Brown & Brown Blog | Insurance and Risk Insights

Changing from Fully Insured Medical Plan to Self-Insured Medical Plan

Written by Regulatory & Legislative Strategy Group | Apr 23, 2026 1:30:00 PM

As healthcare costs continue to rise, many employers are exploring strategies to manage expenses while maintaining benefits that remain both affordable and competitive for employees. For some organizations, transitioning from a fully insured medical plan to a self-insured plan can be an effective approach to gaining greater cost control and plan design flexibility.

Changing funding models, however, is a significant organizational decision with wide‑ranging implications. While a move to self‑funding can create opportunities and cost savings, employer plan sponsors should clearly understand the compliance obligations associated with this funding structure.

This document provides a high‑level overview of the key compliance considerations for transitioning from a fully insured to a self-insured medical plan.

Note: This overview focuses solely on compliancerelated considerations. It does not address broader strategic or financial considerations, such as rate-setting (including COBRA continuation rates), claims volatility, or budgeting. In addition, it does not cover requirements unique to self-insured dental or vision plans, as not all considerations discussed herein apply to those plans. 

Background

Fully Insured Plans

A fully insured group medical plan is a type of health insurance plan where the employer contracts with a health insurance company to provide medical and pharmacy benefits to employees and their covered dependents. In this plan, the insurance company assumes the risk of paying the medical and pharmacy claims costs of the plan’s participants in exchange for receiving fixed premium payments. The insurer is responsible for paying all covered medical and pharmacy claims in accordance with the policy terms and conditions.

Self-Insured Plans

Unlike a fully insured group medical plan, in a self-insured plan, an employer assumes the financial risk associated with providing medical and pharmacy benefits to its employees. Rather than paying a fixed premium to an insurer, the employer pays the actual cost of employees and covered dependents’ medical and pharmacy claims as they are incurred.

Under this structure, the employer typically contracts with a third‑party administrator (TPA), and often a pharmacy benefit manager (PBM, to handle the day‑to‑day functions of the plan, such as claims processing, customer service, network access, and reporting. While the employer retains financial responsibility for claims payments, many self-insured plan sponsors purchase stop‑loss insurance to protect against unexpectedly high individual claims or overall plan costs.

Level-Funded Plans

Another popular funding plan is a level-funded plan. A level-funded plan is a hybrid between a fully insured plan and a self-insured plan - combining some of the financial benefits of a self-insured plan, while still sharing some financial risk with the insurance carrier. For compliance obligation purposes, a level-funded plan is generally treated as a self-insured plan, and the self-insured plan compliance requirements outlined below apply unless otherwise noted.

Switching from a Fully Insured Medical Plan to a Self-Insured Medical Plan

Introduction to Compliance Matters of Self-Insured Plans

Self‑funding can offer employers greater transparency, flexibility in plan design, and potential cost savings over time. However, it also shifts certain compliance, fiduciary, and administrative responsibilities to the employer.

The table below outlines various compliance items employers should be aware of as they relate to self‑insured medical plans, detailing the notable differences for each item as a plan moves between funding structures.

The section ERISA Requirements focuses specifically on plans subject to ERISA (i.e. private plans that are not church or governmental plans), but the remaining tables below that table address separate topics (e.g., ACA, HIPAA, Transparency in Coverage rules) that apply both to ERISA and non-ERISA group health/medical plans.

Please note the following compliance items, which will typically apply to the self-insured medical plan and/or plan sponsor that typically would not have applied to a fully insured plan:

  • PCORI (Patient-Centered Outcomes Research Institute) fee reporting and payment

  • Internal Revenue Code (IRC) Section 105(h) Non-discrimination rules

  • Exemption from certain state insurance mandates if the plan is subject to ERISA

  • Covered Individuals Reporting in ACA Form 1095-C, Part III

  • More robust HIPAA (Health Insurance Portability and Accountability Act) Privacy and Security requirements

ERISA Requirements

Compliance Item

Requirement

Fully Insured

Self-insured

Fiduciary Duties

Plan Fiduciaries1 are responsible for acting for the exclusive benefit of the plan participants. Applies to plan administration decisions, as well as managing, or controlling a plan’s

assets

Regardless of funding method (i.e., self-funded or fully insured) an ERISA plan sponsor has a fiduciary duty to the plan participants. For fully insured plans, more of the fiduciary duties may fall onto the carrier rather than the plan sponsor.

