Does Your EAP Wellness Program Provide “Medical Care?” If So, You May Be Subject to More Federal Laws than You Think!

Many of our clients provide employee support services through or in addition to corporate wellness programs. Awareness of employee mental health issues is on the rise, so many wellness providers, such as health and wellness coaches, therapists, integrative health providers and holistic health providers wish to offer wellness services to address employee stress and anxiety. If those wellness services are provided to each and every employee, instead of just employees who are already enrolled in the company health plan, both the wellness provider and employer might be surprised to learn that their employee assistance program (EAP) may need to comply with a number of federal employee benefits laws.

Whether the EAP services require compliance with certain federal laws often boils down to one critical question: do the services provided constitute “medical care,” or in some cases “significant benefits in the nature of medical care?” If the answer is “yes,” then certain federal employee benefit laws will likely apply to the wellness program. If the answer is “no,” then the wellness program may be exempt from quite a few of those federal laws. This blog post explores how to determine if your EAP wellness program offers “medical care” and if so, which federal laws may apply to your program.


Section 3 of the Employee Retirement Income Security Act of 1974 (ERISA) defines “employee welfare benefit plan,” in relevant part, as a plan or program established or maintained by an employer for the purpose of providing participants through the purchase of insurance or otherwise, medical surgical, or hospital care or benefits, or benefits in the event of sickness, accident, or disability. ERISA § 3(1).

The federal Department of Labor (DOL), the agency that enforces compliance with ERISA, has issued several opinion letters in the past that provide guidance as to when an EAP program would be subject to ERISA. In DOL Opinion Letter 88-4A, the DOL analyzed an EAP program that provided counseling services to participants who could then also be referred out for further services. The DOL concluded that EAP benefits for the treatment of alcohol and drug abuse, stress, anxiety, and similar conditions constituted “medical benefits” or “benefits in the event of sickness” and were therefore subject to ERISA.

Similarly, in DOL Opinion Letter 83-35A, the DOL evaluated a plan that provided counseling for employees who had certain described personal problems. The counselor identified the problem and suggested a plan of action and referred the employee to an outside service. Although the cost of the plan of action was not covered by the EAP, the employer may have had other benefits that covered the plan of action. The DOL concluded that this plan qualified as an employee welfare benefit plan under ERISA.

In contrast to the above two EAPs analyzed by the DOL, the plan at issue in DOL Opinion Letter 91-26A concluded that the EAP was not “medical benefits” or “benefits in the event of sickness.” In that program, the EAP provided substance abuse testing and then referrals for employees who tested positive for drugs. There was no counseling involved with the EAP, merely a referral by an employee who had no license or special training in counseling. The DOL noted:  “Unlike [EAPs] identified as employee welfare benefit plans in ERISA Opinions 88-4A and 83-35A, the program employs no counselors, either in-house or on a contractual basis, and apparently provides no benefits in addition to referrals an employee could obtain free of charge regardless of employee status.” DOL Op. Letter 91-26A.

So, if an EAP employs licensed professionals to provide services like psychosocial assessments, brief counseling, and crisis intervention counseling, the program is probably more like the plans described in DOL Opinion Letters 88-4A and 83-35A. Therefore, the plan may provid medical benefits and consequently qualify as an ERISA welfare benefit plan. This means that the employer that sponsors the EAP must comply with ERISA Parts 1, 4-6[1].

ERISA Parts 1, 4-6

ERISA Parts 1, 4-6 cover the following requirements:

  • Reporting and Disclosure, such as filing Form 5500 annual reports, being included in the plan’s Summary Plan Description, and record retention requirements.
  • Fiduciary Responsibility
  • Criminal and Civil Enforcement Procedures
  • Continuation Coverage (i.e., COBRA requirements).

As a result, employer clients who provide EAP services classified as medical benefits to their employees must ensure compliance with the above ERISA requirements

Excepted Benefit Status Offers Exemption from ERISA Part 7, Title 27 of the PHSA, and Chapter 100 of the IRC

The “Tri-Agencies” (i.e., the DOL, the Centers for Medicare and Medicaid Services (CMS), and the Internal Revenue Service (“IRS”)) have identified certain employee benefits that qualify for “excepted benefit” status. Excepted benefits are exempt from compliance with ERISA Part 7, Title 27 of the Public Health Services Act (PHSA), and Chapter 100 of the Internal Revenue Code. (IRC) Many of these laws overlap and apply to health insurers, including group health plans. Specifically, ERISA Part 7, Title 27 of the PHSA and IRC Chapter 100 address requirements such as:

  • Prohibiting preexisting condition exclusions
  • Prohibiting discrimination based on health status, including genetic information, and requiring compliance with the wellness incentive rules
  • Guaranteed availability and renewability of coverage
  • Ensuring mental health parity
  • Covering mothers and newborns
  • Prohibiting lifetime or annual limits
  • Prohibiting recission of coverage
  • Offering 100% coverage of preventive health services
  • Providing a Summary of Benefits and Coverage
  • Prohibiting discrimination in favor of highly compensated individuals
  • Ensuring the quality of care
  • Covering dependent students on medically necessary leave of absence

The above list is not exhaustive, but provides a snapshot of the types of legal provisions from which excepted benefits are exempt. PHSA § 2722 and the DOL regulations at 29 CFR Part 2590 identify four categories of excepted benefits:

  1. Benefits that are generally not health coverage (such as automobile, liability, worker’s compensation, and accidental death insurance coverage);
  2. Limited excepted benefits, including limited scope vision or dental, long-term care, nursing home care, home health or community-based care benefits.
  3. Noncoordinated excepted benefits, including coverage for specified diseases or illness (such as cancer-only policies);
  4. Supplemental excepted benefits that are provided under a separate policy, certificate, or contract of insurance.

