Healthcare price transparency has shifted from a policy aspiration to a hard legal requirement over the past five years. Three federal rules now impose specific obligations on employer-sponsored health plans: the Transparency in Coverage final rule, the No Surprises Act, and the Advanced Explanation of Benefits provisions. Together, these rules require plan sponsors to publish extensive data, update member communications, and coordinate with carriers and third-party administrators on compliance workflows that most mid-market employers have not yet fully implemented. This article explains what each rule requires, who is responsible for compliance, what the consequences of non-compliance look like in 2026, and how plan sponsors can use transparency data strategically rather than treating it as purely a regulatory burden.

Key Takeaways
  • The Transparency in Coverage rule requires health plans to publish machine-readable files containing negotiated rates and out-of-network allowed amounts for all covered services
  • Self-funded and level-funded employer plans are responsible for compliance, even when a carrier or TPA handles the technical file posting on their behalf
  • The No Surprises Act protects plan members from unexpected out-of-network charges and requires specific advance notice and consent processes for certain services
  • Non-compliance penalties can reach $100 per day per affected member under ERISA, creating substantial cumulative exposure for employers who ignore the requirements
  • Transparency data, when analyzed correctly, gives employers insight into whether their plan's negotiated rates are competitive with market alternatives

The Regulatory Landscape: Three Rules That Changed Employer Obligations

Understanding which rules apply, and when they took effect, is the necessary starting point for any employer compliance review. The three primary transparency rules operate on different timelines and apply to different aspects of plan administration.

The Transparency in Coverage Final Rule

The Transparency in Coverage final rule, issued jointly by the Departments of Health and Human Services, Labor, and the Treasury in October 2020, has been rolling out in phases since July 2022. The rule requires non-grandfathered group health plans and health insurance issuers to publicly post machine-readable files containing comprehensive pricing data. Phase one required posting of files for in-network negotiated rates and out-of-network allowed amounts. Phase two extended the requirement to all items and services.

The Transparency in Coverage rule also requires plans to provide a cost-sharing estimator tool, accessible through the plan's website or through the carrier, that allows members to estimate their cost-sharing obligation for covered services before they receive care. This tool must be available for all covered services and must reflect the plan's actual negotiated rates and the member's current accumulator status (deductible and out-of-pocket maximum amounts met to date).

The No Surprises Act

The No Surprises Act, enacted as part of the Consolidated Appropriations Act of 2021, protects insured individuals from unexpected out-of-network charges in specific circumstances. The act limits balance billing for emergency services, certain non-emergency services at in-network facilities, and services provided by certain out-of-network providers at in-network facilities. For plan sponsors, the No Surprises Act creates notification and consent requirements that must be built into the plan document and communicated to members.

The act also establishes an independent dispute resolution (IDR) process for resolving payment disputes between health plans and out-of-network providers. Employers operating self-funded plans are directly party to IDR proceedings, since the plan is the paying entity. Understanding how IDR works and what the cost exposure looks like under the process is part of the compliance picture for self-funded plan sponsors.

The Advanced Explanation of Benefits

The Advanced Explanation of Benefits (AEOB) requirement, also enacted in the Consolidated Appropriations Act, requires health plans to provide members with a good-faith estimate of their expected cost-sharing before scheduled services. Implementation of the AEOB requirement has been delayed pending rulemaking, but employers should anticipate that when it takes effect, it will require real-time data exchange between providers, plans, and third-party administrators that most current plan administration systems are not yet fully equipped to support.

Machine-Readable Files: What Self-Funded Employers Must Post

The Transparency in Coverage rule's machine-readable file requirement is the most technically complex element for self-funded plan sponsors. The rule requires posting of three file types: an in-network rate file, an out-of-network allowed amount file, and a prescription drug file. Each file must be publicly accessible, updated monthly, and must cover all covered items and services under the plan.

The Three Required File Types

The in-network rate file contains the negotiated rates for all covered items and services across all in-network providers. For a typical mid-market self-funded plan with a regional provider network, this file can contain tens of millions of records, because it must list rates at the individual billing code level for every provider in the network. The file format is specified in the rule (JSON schema), and the content must be updated monthly to reflect current negotiated rates.

The out-of-network allowed amount file contains information about the amounts paid for out-of-network services over a prior period. This file allows researchers and price comparison tools to estimate what out-of-network providers are typically paid by the plan, which creates a secondary layer of price transparency for services where in-network providers are unavailable or impractical. The file must be updated monthly and must cover claims paid over the prior 90 days.

