Facebook Instagram Linkedin

One Big Beautiful Bill Act – Changes for Employee Benefits

Kristin Tracy on August 13, 2025

On July 4, 2025, President Donald Trump signed a major tax and spending bill, commonly referred to as the “One Big Beautiful Bill Act” (OBBB Act), into law. The OBBB Act includes changes for employee benefit plans.

The OBBB Act will:
  • Expand the availability of health savings accounts (HSAs)
  • Permanently extend the telehealth exception for high deductible health plans (HDHPs)
  • Increase the maximum annual limit for dependent care flexible spending accounts (FSAs)
  • Allow employers to help pay employees’ student loans beyond 2025 and make cost-of-living adjustments to the tax exclusion for educational assistance programs
  • Allow employers to contribute up to $2,500 per year to a new type of tax-advantaged account for children, called a “Trump Account”

Contact us today for further resources on employee benefits-related provisions from the OBBB Act

Provided to you by Ellingson Group
This article is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice. © 2025 Zywave, Inc. All rights reserved.

Pay-or-Play Affordability Percentage Will Increase for 2026

Kristin Tracy on August 13, 2025

On July 18, 2025, the IRS released Revenue Procedure 2025-25 to index the contribution percentage in 2026 for determining the affordability of an employer’s health plan under the Affordable Care Act (ACA). For plan years beginning in 2026, employer-sponsored coverage will be considered affordable under the ACA’s “pay-or-play” rules if the employee’s required contribution for self-only coverage does not exceed 9.96% of their household income for the year.

Affordability Test

The ACA’s pay-or-play rules require applicable large employers (ALEs) to offer affordable, minimum-value health coverage to their full-time employees (and dependents) or risk paying a penalty. The affordability of health coverage is a key point in determining whether an ALE may be subject to a penalty. An ALE’s health coverage is considered affordable if the employee’s required contribution to the plan does not exceed 9.5% (as adjusted annually) of the employee’s household income for the taxable year. This percentage is adjusted each year based on health plan premium growth rates in relation to income growth rates.

In recent years, the affordability percentage has been adjusted to:

  • 9.12% for plan years beginning in 2023;
  • 8.39% for plan years beginning in 2024;
  • 9.02% for plan years beginning in 2025; and
  • 9.96% for plan years beginning in 2026.

For purposes of the pay-or-play rules, the affordability test applies  only to the portion of the annual premiums for self-only coverage and does not include any additional cost for family coverage. Also, if an employer offers multiple health coverage options, the affordability test applies to the lowest-cost option that provides minimum value.

Because an employer generally will not know an employee’s household income, the IRS has provided three optional affordability safe harbors that ALEs may use to determine affordability based on information that is available to them: the Form W-2 safe harbor, the rate of pay safe harbor and the federal poverty level safe harbor.

Affordability Percentage for 2026

For 2026, the affordability percentage increases to 9.96%. This means that an ALE’s health coverage for the 2026
plan year will be considered affordable if a full-time employee’s required contribution for self-only coverage
under the lowest-cost option does not exceed 9.96% of their income. This is a significant increase from the
affordability contribution percentage for 2025 and the highest this percentage has ever been. As a result,
employers may be able to increase employees’ health coverage contributions for 2026 while still meeting the
adjusted affordability percentage.

Provided to you by Ellingson Group
This Compliance Overview is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice. ©2025 Zywave, Inc. All rights reserved

HHS Announces HIPAA Audit Program Will Resume

ellingsondev on January 20, 2025

The U.S. Department of Health and Human Services (HHS) recently updated its HIPAA enforcement website to announce the start of its 2024-25 audit program. HIPAA is enforced by HHS’ Office for Civil Rights (OCR). According to OCR, the 2024-25 HIPAA audits will review 50 covered entities’ and business associates’ (collectively called regulated entities) compliance with selected provisions of the HIPAA Security Rule most relevant to hacking and ransomware attacks.

This is a significant compliance step for OCR, which has not utilized its HIPAA audit program since 2016-17 due to a lack of financial resources. HIPAA audits are primarily a compliance improvement activity; however, if an audit reveals a serious compliance issue, OCR may initiate a compliance review of the regulated entity to investigate.

HIPAA Security Rule

The HIPAA Security Rule sets a national floor for the protection of individuals’ electronic protected health information (ePHI) by covered entities (health plans, health care clearinghouses and most health care providers) and their business associates. These standards require regulated entities to analyze the risks and vulnerabilities of the confidentiality, integrity and availability of their ePHI. The risk assessment process helps regulated entities implement reasonable and appropriate administrative, physical and technical safeguards to protect their ePHI.

HIPAA Audit Program

HHS is required to periodically audit regulated entities for compliance with the requirements of HIPAA’s Privacy, Security and Breach Notification Rules. OCR last conducted HIPAA audits in 2016-17, when it audited 166 covered entities and 41 business associates.

In a report from Nov. 25, 2024, HHS’ Office of Inspector General (OIG) concluded that OCR’s HIPAA audit program was not effective at improving cybersecurity protections at regulated entities. OIG made several recommendations for OCR to enhance its HIPAA audit program, including expanding the scope of the audits to assess compliance with the Security Rule’s physical and technical safeguards.

In December 2024, OCR announced that HIPAA audits would resume. These audits will focus on compliance provisions of the HIPAA Security Rule that are most related to cybersecurity. OCR will publish an industry report summarizing its findings after the 2024-25 HIPAA audits are completed.

Employers with self-insured health plans and employers with fully insured health plans that have access to ePHI should periodically review their compliance with the HIPAA Security Rule. This review should include ensuring their risk analysis is up to date and they have implemented the appropriate administrative, physical and technical safeguards for ePHI.

Provided by Ellingson Group
This Legal Update is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice. ©2025 Zywave, Inc. All rights reserved.