 

Although the fully insured carrier bears more of the fiduciary duty in a fully insured plan, this doesn’t absolve the plan sponsor (as the fiduciary) of the overarching fiduciary duties and obligations involving plan governance/oversight (e.g., selecting and monitoring the insurance carrier, managing plan assets, ensuring ERISA compliance, in accordance with the Plan Document and Form 5500 filings, as applicable)

 

Regardless of funding method (i.e., self-funded or fully insured) an ERISA plan sponsor has a fiduciary duty to the plan participants. However, for fully insured plans, more of the fiduciary duties may fall onto the carrier rather than the plan sponsor.

 

These fiduciary duties involve plan governance/oversight (e.g., selecting and monitoring the insurance carrier,

managing plan assets, ensuring ERISA compliance, in accordance with the Plan Document, and Form 5500 filings, as applicable)

 

Claims and Appeals

Must comply with the U.S. Department of Labor (DOL) standards for timing and content

Insurance carrier typically administers claims and appeals and adheres to any DOL and/or applicable state-specific standards.

Plans must follow defined procedures. Claims and appeal services can be outsourced to the TPA (often for an additional fee), however, the plan administrator (i.e. employer) may still have fiduciary responsibilities as it relates to the final level of claims appeal.

 

The plan should confirm during plan implementation and confirm overall compliance with any DOL and/or ERISA standards.

Form 5500

Plan administrators are required to file a Form 5500 if they had 100 or more plan participants enrolled in the group heath plan on the first day of the plan year, or if the plan is a “funded” plan (e.g., plan assets are segregated into a separate account in the name of the health plan)

Schedule A is produced by fully insured plan’s carrier and must be included in Form 5500 filing.

Schedule C may be produced by the self-insured plan’s TPA. If not, the plan administrator will need information from their service providers to complete the Schedule C.

If the plan pays benefits from the general assets of the employer, Schedule C does not need to be included in the Form 5500 filing.

 

If benefits are paid through a trust, or if the plan is funded, the Schedule C must be included.

State Group Health Plan Mandates

Plan coverage or eligibility requirements set forth under state insurance laws.

Fully insured plans are required to comply with all state mandates.

 

State mandates are typically based on the state where the plan is written out of, but can also be extra-territorial, meaning could apply to a non-sitused state if it covers employees within that state.

Self-insured ERISA plans are exempt from state insurance laws.

 

Note: Certain state mandates might apply to self-insured non-ERISA plans (e.g., church plans or governmental plans).

 

Affordable Care Act (ACA) Requirements

Compliance Item

Requirement

Fully Insured

Self-insured

Applicable Large Employer (ALE) Reporting

 

Note: An ALE is an employer that averaged 50 or more full-time /full-time equivalent employees s in the previous calendar year.

ALEs must report information related to offers of coverage to full-time employees (defined as employees who average 30 or more hours of service per week) via Forms 1094-C and 1095-C. Self-insured employers must also report individuals covered under the plan.

ALEs that are fully insured must utilize Forms 1095-C/1094-C to report information on whether they offer medical coverage to full-time employees, however, they do not need to complete Part III (covered individuals) of Form 1095-C. This information is provided by the fully insured carrier on the carrier’s Form 1095-B.

Self-insured employers, regardless of whether they are or are not an ALE, must report individuals who are covered under the self-insured medical plan. If the employer is an ALE, they may report the information related to covered individuals in Part III of Form 1095-C. If the employer is not an ALE, then typically most employers choose to report the covered individuals’ information on Form 1095-B.

Essential Health Benefits (EHBs)

A core set of at least 10 general categories of items and services, for which a group health plan may not impose lifetime or annual dollar maximums.

