DOL announces national employee benefit enforcement priorities and projects

The Department of Labor (DOL) Employee Benefits Security Administration (EBSA) recently updated its national enforcement projects for fiscal year 2026. These changes reflect where EBSA will focus its enforcement resources to increase employee benefit plan compliance and “address abusive practices and actors.”

According to EBSA’s Enforcement webpage, the updated enforcement projects list includes the following related to health and welfare benefit plans, among other projects:

• Cybersecurity
• Barriers to mental health and substance use disorder benefits
• Surprise billing

Although not a national project, EBSA will continue to identify and shut down abusive multiple employer welfare arrangements (MEWAs) and prevent fraudulent MEWA operators from simply opening new arrangements in other states. EBSA also investigates cases where medical providers or other service providers commit fraud against self-funded health plans.

Cybersecurity

This project addresses the growing risks cyber attacks pose to employee benefit plans and participants. It promotes best cybersecurity practices for plans and service providers to protect sensitive information and reduce the risk of fraud and financial loss. As part of its investigations, EBSA reviews how plans and service providers protect their systems and data from cyber threats. This project builds on EBSA cybersecurity guidance issued in 2021 and updated in 2024.

Barriers to mental health and substance use disorder benefits

Enforcement of the Mental Health Parity and Addiction Equity Act (MHPAEA) has been an ongoing priority for EBSA. This project focuses on targeting the most serious violations by plans and service providers that block participants and beneficiaries from accessing their promised mental health and substance use disorder benefits. EBSA intends to ensure that plans and service providers meet their legal obligations to provide these important benefits and remove barriers to accessing care, such as burdensome claims processes, unjustified treatment exclusions, inaccurate provider lists and unreasonable limits on care.

Surprise billing

EBSA enforces the protections under the No Surprises Act (NSA), which prevents participants and beneficiaries from receiving unexpected medical bills in certain situations, such as emergency and air ambulance services or non-emergency services performed by out-of-network providers at in-network facilities. EBSA works to address NSA claims and payment processing issues at a service provider level to achieve widespread correction impacting many plans.

As part of the enforcement project, EBSA will review whether group health plans and health insurance issuers:

• Follow the prudent layperson standard, which requires plans to treat a situation as an emergency if a reasonable person would believe they need immediate medical care
• Apply in-network cost-sharing charges to services protected under the NSA
• Provide proper notices and disclosures
• Comply with other NSA protections, such as prohibitions on prior authorization and more restrictive administrative requirements
• Comply with payment timelines during open negotiation and the independent dispute resolution process
• Examine improper plan exclusions that wrongfully deny emergency services coverage, consistent with the 2021 interim final rule issued under the Consolidated Appropriations Act, 2021

Going forward

Employers should continue to assess their health and welfare benefit plans and service provider administrative practices for compliance with all federal laws and regulations, especially related to cybersecurity, MHPAEA and surprise billing, as these areas will be under strict scrutiny by EBSA.