Go Back Up

Why you need compliant HRA software

Small Business • November 17, 2023 at 4:50 PM • Written by: Elizabeth Walker

For many small and medium-sized businesses (SMBs) with limited budgets, it can be tempting to try to save money on benefits spend self-administering your employees’ health benefits. While this may seem more cost-effective, any mistakes you make that put your plan out of compliance can cost you and your organization thousands of dollars in fines.

If you offer or plan to offer a health reimbursement arrangement (HRA), investing in a compliant HRA software solution is a great way to avoid potential pitfalls. With HRA software, you can ensure your benefit follows the guidelines set forth by the IRS and other regulations so you can focus on running your business.

To better understand how SMBs can benefit from HRA software, we’ll go over six easy-to-miss areas of compliance that this type of administrative tool monitors to ensure your HRA follows all the necessary regulations.

Have more compliance questions? Get our HRA compliance toolkit to learn more.

1. Affordable Care Act requirements

Since its inception in 2010, the Affordable Care Act (ACA) has helped to expand Medicaid services, created Health Insurance Marketplaces, enabled individuals with pre-existing conditions to enroll in health coverage, and required qualified health plans to cover ten essential health benefits.

But you may not know that the ACA also created specific requirements for employers offering an HRA and other employer-sponsored health plans. To comply with the ACA, an HRA must meet health insurance market reforms1.

Here are some ACA regulations that apply to HRAs in some instances:

  • The employer mandate
  • Minimum essential coverage (MEC)
    • Employees with an HRA must have a health plan that covers the essential benefits to participate or get tax-free reimbursements.
    • Most employer-sponsored health plans, individual insurance plans, and government-sponsored coverage, like Medicare and Medicaid, meet MEC requirements.
  • Annual and lifetime limit rules
    • Group health plans, like HRAs, can’t place any annual or lifetime maximum on the dollar amount of essential health benefits. This extends to any services an individual may receive, whether in-network or out-of-network
  • Summary of benefits and coverage (SBC)
  • 60-day notice of material modifications
    • Plan administrators must explain any changes to the HRA in a notice to employees within 60 days of the changes taking effect.
  • Adult children can stay on their parent’s health insurance plan up to the age of 26
  • Plans must provide coverage of preventive care without cost-sharing
  • Employers offering an HRA must file Form 720 and pay a Patient-Centered Outcomes Research Institute (PCORI) fee to support research designed to help consumers make better healthcare decisions for their specific needs and health outcomes.
  • Internal and external claims and appeals process for health claims

2. HIPAA Privacy Rule

HRAs must also follow the HIPAA Privacy Rule. To administer a reimbursement health plan, the entity processing the claims receives protected health information (PHI), which HIPAA protects.

HRA reimbursement claim documentation may contain several protected PHI like Social Security numbers, medical record numbers, biometric identifiers, full-face photos, and geographic data.

If you’re offering a health benefit like an HRA, your plan administrator must keep your employees’ PHI safe so it’s not shared or viewed by those not authorized to see it. Employers that don’t comply or negligently release employees' PHI can face fines ranging from $100 to $50,000 per individual violation2, depending on the level of seriousness.


The federal government considers HRAs group health plans (except for a QSEHRA), so they’re subject to regulations outlined by the Consolidated Omnibus Budget Reconciliation Act (COBRA). Under COBRA, employees who experience a qualifying event are eligible for continuation coverage under the employer’s plan.

COBRA applies to all U.S. employers with 20 or more FTEs. But, many states require employers with fewer than 20 employees to offer continued coverage to employees—this is known as mini-COBRA3.

Circumstances that allow employees to get continued coverage under COBRA include:

  • Voluntary or involuntary job loss
  • Reduction in hours
  • Transition between jobs

Circumstances that allow dependents and spouses of a covered employee to get continued coverage include:

  • Death of an employee
  • Divorce
  • A dependent loses coverage
  • A covered employee becomes Medicare-eligible

If you offer an ICHRA or a group coverage HRA (GCHRA), you must give your former employees and their dependents the option to continue to participate in the HRA.

An employer that fails to extend COBRA coverage to participants can face hefty fines—up to $110 per day for failure to provide an initial notice or election notice4 and potentially the medical costs the qualified beneficiary incurred when they didn’t have coverage.

4. Medicare reporting

Another compliance area HRA plan administrators must follow is the Medicare Secondary Payer (MSP) provisions. This legislation makes Medicare the secondary health insurance payer to certain primary plans. Proper reporting on how Medicare and primary plans interact ensures Medicare doesn’t overpay for services that the primary insurer is responsible for paying.

