"The 2026 FAQs clarify that, unlike other expenses, an employee may incur Student Loan expenses prior to employment.... The 2026 FAQs revised language from the 2024 FAQs to make clear that the employer 'must' (rather than 'can') inform the employees about the program and its terms. The 2026 FAQs reflect the OBBBA indexing provision, beginning in 2027."  MORE >>

"Employers most often lose the voluntary benefits exemption where they: [1] take an action or actions to 'endorse' the voluntary benefits; or [2] receive consideration as a result of providing the voluntary benefits.... If the 'voluntary benefits' exemption does not apply, the employer must comply with ERISA with respect to those benefits, just as it does for the other welfare benefits the employer offers to its employees. The employer's obligations would include compliance with ERISA's fiduciary obligations."  MORE >>

"Although the reporting and transparency requirements of the 2026 CAA are intended as 'PBM reform,' the applicable laws amended by the 2026 CAA directly govern plans and plan sponsors. [This article provides] a high-level overview of provisions in the 2026 CAA applicable to group health plans, including both ERISA plans and plans subject to the PHSA, such as publicly funded and governmental plans."  MORE >>

"Although EBHRAs have fewer compliance obligations as compared to traditional HRAs, employers should not mistake 'excepted benefit' for 'compliance-free.' The EBHRA carries meaningful obligations under ERISA, COBRA, HIPAA privacy and the nondiscrimination rules, and proper plan documentation and administration are essential to maintaining compliance with the applicable regulations."  MORE >>

"Employers often offer COBRA subsidies that are more generous for certain highly compensated employees. Where self-insured, employers should consider the taxable compensation alternative to avoid nondiscrimination issues under Section 105(h). Where fully insured, employers should consider reservation of rights terms to address potential application of ACA nondiscrimination rules."  MORE >>

"Because the proposal aligns the FLSA vertical analysis with the FMLA, an employer that qualifies as a vertical joint employer under the four-factor test may also need to count jointly employed workers toward FMLA coverage thresholds and potentially bear job restoration obligations. The overlap is not automatic, but it requires a closer look at arrangements where one employer supplies workers to another."  MORE >>

"These regulations incorporate no substantive changes from the proposed regulations released in October 2025. The Maryland [DOL] has also recently released two important updates: The application window for employers who wish to submit their Declaration of Intent (DOI) to offer a private plan will be September 1, 2026-November 15, 2026. Total premium rate for the State Plan, effective January 1-December 31, 2027, will be 0.9%, consistent with the rate previously published by DOL."  MORE >>

"The final regulations set out detailed requirements for [Equivalent Private Insurance Plans (EPIPs)], which may be self-insured or commercially-insured.... An employer wishing to utilize an EPIP is required to submit an EPIP application to the MDOL's FAMLI Division for approval.... Self-insured EPIPs must obtain a surety bond issued by a certified surety company in an amount equal to one year of expected future benefits....An employer whose EPIP application is denied or whose EPIP is involuntarily terminated may file a request for review within ten business days, and the Division must issue a decision within twenty business days."  MORE >>

"[The] order granted broad discovery into the insurer's AI-driven claims processes. This ruling is an important indicator that litigation challenging AI-based health insurer coverage denials is gaining traction and that the inner workings of these algorithmic tools may be subject to court-ordered disclosure." [Estate of Lokken v. UnitedHealth Group, Inc., No. 23-3514 (D. Minn. Mar. 9, 2026)]  MORE >>

"The common allegations made in all four lawsuits include: [1] Major U.S. health insurers embedded advertising and analytics technology inside their health benefit websites. [2] Tracking allegedly captured exact search terms and typed content. [3] Data was allegedly sent to advertising and data‑broker ecosystems. [4] Privacy promises and consent mechanisms were allegedly ineffective or misleading. [5] Federal and state wiretap laws may apply to ordinary website interactions."  MORE >>

32 pages. "During the Reporting Period [August 1, 2023, through July 31, 2025], [EBSA] enforcement work on NQTLs resulted in corrections under MHPAEA affecting more than 18 million participants across more than 39,000 group health plans.... These results come from EBSA's enforcement activity during the Reporting Period, in which the agency issued: 42 initial letters requesting comparative analyses for 77 NQTLs; 14 insufficiency letters covering 32 NQTLs; 25 initial determination letters findings plans/issuers had violated MHPAEA for 43 NQTLs; and 5 final determinations of noncompliance finding MHPAEA violations for 7 NQTLs."  MORE >>

"Witnesses called out PBMs for failing to put patients first.... Chairman Tim Walberg (R-MI) asked about how consolidation within the PBM space is limiting choice. ... Rep. Burgess Owens (R-UT) discussed how PBMs have lost sight of their intended purpose.  ... In an exchange with Rep. Virginia Foxx (R-NC), Mr. Gelfand described the enormous power PBMs wield over the pricing, distribution, and accessibility of pharmaceuticals."  MORE >>

"[T]he Department is also proposing to amend provisions in its regulations implementing the Family and Medical Leave Act (FMLA) and Migrant and Seasonal Agricultural Worker Protection Act (MSPA) to provide that joint employer status under those laws be determined using the Department's FLSA analysis, as the FMLA and MSPA both incorporate the FLSA's employment definitions."  MORE >>

"(EBSA) is seriously prioritizing cybersecurity audits in 2026, according to an update on national enforcement projects.... To stay compliant, the following activities must be reviewed and approved annually (or more frequently, as noted): [1] written policies, [2] role-based access controls, [3] security awareness training, [4] independent assessments of cybersecurity program effectiveness and [5] vendor assessments."  MORE >>