The prescription drug pricing file is the most recently added requirement. It must cover all formulary prescription drugs, their negotiated rates, and historical net prices that account for rebates and fees. Prescription drug pricing data is commercially sensitive, and the implementation of this requirement has been actively litigated by pharmacy benefit managers and drug manufacturers. Employers should confirm with their PBM and TPA whether this file is being produced in compliant format on their plan's behalf.

Who Is Responsible for the Files

This is the most common point of confusion in mid-market employer compliance reviews. For fully insured plans, the insurance issuer is responsible for producing and posting the machine-readable files. The employer's obligation is satisfied when the insurer complies on the plan's behalf.

For self-funded and level-funded plans, the employer is the plan sponsor and the plan sponsor is responsible for compliance. In practice, most self-funded employers delegate the technical file production and posting to their third-party administrator or their network carrier through the administrative services agreement. Delegation does not eliminate the employer's compliance obligation; it assigns the work to a service provider while the employer remains legally responsible for ensuring the work is done correctly and on time.

The self-funded plan TPA relationship guide covers how to structure the administrative services agreement to clearly assign machine-readable file compliance obligations, including the right to audit the TPA's compliance status and the remedies available if the TPA fails to post files on schedule or in compliant format.

The Employer's Compliance Obligation Under ERISA

Even when a TPA handles file production and posting, the employer's ERISA fiduciary obligations require active oversight. A plan fiduciary who delegates compliance work to a service provider is still required under ERISA Section 404 to prudently select and monitor the service provider. Prudent monitoring means confirming periodically, at minimum annually, that the TPA is producing the required files, posting them publicly on schedule, and updating them monthly as required. Confirming this does not require technical expertise. It requires asking the right questions in writing and reviewing the TPA's responses before the compliance year closes.

Document your compliance monitoring activities. In any DOL or IRS examination, the ability to demonstrate that you took specific steps to verify compliance, even if compliance gaps later emerged, is materially different from having no documentation at all. A brief annual written confirmation from your TPA or carrier that the required files are posted, with a URL and posting date, is sufficient for most purposes. Keep that confirmation on file.

No Surprises Act Obligations for Plan Sponsors

The No Surprises Act imposes specific obligations on employer-sponsored health plans that most mid-market employers have addressed incompletely. The two most commonly missed elements are the required updates to plan documents and the advance notice procedures for services where balance billing protections apply.

Plan Document and Summary Plan Description Updates

Plans subject to the No Surprises Act must update their plan documents and Summary Plan Descriptions to reflect the act's protections. Members must be informed of their rights under the act, including the right to receive a good-faith cost estimate for scheduled services, the right to be protected from balance billing in covered situations, and the right to request an itemized bill after receiving services.

The updated disclosures must be provided at the time of enrollment and annually thereafter. They must also be available on the plan's website or through the carrier's member portal. Plans that have not updated their SPD language since 2021 are operating with documents that do not reflect current legal requirements, which creates exposure in any audit or member dispute that references the SPD as the authoritative statement of the plan's terms and member rights.

Employers operating self-funded plans should confirm with their TPA that the SPD was updated following the No Surprises Act and that annual distribution of updated notices is occurring as required. Fully insured plans should confirm the same through their carrier. The ERISA fiduciary obligations guide covers the broader documentation and monitoring requirements that overlap with transparency compliance.

Advance Notice and Consent for Out-of-Network Services

The No Surprises Act includes a notice-and-consent process for situations where a member receives services from an out-of-network provider at an in-network facility or emergency department. If the provider wants to balance bill the member above the plan's out-of-network rate, the provider must obtain advance written notice and consent from the member at least 72 hours before the service. The consent must confirm that the member understands they are choosing to see an out-of-network provider and acknowledges the potential cost difference.

For plan sponsors, the relevant obligation is ensuring that the plan document properly allocates responsibility for enforcing these protections and that the member communications describe the notice-and-consent requirements clearly. Members who did not receive the required notice and consent should not be required to pay balance billing amounts above the plan's out-of-network rate, and the plan should have a defined process for handling those disputes when they arise.

Independent Dispute Resolution: What Employers Need to Know

When a health plan and an out-of-network provider cannot agree on a payment amount, either party can initiate the federal IDR process. The IDR process uses a certified IDR entity to select between the plan's offer and the provider's offer, with the general expectation that the selected amount should be close to the qualifying payment amount (QPA), which is typically the plan's median in-network rate for the service in the geographic area.