These reporting requirements apply to all group health plans, so if you have any employees enrolled in Medicare who participate in your HRA, you must provide coverage information to the Centers for Medicare and Medicaid Services (CMS) per the MSP requirements.

Organizations with fewer than 20 employees and employers that offer an annual HRA allowance of less than $5,000 per employee are exempt from MSP requirements.

The detailed report you send CMS will allow better coordination of payer responsibilities between the employees’ HRA and Medicare plans. Failure to comply could result in fines of up to $1,000 daily5.

5. Summary plan documents

Next, the Employee Retirement Income Security Act of 1974 (ERISA) requires employers to establish and maintain their HRA plan with a “written instrument” known as a summary plan document (SPD).

An SPD is a summary of your benefit plan that outlines the benefit’s details and requirements. It defines specific details like eligible expenses for reimbursement, employer contribution limits, allowance amounts, whether HRA funds may roll over from year to year, how to file a reimbursement claim, and other essential information.

If this is your first time offering an HRA, you must give your employees an SPD within 120 days of establishing the plan. Newly eligible participants in an existing HRA must receive their SPD within 90 days of their plan’s first date of coverage.

Not only could you face adverse action for failing to have a plan document, but it would also be difficult for you to prove plan terms and enforce its provisions. Not to mention, your employees won’t be able to get the most out of their HRA if they don’t understand all the plan details.

6. ERISA-compliant reimbursement of individual health plans

Finally, the U.S. federal government has specific regulations that employers must comply with to reimburse employees for individual health insurance plan premiums compliantly without violating ERISA.

For example, an arrangement where an employer reimburses an employee for some or all of their individual health insurance premiums is an employer payment plan (EPP). While EPPs used to be popular before the ACA, they don’t comply with current ACA market reforms.

If you offer an EPP, you could face a penalty of $100 per day per affected employee (or $36,500 per year per employee)6.

You can legally reimburse your employees for their individual health plan premiums with a QSEHRA or ICHRA under the ACA and ERISA. Additionally, a GCHRA integrates with traditional group health insurance as another way employers can cover their employees’ out-of-pocket medical expenses.

How PeopleKeep can help you compliantly administer your HRA

By now, it may be easy to see how self-administrating your HRA could be challenging. In addition to being time-consuming, you may need help with compliance requirements or find yourself in financial jeopardy if you make a mistake.

If you’re interested in employee benefit administration software, consider PeopleKeep. Our HRA software gives employers an all-in-one benefits platform for their HRA plan needs.

PeopleKeep makes HRA compliance easy for you by:

  • Generating plan documents, like an SPD
  • Helping with plan design
  • Providing employees with proper notice
  • Reminding you when Form 720 PCORI fees are due
  • Reviewing your employees’ reimbursement requests
  • Storing documents and substantiation for reimbursement requests

We also work with a third-party insurance concierge service partner to help your employees purchase the best health plan for them.

Additionally, our award-winning support team helps you and your employees use the benefit. Most importantly, our software will help you stay compliant by keeping your benefit updated with all current rules and regulations.


HRAs are a flexible health benefit option for employers of all sizes. But that doesn’t mean they're free from compliance regulations. From following the ACA’s requirements to drafting ERISA-compliant plan documents, administering an HRA can feel daunting—but it doesn’t have to be!

With an HRA administration tool like PeopleKeep, you’ll only need a few minutes every month to manage your employees' health benefits compliantly, so you can save time and not fall subject to costly ACA penalties.

This article was originally published on June 5, 2016. It was last updated on November 17, 2023.

  1. https://www.cms.gov/CCIIO/Programs-and-Initiatives/Health-Insurance-Market-Reforms
  2. https://www.hipaajournal.com/what-are-the-penalties-for-hipaa-violations-7096/
  3. https://primepay.com/blog/is-mini-cobra-in-your-state/
  4. https://www.wagnerlawgroup.com/blog/2022/02/employer-must-provide-retroactive-coverage-and-pay-penalties-for-cobra-election-notice-violations/
  5. https://www.federalregister.gov/documents/2023/10/11/2023-22282/medicare-program-medicare-secondary-payer-and-certain-civil-money-penalties
  6. https://www.law.cornell.edu/uscode/text/26/4980D

Get our guide on how to offer health benefits with a small budget.

Elizabeth Walker

Elizabeth Walker is a content marketing specialist at PeopleKeep. She has worked for the company since April 2021. Elizabeth has been a writer for more than 20 years and has written several poems and short stories, in addition to publishing two children’s books in 2019 and 2021. Her background as a musician and love of the arts continues to inspire her writing and strengthens her ability to be creative.