 

Only non-grandfathered, fully insured, small group plans (typically 1-50 employees)2 are required to cover all EHBs. If a large group plan (including a fully insured large group plan) offers a plan that covers an ACA essential health benefit, that specific benefit cannot be subject to a lifetime or annual dollar maximum.

Self-insured plans (regardless of whether they are small group or large group) are not required to provide any EHBs. However, if a self-insured plan does cover an EHB, it cannot impose a lifetime or annual dollar maximum on the EHB(s). In order to identify whether a benefit is an EHB for this purpose, the self-insured plan must select a state benchmark plan.

 

Most self-insured plan sponsors/employers choose to cover EHBs within their medical plan for purposes of workforce recruitment and retention.

 

PCORI Fee Payment & Filing of Form 720

The PCORI fee rules require carriers and self-insured group health plan sponsors to file Form 720 and pay an annual PCORI Fee to the IRS. The payment is calculated based upon the average number of covered lives, multiplied by the annually indexed PCORI fee amount.

Plan sponsors of fully insured group medical plans are not subject to paying the PCORI fee (and need not file Form 720), as the requirement applies to the insurance carrier. The carrier is responsible for paying this fee directly to the IRS on behalf of the group health plan. The fee itself is standardly built into the fully insured premiums.

 

Note: If an employer sponsors a Health Reimbursement Plan (HRA) (which is considered a self-insured plan) in conjunction with the fully insured medical plan, the employer plan sponsor is responsible for filing and paying the PCORI fee for the HRA. HRAs are subject to different member averaging rules.

 

Employers that sponsor a self-insured medical plan are responsible for calculating and paying the PCORI fee via IRS Form 720. Special rules apply to self-insured plan sponsors that offer an HRA.

 

Summary of Benefits and Coverage (SBC)

A standardized explanation of a health plan’s benefits contained in a document that must be distributed to eligible/enrolled participants prior to initial enrollment, with open enrollment, within 90 days of special enrollment, and upon request (within seven business days of request).

 

Additionally, if a material change to the health plan is made mid-plan year that impacts the content(s) of the SBC, the plan must provide an updated SBC to plan participants at least 60 days prior to the effective date of the change,

Both the carrier and the plan administrator (employer) have the statutory obligation to distribute the SBC. If the carrier delivers the SBC to plan participants in a timely manner, this satisfies the plan administrator’s obligation.

 

Additionally, if the medical plan is fully insured, a description of the prescription drug benefits is included in the carrier’s SBC as there is no separate prescription drug benefit outside of the medical plan.

 

 

The plan administrator of a self-insured plan has the sole responsibility to distribute an accurate SBC to plan participants.

 

Additionally, if prescription drug benefits are managed by a separate third party (e.g., PBM), the plan administrator will be responsible for adding prescription drug benefits into the medical SBC or providing a separate SBC for the prescription drug benefits.

 

Note: A mid-year funding change likely coincides with other plan design/coverage changes that would be reflected in an SBC (e.g. carrier/TPA change, increase in copays, deductibles). In these instances, the plan administrator (employer) will need to provide an updated SBC reflecting those changes at least 60 days prior to the effective date of the change.

HIPAA Requirements

Compliance Item

Requirement

Fully Insured

Self-insured3

Privacy & Security Rules

Safeguard Protected Health Information (PHI), as defined under HIPAA

May apply to fully insured plans unless the group health plan has a “hands off” policy with PHI. Note:

The rules apply to the fully insured carrier regardless of whether the plan is hands-on or hands-off.

 

Generally, fully insured plans are considered “hands off” under HIPAA rules when the plan does not have access to PHI other than enrollment and summary health information.

 

Note: Many group health plans may have self-insured components (e.g., health FSA) and therefore may be subject to the HIPAA Privacy and Security Rules, even if the medical/dental/vision coverage are fully insured plans.

Group health plans should create written Policies and Procedures, provide Notice of Privacy Practices, and enter business associate agreements (BAAs) with their business associates4, who must also implement administrative, physical, and technical safeguards as it relates to the group health plans PHI.

