervening two months.
The goal of the report was to determine CMS’s progress in resolving security issues regarding the federal data hub. The exchanges, federal and state, will use the data hub for accessing data from different sources, primarily federal agencies, to verify eligibility for premium tax credits and cost-sharing reduction payments. The data hub will also be used by the IRS for receiving coverage information and for providing data for exchange oversight, paying insurers premium tax credits and cost-sharing reduction payments, and providing data to consumers. The data hub will not itself store data, but will rather provide a portal for access to data held by others. The review was not intended to address questions about the functionality of the hub, only to address security issues.
The OIG found that CMS has not been able to meet deadlines set earlier for implementing security controls and for security testing. Current deadlines (as of the time of the Report) were set perilously close to the October 1, 2013 deadline for the exchanges going online, but on-time implementation of a secure data hub in time for the October 1 deadline was not impossible.
Before the data hub opens for business, as security authorization must be obtained from the CMS Chief Information Officer. The security authorization package must include a system security plan (SSP), an information security risk assessment (RA), and a security control assessment report (SCA). These documents should be completed before the security authorization is granted, although the authorization can be granted even if there are risks that are not fully addressed. As of the time of the report, the SSP and RA were still being drafted. They were to be submitted to HHS by July 15, 2013 for review for final approval by the CMS Chief Information Officer by September 30, 2013, the day before the exchanges are set to open. The SCA has also been delayed.
A security assessment test plan was also supposed to be submitted by an independent testing organization as of May 13,2013 to allow testing between June 3 and 7 of 2013. The SCA test plan due date was moved back in May to July 15, with security testing scheduled between August 5 and 16. The draft report on the tests will be due September 9 and the final report September 20, again very close to the October 1 launch date.
Finally, the report surveys various security agreements between CMS, the hub, and partner agencies identified as Interface Control Documents (ICDs), Interconnection Survey Agreements (ISAs), and Service Level Agreements (SLAs).. The ICDs are completed as are some of the SLAs and preliminary ISAs, but final review of ISAs and completion of the final SLAs remain. Again, everything is scheduled to be done by the end of September, but it is going to be close. The OIG concludes that it is possible that an October 1 launch of the data hub may leave some security issues unresolved.
The CMS Administrator stated in response to the OIG that CMS is continually addressing security issues in the development process and is confident that the data hub will be secure for the October 1 launch. If any further delays are encountered however, CMS will have to decide whether an October 1 launch or a completely secured data hub are more important. Either option will bring down a storm of criticism on CMS, but it must be remembered that plan enrollment and premium tax credit eligibility do not begin until January 1, 2104, and a brief delay might be preferable to a major security breach.