See 79 Fed. Reg. 39130, 39131 (Oct. 1, 2014).  The Tri-Agencies have decided that EAPs can qualify as excepted benefits under the fourth category identified above, if the following four criteria are met:

  1. The program cannot provide significant benefits in the nature of medical care;
  2. The program cannot be coordinated with group health plan benefits;
  3. No employee premiums or contributions are required to participate in the EAP;
  4. The EAP may not impose any cost-sharing (i.e., copayments).

See 29 CFR § 2590.732(c)(3)(vi).

Examples of benefits that are not significant benefits in the nature of medical care are:

  • Example 1: An EAP with benefits that consist primarily of free or low-cost, confidential short-term counseling (which could address substance abuse, alcoholism, mental health, or emotional disorders, financial or legal difficulties, and dependent care needs) to identify an employee’s problem that may affect job performance and, when appropriate, referrals to an outside organization, facility, or program to assist the employee in resolving the problem; and
  • Example 2: A wellness program that provides a wide-range of education and fitness services (also including sports and recreation activities, stress management, and health screenings) designed to improve the overall health of the employees and prevent illness, where any costs charged to the individual for participating in the services are separate from the individual’s coverage under the health plan.

79 Fed. Reg. at 59133, n. 20.

HIPAA Privacy and Security Rules

In many workplace wellness situations, HIPAA privacy and security rules do not apply. Indeed, the federal Office of Civil Rights (OCR) has provided guidance as to when HIPAA privacy and security rules apply to workplace wellness programs. OCR concludes that compliance with HIPAA privacy and security rules is only required when the workplace wellness program is part of an employer’s group health plan. See If the wellness program is not tied to the group health plan, then the wellness program is not subject to HIPAA privacy and security rules. It is our view that this guidance is simplistic and incomplete as it fails to consider whether the wellness program is itself a group health plan because it provides “medical care.”

Many wellness services can arguably be exempt from the definition of “medical care.” Wellness services provided by unlicensed persons such as health coaches that do not involve diagnosis or treatment of a physical or mental condition but rather “lifestyle” improvements or pure referral services, do not usually fit within the definition of “medical care.” See e.g., IRS Publication 502 (expenses for cosmetics, toiletries, weight-loss programs that are not to treat a specific disease diagnosed by a physician, vitamins, health club dues, and other general well-being activities or items are not tax deductible).

The laws governing health information privacy and security are separate from the laws governing nondiscrimination because of health status, even though both legal concepts fall under “HIPAA.” HIPAA nondiscrimination statutory provisions can be found at 42 USC § 300gg, et seq. HIPAA privacy and security statutory provisions can be found at 42 USC § 1320d, et seq. The HIPAA privacy and security regulations are found at 45 CFR §§ 160, et seq. Because the laws governing health information privacy are located in a separate part of the federal code than HIPAA nondiscrimination and wellness incentive rules, different definitions of who is subject to HIPAA privacy and security rules apply.

HIPAA privacy and security provisions apply to “covered entities,” of which there are three types:  1) health plans; 2) health care providers who conduct standard transactions (e.g., bill insurance by submitting electronic claims); and 3) healthcare clearing houses. See 45 CFR § 160.103 (definition of “covered entity”). If an EAP wellness program does not bill insurance for its services, it is arguably not a HIPAA covered health care provider. It is highly unlikely that the wellness program is a healthcare clearinghouse. That leaves the possibility that the wellness program s subject to HIPAA privacy and security rules if it is a covered health plan.

HIPAA defines “health plan” to include a “group health plan.”  45 CFR § 160.103. A group health plan is an ERISA employee welfare benefit plan, including insured and self-insured plans, to the extent that the plan provides “medical care” as defined under 42 USC § 300-91(a)(2), including items and services paid for as medical care to employees or their dependents, directly or through insurance, reimbursement or otherwise.  45 CFR § 160.103 (definition of “group health plan”). “Medical care” is defined as the diagnosis, cure, mitigation, treatment, or prevention of disease, or amounts paid for the purpose of affecting any structure or function of the body.  42 USC § 300-91(a)(2).

It would be hard to argue that services that qualify as medical benefits under ERISA do not qualify as medical care under the HIPAA group health plan definition.