Roles & Designation

Appoint Privacy & Security Officers

May apply to fully insured plans unless “hands off” and there is no self-insured benefit (e.g., health FSA) under the group health plan

Responsible for HIPAA oversight and incident/breach response

Third Party Agreements

Business Associate Agreements (BAA) are required for all third-party service providers with access to PHI.

May apply to fully insured plans unless “hands off” and there is no self-insured benefit (e.g., health FSA) under the group health plan

Applies to, among others, TPAs, brokers/consultants, and technology partners handling PHI

Policies, Procedures and Training

Maintain written policies and procedures, and train workforce staff members who have access to PHI

May apply to fully insured plans unless “hands off” and there is no self-insured benefit (e.g., health FSA) under the group health plan

Group health plans must comply, document and review regularly.

 

ACA Transparency In Coverage (TiC) Rules & Consolidated Appropriations Act, 2021 (CAA)

Compliance Item

Requirement

Fully Insured

Self-insured

Machine Readable Files (MRFs)

Disclosure of in-network provider rates, out-of-network allowed amounts and negotiated rates and historical net prices for prescription drugs via three separate files.5

Must be posted to a public website of the group medical plan.6

Requirement is handled by the fully insured medical plan carrier, so long as there is a written agreement for the carrier to handle this obligation on behalf of the group health plan.

 

Plan sponsors should receive written confirmation from their carriers that they will post and update the MRFs in accordance with the regulations.

Self-insured group medical plans are required to post MRFs to a publicly available site of the group health plan (if applicable) and must update the MRFs on a regular basis.

 

This requirement can be met by the TPA if it hosts this information on behalf of the group health plan pursuant to a written agreement with the plan sponsor.

Gag Clause Prohibition and Compliance Attestation (GCPCA)

Contracts between medical plans and providers, a network of providers, or an entity offering access to a network of providers (e.g., a TPA) are prohibited from including gag clauses.

 

Gag clauses, for these purposes, are contractual terms that directly or indirectly restrict specific data and information a plan can make available to another party.

 

Plan sponsor is responsible for annual attestation to CMS7 due by December 31.

Insurance carriers will typically submit the annual attestation on behalf of the fully insured plan, so long as there is a written agreement for the carrier to handle this obligation on behalf of the group health plan.

 

Plan sponsors should receive written confirmation from their carriers that they will submit the annual attestation on the plan’s behalf by the deadline.

Self-insured plans are directly responsible for this requirement but may contract with their TPAs, pharmacy benefit managers (PBMs), and/or managed behavioral health organizations to submit the annual attestation on their behalf via a written agreement.

 

The plan sponsor may be required to file the GCPCA directly with CMS. The plan sponsor should collect and retain sub-attestations from their TPA, PBM, and any other vendor who maintains provider contracts within the medical plan.

RxDC Reporting

Employer plan sponsors are required to submit detailed prescription drug pricing and healthcare spending data to CMS annually by June 1st for prior calendar year.

Insurance carriers generally report on the employer plan sponsor’s behalf and/or support production of reporting which is permissible so long as there is a written agreement for the carrier to handle this obligation on behalf of the group health plan.

 

Fully insured plans might need to submit certain plan-related information to their carriers in advance of the annual June 1st deadline.

TPAs/PBMs may report on employer plan sponsor’s behalf and/or support production/submission of reporting. This is permissible so long as there is a written agreement for the TPA/PBM to handle this obligation on behalf of the group health plan.

 

 

Employer plan sponsors may need to submit certain plan-related information to their TPAs/PBMs in advance of the annual June 1st deadline.

 

In addition, even if a TPA/PBM submits reporting on behalf of the employer plan sponsor, an employer plan sponsor may still need to submit one or more files directly to CMS, especially if stop loss coverage is carved out.