Self-funded employers who are directly party to IDR proceedings need to understand that the process has administrative costs, regardless of outcome. Each IDR proceeding requires a $350 administrative fee per claim, which the losing party bears. Plans with high out-of-network claim volume could face meaningful administrative cost from IDR proceedings, in addition to the time cost of preparing and submitting offers in a timely manner.

Proactively managing out-of-network utilization, through network adequacy review and member education about in-network options before services are scheduled, is the most cost-effective way to minimize IDR exposure. The employer claims utilization readiness guide covers how to identify and address out-of-network utilization patterns before they drive significant IDR volume.

How to Use Price Transparency Data Strategically

Most mid-market employers treat transparency compliance as a regulatory obligation to be delegated to the carrier or TPA and forgotten. The employers who extract value from the transparency rules are those who recognize that the machine-readable files they are required to post contain data that has commercial applications beyond legal compliance.

Benchmarking Your Plan's Negotiated Rates

The in-network rate files published under the Transparency in Coverage rule contain your plan's negotiated rates for every covered service with every in-network provider. This data, which was commercially protected before the rule took effect, is now publicly available for every health plan, including the plans offered by other carriers and network administrators in your market. This means you can compare your plan's negotiated rates for specific procedures at specific facilities against the rates negotiated by competing plans in the same market.

For a self-funded employer approaching a TPA contract renewal, this comparison is useful. If your TPA's negotiated rates for common high-cost procedures (inpatient surgical admissions, imaging, outpatient specialty visits) are consistently above the rates achieved by competing network arrangements, the transparency data provides objective evidence for a network renegotiation conversation or a TPA competitive review. Before the transparency rules, getting that data required purchasing proprietary benchmarking services. Now the raw data is publicly available, though it requires technical infrastructure to analyze at scale.

Evaluating Reference-Based Pricing Alternatives

Reference-based pricing plans pay providers based on a benchmark, typically Medicare rates or a multiple of Medicare, rather than negotiated rates. The growing availability of price transparency data makes it easier to model what a reference-based pricing arrangement would cost for your specific utilization pattern and provider mix.

For self-funded employers whose current network includes high-cost providers with rates significantly above Medicare multiples, reference-based pricing may create meaningful savings. For employers in markets where provider concentration gives a dominant health system negotiating leverage that keeps rates high across all payer contracts, the transparency data helps quantify the cost of that leverage and creates a stronger case for exploring alternative payment arrangements.

The Health Funding Projector allows you to model alternative funding structures using your current utilization data, which provides context for how a payment structure change affects your total plan cost in combination with a funding structure change. The two decisions are related but distinct, and the tool separates them in a way that supports clearer analysis.

The Premium Renewal Stress Test helps you pressure-test your current renewal terms against alternatives, incorporating both rate adequacy and network characteristics into the comparison framework.

Non-Compliance Risks and Penalties

The penalties for health plan transparency violations are significant and, in some cases, underappreciated by mid-market employers who assume the rules are primarily aimed at large carriers. The reality is that the enforcement framework applies to plan sponsors, which means employers operating self-funded or level-funded plans are directly exposed.

ERISA Penalties for Disclosure Failures

The DOL can impose civil penalties of up to $100 per day per participant for failures to provide required plan disclosures under ERISA Section 502(c). For a 100-person plan, a disclosure failure persisting for 30 days represents $300,000 in potential penalty exposure. In practice, the DOL typically uses its penalty authority against willful or egregious non-compliance rather than technical violations, but the exposure is real and scales with plan size and duration of the failure.

Machine-readable file violations can be referred by the DOL to the IRS, which has authority to impose excise taxes for certain prohibited plan transactions. The interaction between the DOL and IRS enforcement pathways is not always predictable, which is one reason voluntary compliance with a documented compliance monitoring program is the better posture relative to taking the risk and hoping for lenient enforcement.

The Risk of Member Disputes Grounded in Compliance Failures

Non-compliance with the No Surprises Act creates a specific member dispute risk. If a member receives a balance bill that the No Surprises Act should have prohibited, and the plan's SPD does not accurately describe the member's rights under the act, the member has grounds for a plan claim dispute and potentially an ERISA Section 502(a) action. Member disputes are expensive to defend regardless of outcome, and they carry reputational costs beyond the legal fees.

Plans that have not updated their SPD and enrollment materials since 2021 are particularly exposed here. A member who receives a surprise bill, consults the SPD, and finds no description of their rights under the No Surprises Act has a documentation gap that favors the member in any dispute proceeding. Closing that gap by updating plan documents is a straightforward step that eliminates this specific exposure category.

