(804) 673-6676
Key Takeaways From the CAA-mandated Prescription Drug Cost Report
The Consolidated Appropriations Act, 2021 (CAA) mandates that group health plans and health insurance issuers submit annual data on premiums, enrollment, medical spending and prescription drug rebates to various departments to address this. This initiative, known as the Prescription Drug Data Collection (RxDC), aims to enhance transparency in prescription drugs and health care spending. As required by the CAA, the Office of the Assistant Secretary for Planning and Evaluation released a report analyzing 2020-21 RxDC data for the U.S. Department of Health and Human Services (HHS).
About 143 million Americans had prescription drug coverage from private group health insurance plans (mostly employer-sponsored), and an estimated 11 million had prescription drug coverage from individual market health insurance plans in 2020. Consider these additional takeaways from the report:
- Cost sharing—Average deductibles and out-of-pocket maximums in employer-sponsored coverage have generally increased since 2014. Employer-sponsored health insurance plans are making greater use of coinsurance. Employer-sponsored health insurance plans have also adopted benefit designs with more cost-sharing tiers, allowing them to set higher cost sharing for more expensive brand drugs.
- Rebates—Despite differences in methods, data sources and prescription drugs analyzed in this report, recent trends consistently imply that gross drug prices have grown more rapidly than prices net of rebates paid by manufacturers to pharmacy benefit managers (PBMs).
Organizations can continue to expect this annual report. Qualifying employers are required to submit RxDC data; however, they may use issuers, third-party administrators or PBMs to submit on their behalf. Reach out for more information about RxDC reporting.
HHS Proposes Changes to HIPAA Security Rule to Strengthen Cybersecurity for ePHI
The HHS released a proposed rule that would modify the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to strengthen cybersecurity protections for electronic protected health information (ePHI). Although the changes are substantial, they are only in proposed form at this point. The proposed changes focus on enhanced documentation (e.g., inventory and system mapping) and heightened technical safeguards (e.g., encryption, multifactor authentication, vulnerability scanning and penetration testing).
Employers with self-insured health plans and those with fully insured health plans that have access to ePHI should monitor developments and plan to improve safeguards for ePHI if the changes are finalized. Contact us today for more resources.
© 2025 Zywave, Inc. All rights reserved