The Mental Health Parity and Addiction Equity Act (“MHPAEA”) [1] and related state parity laws are some of the most complex and sweeping regulations ever imposed on the health insurance and managed care industry. Although MHPAEA was enacted in 2008 and many states have mental health and substance use disorder (“MH/SUD”) parity laws that are at least that old, federal and state enforcement efforts have ramped up significantly in recent years, especially through the implementation of increasingly granular documentation and reporting requirements.

To date, most regulators have focused oversight efforts on documentation of compliance with non-quantitative treatment limits (“NQTLs”) related to utilization management, provider network management, and pharmacy benefits. On September 15, 2020, the New York State Department of Financial Services (“NYSDFS”) finalized new regulations that build on these substantive compliance reports by setting forth a detailed set of specifications for the design and operation of the insurer’s compliance and oversight program itself. [2] The regulations, which take effect on December 29, 2020, expand on recent draft guidance from the U.S. Department of Labor (“DOL”) to employer-sponsored health plans on the importance of building formal compliance programs. [3] However, the New York regulations are far more detailed and prescriptive than the DOL or any other state guidance to date and apply to all insurers and health maintenance organizations offering coverage of MH/SUD requirements under New York’s insurance laws. [4] The NYSDFS regulations require insurers to establish corporate governance for parity compliance, identify discrepancies in coverage of services, and ensure appropriate identification and remediation of improper practices. All insurers must certify compliance with the new requirements on an annual basis, starting December 31, 2021. This Client Alert summarizes the new regulations, discusses best practices for building parity compliance programs, and discusses likely next steps for regulators in New York State and around the country. 

Key Requirements of the NYSDFS Regulations

Corporate Governance Requirements

The new regulations mandate every insurer to designate an experienced individual (e.g., a Parity Compliance Officer) to be responsible for assessing, monitoring, and managing parity compliance. The designated individual is required to directly report to the insurer’s Chief Executive Officer or other senior manager and to report no less than annually to the insurer’s board of directors, other governing body, or appropriate committee on the compliance program’s activities.

Parity Compliance Program Requirements

Under the new regulations, insurers are required to have written policies and procedures implementing the compliance program. The policies and procedures must describe how the insurer’s parity compliance is assessed, monitored, and managed, including (i) a system for assigning each benefit to the defined benefit classifications as required by MHPAEA; (ii) methodologies for the identification and testing of all financial requirements and quantitative treatment limitations (“QTLs”); and (iii) methodologies for the identification and testing, including a comparative analysis, of all NQTLs that are imposed on MH/SUD benefits.

Insurers are also responsible for establishing a system for the ongoing assessment of parity compliance. This system must ensure that the NQTLs applied to MH/SUD benefits are comparable to and no more stringent than the NQTLs applied to medical or surgical benefits. The regulations specifically codify the following NQTL compliance requirements and operations measures:

  • Review a statistically valid sample of preauthorization, concurrent, and retrospective review denials to ensure determinations are consistent with clinical review criteria approved by the Commissioner of Mental Health or designated by the Commissioner of Addiction Services and Supports;
  • Review the comparability of coverage within each benefit classification, including residential and outpatient rehabilitation services;
  • Review the percentage of services provided by out-of-network providers where no in-network provider was available;
  • Review provider credentialing policies and procedures;
  • Review average length of time to negotiate provider agreements and negotiated reimbursement rates with network providers and methods for the determination of usual, customary, and reasonable charges;
  • Review policies for the automatic or systemic lowering, non-payment, or application of a particular coding for claims or benefits;
  • Review all MH/SUD medications subject to NQTLs, including step-therapy protocols or other preauthorization requirements;
  • Review any fail-first requirements; and
  • Review any restrictions based on geographic location, facility type, provider specialty, or other criteria applicable to MH/SUD.

As part of the parity compliance program, insurers must have a process for the actuarial certification of data used for and the outcome of the analyses of the financial requirements and QTLs to ensure they are no more restrictive for MH/SUD benefits than for medical and surgical benefits.

All parity compliance programs must also include orientation and training at least annually on federal and state MH/SUD parity requirements for all employees, directors, or other governing body members, agents, and other representatives engaged in functions subject to federal or state mental health and substance use parity requirements. Insurers are also required to have an anonymous and confidential method for reporting parity compliance issues and a policy of non-intimidation and non-retaliation for good faith participation in the compliance program.