Mental Health Parity and Addiction Equity Act (MHPAEA) NQTL Comparative Analysis

MHPAEA prevents group health plans that provide mental health/substance abuse disorder (MH/SUD) benefits from imposing limits on those benefits that are more stringent than limits imposed on substantially all of the medical/surgical (M/S benefits).

 

This generally means that any of the following requirements imposed on a plan’s MH/SUD benefits cannot be more restrictive than those applied to the plan’s M/S benefits:

 

  • Financial requirements: deductibles, co-payments, coinsurance, and out-of-pocket maximums
  • Quantitative treatment limitations (QTLs): number of treatments, visits, or days of coverage
  • Non-quantitative treatment limitations (NQTLs)8: prior authorization requirements, step therapy, provider network standards (including reimbursement rates methodologies).

 

The CAA amended MHPAEA to expressly require covered plans to conduct and document a comparative analysis of the design and application of NQTLs.

 

Fully insured plans may generally rely on their medical insurance carrier(s) to conduct and document the NQTL comparative analysis based on their standards.

Self-insured plans should generally work with their plan TPA(s)/PBM(s) to conduct and document their NQTL comparative analysis.

 

Note: TPAs and PBMs vary in terms of level of support provided for a plan’s NQTL comparative analysis. Plan sponsors may need to engage an independent third-party vendor to conduct and document their NQTL comparative analysis if the plan’s TPA/PBM cannot support this compliance requirement.

Other TiC & CAA Requirements

Includes requirements such as ID card information, surprise billing notice, internet-based cost tool, in-network provider directories and continuity of care provisions.

These requirements are typically administered by the carrier. Employer plan sponsors should confirm in writing that the carrier is assisting with these compliance obligations.

These requirements are typically administered by the TPA. Employer plan sponsors should confirm in writing that the TPA is assisting with these compliance obligations.

 

Tax-Related Requirements

Compliance Item

Requirement

Fully Insured

Self-insured

IRC Section 105(h)

Under IRC Section 105(h), if an employer’s self-insured medical plan9 provides tax-free health benefits to employees, the plan cannot discriminate in favor of highly compensated individuals (HCIs) with respect to either eligibility, contributions, or benefits.

 

 

Does not apply.10

Self-insured plans should conduct annual testing following the close of the plan year.

If a self-insured plan discriminates in favor of HCIs, HCIs will be taxed on excess reimbursements that would have otherwise been excluded from their income.

The excess reimbursements should be included in the HCIs’ gross income and reported on their Forms W-2.

Self-insured plans are advised to maintain proof of annual testing and results in case of an IRS audit.

 

Additionally, employers should consider testing the plan for nondiscrimination issues mid-plan year, as it enables the employer to make adjustments prior to the close of the plan year. However, this mid-year testing does not replace the nondiscrimination testing that is required of the plan after the close of the plan year.

Recommended Compliance Practices for Employers Transitioning from a Fully Insured to Self-insured Medical Plan

Employer plan sponsors transitioning from a fully insured to a self-insured medical plan are encouraged to take the practical steps outlined below to help facilitate their self-insured plan’s compliance with federal laws and regulations:

  • Conduct periodic audits of plan documents and plan practices/processes for ongoing and consistent compliance efforts in accordance with ERISA (if applicable), ACA, HIPAA, and other relevant regulations.

    • This includes reviewing plan documents, SPDs, SBCs, and benefit notices for accuracy and timeliness

      • Note: the party producing these documents can vary based on funding method and or carrier/vendor

  • Conduct regular training sessions for human resources/benefits team members and the employees of the employer who perform plan administrator functions when the employer is the ERISA plan administrator, to ensure that the plan is adhering to compliance obligations and any applicable changes in the law

    • This can help prevent common compliance traps, such as mishandling participant data/PHI or missing filing deadlines

  • Establish clear and consistent communication with plan participants

    • This includes providing timely updates on changes to plan benefits, rights, and responsibilities, and distributing all required documents and notices

  • Consult with your Brown & Brown benefits consulting team, as well as legal and tax advisers, as necessary, to navigate complex and nuanced compliance concerns specific to self-insured group medical plans
View full post