As we move through 2025, compliance enforcement is ramping up, and brokers need to be prepared to guide their clients through the ever-changing regulatory landscape. The Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) and other agencies are actively investigating health plans, issuing penalties, and enforcing new requirements. Here’s what you need to know to keep your clients compliant and avoid costly fines.

A Rise in ACA Penalties

The Employer Shared Responsibility Penalties under the Affordable Care Act (ACA) continue to be a major enforcement focus. Failure to offer coverage to 95% of full-time employees (4980H(a)) or offering unaffordable coverage (4980H(b)) can result in significant financial consequences, with penalties increasing annually for inflation. For 2025, the penalty for 4980H(a) will increase to $2,970 per full-time employee, and the 4980H(b) penalty will rise to $4,460 per employee who went to Marketplace and received a subsidy.

Additional ACA Reporting Penalties:

Failure to furnish forms to employees	$60 per form if provided up to 30 days late $130 per form if provided from 31 days late through August 1st $330 per form if not provided by August 1st
Failure to file forms with the IRS	$60 per form if filed up to 30 days late $130 per form if filed from 31 days late through August 1st $330 per form if not filed by August 1st
Both penalties increase to $660 per form if the failure was caused by “intentional disregard” (criminal penalties may also apply)

*Bold numbers are subject to annual adjustment

The recently signed Employer Reporting Improvement Act extends the statute of limitations for employer-shared responsibility penalties to six years, meaning employers could face compliance issues long after an initial filing. There is also now a 90-day window for responding to 226J letters.

ERISA Penalties

Plan Documents & SPDs	Most violations - $100 to $110/day per affected participant Failure to provide SPD or SMM when requested by DOL - $195 per day, up to $1,956 maximum per violation
Required Notices	SBC - $1,443 per willful failure to provide to participants CHIPRA - $145/day for failure to provide notice COBRA - $100 to $110/day per affected person
GINA	$145/day per affected person
Form 5500 Reporting	Up to $2,739/day per plan for failure to file $110/day per affected person for failure to distribute SAR
§125 Nondiscrimination	Potential loss of tax advantages for highly compensated employees
Medicare Secondary Payer (MSP) Rules	$11,524 per financial violation/offer of incentives

*Bold numbers are adjusted annually for inflation; this year, the adjustment amounts to approx. 2.6%

HIPAA and Cybersecurity Risks on the Rise

With cyber threats increasing, the Office for Civil Rights (OCR) currently has 76 health plans under investigation for data breaches, most related to hacking/IT incidents. HIPAA violations carry severe civil and criminal penalties, with fines reaching up to a $2.1 million calendar-year cap for multiple violations of the same provision. Brokers should stress the importance of strong IT security measures and HIPAA compliance reviews for their clients. We’ve broken it down in the table below. Please note that the civil penalty amounts are adjusted for inflation annually, and some monetary penalties may also apply with criminal penalties.

Tier	Civil Penalties	Criminal Penalties
1	Lack of Knowledge: $141 - $71,162 per violation	Reasonable Cause or No Knowledge of Violation: Up to 1 year imprisonment
2	Reasonable Cause: $1,424 - $71,162 per violation	PHI Obtained Under False Pretenses: Up to 5 years imprisonment
3	Willful Neglect (corrected within 30 days): $14,232 - $71,162 per violation	PHI Obtained for Personal Gain or with Malicious Intent: Up to 10 years imprisonment
4	Willful Neglect (not corrected within 30 days): $71,162 - $2,134,831 per violation

 

Consolidated Appropriations Act (CAA) Penalties

The CAA introduced strict transparency requirements, with non-compliance penalties reaching $100 per participant per day. Employers must ensure compliance with the CAA’s mandates, including machine-readable files, gag clause prohibitions, and broker compensation disclosures.

Mental Health Parity Compliance

Mental Health Parity and Addiction Equity Act (MHPAEA) enforcement is another area seeing increased audits. In FY 2023, EBSA cited 31 MHPAEA violations in 17 investigations for various reasons, including improper financial limits, QTLs, NQTLs, and noncompliance with the NQTL comparative analysis requirements. To avoid scrutiny, clients offering group health plans must ensure their benefits comply with parity rules.

Resources:

1. DOL/EBSA Fact Sheets & Enforcement Statistics
2. EBSA Enforcement Manual
3. HHS “Wall of Shame” for HIPAA Violations

For employee benefits brokers, knowledge is power. Staying up to date with the latest in employee benefits compliance news and penalties will better equip you to guide your clients through the regulatory maze and ensure their employee benefits programs are both competitive and compliant.

Navigating compliance doesn’t have to be overwhelming. Medcom offers expert training, compliance support, as well as ACA penalty appeal support to help brokers protect their clients. Contact us today!