Excepted benefits are exempt from HIPAA privacy and security rule compliance, but only the first category of excepted benefits listed earlier (i.e., the non-healthcare benefits such as auto, accident, liability, worker’s compensation insurance and coverage for on-site medical clinics[2]). 42 USC § 300gg-91(c). If an EAP wellness program was merely a referral service that did not provide brief counseling by licensed providers, for example, one could argue that such services would not constitute “medical care.” If that were the case, then the EAP wellness program would not fit within the HIPAA definition of “group health plan” and therefore would not be subject to HIPAA privacy and security rules.

Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA)

To the extent that an EAP wellness program collects employee health information, such as through questionnaires or biometric screens, such information is subject to the ADA. If the EAP wellness program also collects such information from employee family members, such as children or spouses, that information is subject to GINA protections.


Asking employees disability-related inquiries, such as medical questions, is prohibited under the ADA unless such inquiries are job-related and consistent with business necessity or are part of a voluntary employee health program available at the worksite.  42 USC § 12112(d)(4).

The first aspect of ADA compliance relates to tying incentives to answering medical questions. To the extent an employer incentivizes employees to use the EAP wellness program, those incentives may not undermine the voluntary requirement of the ADA. That is, the incentives should not coerce employees to disclose sensitive health information to the EAP wellness program.

The second aspect of ADA compliance concerns keeping the health information collected by the EAP wellness program confidential. Under the ADA, the medical information collected from employees must be kept in a separate medical file and treated as a confidential medical record. 29 CFR § 1630.14.

The Equal Employment Opportunity Commission (EEOC), the federal agency that enforces compliance with the ADA, has stated that a program that complies with HIPAA privacy standards will likely be in compliance with ADA health information disclosure standards.  The HIPAA standards include provisions such as not disclosing individually identifiable health information to employer sponsors of the EAP unless those employer sponsors need the information for plan administration purposes and the sponsor has taken the necessary steps under HIPAA to ensure protection of the health information. 81 Fed. Reg. 31126, 31142 (May 17, 2016); 45 CFR § 164.505(f)(1).


GINA Title II relates to employer use of genetic information and like the ADA, is enforced by the EEOC. 42 USC § 2000ff-1. “Genetic information” for wellness program purposes usually means “family medical history” information, which can be questions relating to an employee’s family medical history or medical questions asked of an employee’s family member. 29 CFR § 1635.3(b).

GINA Title II prohibits employers from requesting, requiring, or purchasing genetic information with respect to an employee or an employee’s family member, with certain limited exceptions. Id. One exception applies to voluntary wellness programs. Again, similar to the ADA, if the EAP wellness program has incentives tied to an employee or employee family member’s use of the EAP, the incentive should not be so large that it coerces the employee or family member to disclose medical information to the EAP.

Also, GINA requires programs that collect family medical history information to make sure the individual from whom the program is collecting the information signs a knowing, voluntary and written authorization form. 29 CFR § 1635.9(b)(2)(i)(B). The authorization form must be understandable, describe the genetic information that will be obtained and the purposes for which it will be used, as well as the safeguards in place to assure confidentiality. 29 CFR § 1635.8(b)(2)i)(B)(2)(3).  GINA also requires employers to ensure that individually identifiable genetic information is provided only to the individual (or family member if the family member is receiving genetic services) and the licensed healthcare professional involved in providing such services. The genetic information should not be accessible to managers, supervisors or others who make employment decisions or anyone else in the workplace.  29 CFR 1635.8(b)(2)(i)(C.

Thus, to the extent the EAP wellness program asks employees family medical history questions, or asks medical questions of employee family members as part of its counseling services, the EAP should ensure that answering those questions are perceived as voluntary by the employee or family member. The EAP should also make sure that the employee and/or family member is signing an authorization form that meets the GINA elements before answering those family medical history questions.

What’s Next?

If you offer an EAP wellness program, or any type of wellness program to employers or corporations, you should ensure that you understand what laws apply to your program. Employers often depend on their wellness service providers to guide them in compliance with wellness laws. Our law firm is here to help you navigate the various laws that could impact the success of your program. Our firm has created numerous resources for health and wellness coaches and consultants just like you. We have created a starter kit for launching a health or wellness coaching business, as well as training videos to learn more about the legal basics of starting such a business. We specialize in making sure you feel comfortable with your wellness business from a legal standpoint, so that you can deliver the best services to your clients. Contact us today to help your coaching or consulting business thrive!


[1] ERISA Parts 2 and 3 apply to employer-sponsored retirement plans only, not health-related plans.  See ERISA § 201 and 301.

[2] ERISA rules exempt onsite clinics from the definition of “employee welfare benefit plan” and define onsite or “on-premises facilities” as those that treat minor injuries or illness or rendering first aid in case of accidents occurring during working hours. 29 CFR § 2510.3-1(c)(2).  Thus, as long as an onsite clinic limits its services to first aid treatment of minor illnesses during working hours, then such clinic is not a welfare benefit plan under ERISA and therefore not a group health plan under HIPAA, since HIPAA’s definition of group health plan cross references ERISA’s employee welfare benefit plan definition.