Identifying and Remediating “Improper” Practices

The NYSDFS regulations identify a series of specific practices that are defined to be “improper” under MHPAEA:

  • Implementing utilization review policies that rely on standards to determine the level of documentation required for utilization review of MH/SUD, including the submission of medical records, treatment plans, or evidence of patient involvement or motivation in care or patient response to treatment, that are not comparable to or applied more stringently than the standards used for medical or surgical conditions;
  • Requiring preauthorization, concurrent, or retrospective utilization review for a higher percentage of MH/SUD benefits in the absence of defined clinical or quality triggers, as compared to medical or surgical benefits;
  • Implementing a methodology for developing and applying provider reimbursement rates that is not comparable to or is applied more stringently for MH/SUD than for medical or surgical benefits; and
  • Implementing claim edits or system configurations that provide for higher rates of approval through auto-adjudication for claims for inpatient medical or surgical benefits than for inpatient MH/SUD benefits.

Insurers will be required to monitor for, and detect, improper practices as well as remediate or develop a remediation plan for any improper practice identified no later than 60 days after discovery of the improper practice. An insurer will also be required to provide written notification to affected insureds and the Superintendent of Financial Services, and to conspicuously post on the insurer’s website any identified improper practices, including a description of the insurer’s plan to remediate the improper practice. Furthermore, the new regulations also place responsibility on insurers to coordinate compliance monitoring activities with any agents or representatives providing benefit management services or who are performing utilization review activities for the insurer. This includes delegated vendors and MH/SUD carve-out partners as well as health-system partners with delegation agreements. 

What Insurers Need to Know

The new parity regulations for New York do not add new substantive compliance requirements with regard to benefit design and service delivery or change the underlying substantive compliance analysis. Nonetheless, these regulations are far more demanding than the federal requirements under MHPAEA with regard to compliance oversight and documentation. While MHPAEA requires insurers to conduct a parity analysis and provide MH/SUD benefits comparable to and no more stringently than medical or surgical benefits, the federal law does not dictate a corporate governance structure, require a formal compliance program, or specify the specific analyses and operations measures that must be used to determine compliance. Similarly, few states currently impose compliance or reporting obligations on the insurer’s compliance oversight program itself.[5] However, under the leadership of the DOL and behavioral health consumer advocates, we anticipate that more states may consider gathering comparable information on insurer compliance programs through regulation, market conduct exams, or existing reporting processes.

Insurers in New York should begin to implement parity compliance programs to meet the new regulatory requirements by the end of 2021. In particular, insurers should update or supplement existing policies and procedures and compliance documentation to implement the specific requirements set forth in these new regulations. Specific attention should be paid to the new quantitative operations measures, including both data collection processes and the integration of these data points into existing compliance analyses. Technical specifications for operations measures and other clarifying guidance may be needed for many of these reporting requirements, and plans may wish to begin compiling questions and suggested approaches to resolving ambiguities in the regulations. The new regulations do not create dedicated penalties for noncompliance, and enforcement is anticipated to focus on corrective action plans in alignment with existing parity oversight by the NYSDFS.

Health plans and insurers in other states should consider incorporating key aspects of the NYSDFS requirements into their existing parity compliance programs. While other regulators may not currently impose the precise specifications set forth in the NYSDFS regulations for their own compliance reporting processes, the NYSDFS structure may represent a trend that will be followed by a wide range of jurisdictions. Moreover, work to begin implementing these requirements now may provide a useful foundation if additional regulators adopt the same or similar requirements.

* * *

This Client Alert was authored by Kevin J. Malone, David Shillcutt, and Ashley A. Creech. For additional information about the issues discussed in this Client Alert, or if you need end-to-end support to build parity compliance programs and to lower risk, reduce product development and compliance costs, and improve overall care management effectiveness, please contact one of the authors or the Epstein Becker Green attorney who regularly handles your legal matters.


[1] 78 Fed. Reg. 68240, (Nov. 13, 2013).

[2] N.Y. Comp. Codes R. & Regs. tit. 11, § 230 et seq.

[3] Dep’t of Labor, Proposed Updates to 2020 MHPAEA Self-Compliance Tool,

[4] N.Y. Ins. Law §§ 3216, 3221, and 4303.

[5] Oregon is one other state that currently has specific regulatory requirements for the parity compliance program itself (see OAR 836-053-1405(4)).

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.