State-Level Transparency Requirements

Several states have enacted their own price transparency requirements that apply to carriers and, in some cases, to employer-sponsored plans operating in the state. State requirements may exceed federal requirements in scope or timing, and they are not preempted by federal law in all cases. Employers operating in multiple states should review their compliance posture against state requirements in each jurisdiction where they have enrolled plan members. California, New York, Colorado, and Texas have each enacted transparency provisions with varying applicability to self-insured employer plans. Benefits counsel familiar with the relevant states can identify whether state-specific requirements create additional compliance obligations beyond the federal floor.

Building a Compliance Monitoring Program

A compliance monitoring program for health plan transparency does not need to be complex to be effective. The goal is to create a documented record of the actions you took to identify and address compliance obligations, which protects you in any examination and creates accountability for the service providers who handle the technical compliance work on your behalf.

At minimum, an annual compliance review for health plan transparency should include: written confirmation from your TPA or carrier that machine-readable files are posted and current, a review of the plan document and SPD for No Surprises Act compliance language, confirmation that the cost-sharing estimator tool is operational and accessible to members, and a brief summary of any IDR proceedings initiated or resolved during the plan year.

Document that review in writing, date it, and retain it for at least six years. That documentation is the audit trail that demonstrates you took the compliance obligation seriously, even if gaps are later identified. The absence of any documentation, by contrast, eliminates any ability to demonstrate good faith in a regulatory proceeding.

Related Reading

For additional context on employer health plan compliance and self-funded plan management, explore these related Benefitra articles:

Frequently Asked Questions

Do the Transparency in Coverage machine-readable file requirements apply to fully insured employer health plans?

For fully insured plans, the legal obligation to produce and post the machine-readable files falls on the insurance issuer (the carrier), not the employer. The employer's compliance obligation is satisfied when the carrier complies on the plan's behalf. However, the employer's ERISA fiduciary obligations still require confirming that the carrier is complying and that the plan document accurately describes this arrangement. Employers with fully insured plans should confirm annually with their carrier that the required files are posted and include a URL in that confirmation for their records.

Who is responsible for No Surprises Act compliance in a self-funded plan?

The plan sponsor (the employer) is ultimately responsible for No Surprises Act compliance in a self-funded arrangement. Most employers delegate specific compliance functions to their TPA or network carrier through the administrative services agreement, including balance billing enforcement and IDR administration. Delegation transfers the work but not the legal obligation. The employer remains responsible for ensuring that the TPA is performing the delegated functions correctly and that the plan document and SPD accurately reflect the required member rights and protections. Annual review of TPA compliance activities, with written documentation, satisfies the prudent fiduciary monitoring standard.

What are the penalties for failing to post the required machine-readable files?

The DOL can impose civil monetary penalties of up to $100 per day per participant for ERISA disclosure failures. The HHS Secretary has authority to impose civil monetary penalties for non-compliant carriers under the Public Health Service Act. For self-funded employer plans, the DOL is the primary enforcement authority. In practice, the DOL has used education and voluntary correction before imposing maximum penalties for first-time transparency violations, but that approach is not guaranteed and has been tightening as the rule's implementation timeline matures. Employers who have not yet confirmed their TPA's compliance with the machine-readable file requirements should treat this as a near-term priority, not a future one.

How does price transparency data help employers evaluate their TPA's negotiated rates?

The in-network rate files published under the Transparency in Coverage rule contain your plan's negotiated rates at the procedure code and provider level. Because the same data is published by all plans, you can compare your plan's negotiated rates for common high-cost procedures against the rates negotiated by other health plans using the same providers. A service provider with technical capacity to process the machine-readable files can produce a benchmark report showing where your plan's rates are above or below market for the services that drive your claims spending. This data is particularly useful at TPA contract renewal, where evidence of above-market rates provides objective grounds for renegotiation rather than requiring the employer to accept the TPA's representation that their network delivers competitive rates.

What should employers do if they discover their plan has not been complying with No Surprises Act requirements?

The first step is to stop the ongoing failure. Update the plan document and SPD immediately with compliant language covering the No Surprises Act protections. Ensure the cost-sharing estimator tool is operational. Confirm with your TPA that the balance billing enforcement process is in place for covered services. Document each of these corrective steps with dates. If the plan has received member complaints related to surprise billing that may have been improperly handled under the pre-correction procedures, review those complaints and consider whether retroactive correction is appropriate on a case-by-case basis. Voluntarily self-correcting a compliance failure, with documentation, substantially reduces penalty exposure relative to waiting for a regulatory referral. Consider disclosing the self-correction to benefits counsel before taking further action if the scope of the failure is significant.