Missed the RxDC Carrier Deadline?

More employers than ever are finding themselves unexpectedly responsible for submitting part of their annual Prescription Drug Data Collection (RxDC) reporting to CMS. In earlier years, insurers and TPAs heavily publicized their data requests, but that emphasis has faded. At the same time, many carriers and TPAs moved their internal deadlines forward this year, leaving employers with less time to respond. As a result of these two factors, a growing number of employers have missed their vendor’s cutoff and now find themselves needing to complete portions of the RxDC filing on their own.

Applies To: All sized employers sponsoring prescription drug coverage who missed their insurer’s or TPA’s internal RxDC data-request deadline. RxDC reporting does not apply to health FSAs, HRAs, ICHRAs, excepted benefits such as standalone dental or vision, fixed indemnity insurance, and retiree-only plans.

Go Deeper:

Group health plans and insurers are required to report certain medical and prescription drug spending data to CMS on an annual basis. The reporting is submitted via CMS’s Health Insurance Oversight System (HOIS) portal via a series of Data Files (numbered D1 through D8) with an accompanying Plan List file (known as the P2 file).

While insurers and TPAs have access to the bulk of the information needed, they do not track the average monthly employee and employer contributions required on the “D1” Data File. If the employer or other plan sponsor does not provide this missing information to the insurer or TPA by its internal deadline (many of which were much earlier this year than in prior years and may have already passed), they will file only the information they do have. It then becomes necessary for the employer to self-submit their own D1 and P2 files to CMS by the final June 1 deadline.

Because it can take two or more weeks to obtain system access to the HIOS portal necessary to self-report the missing D1 and P2 files, employers who missed their cutoff are strongly urged to begin the HIOS registration process now.

Part of the set-up process includes a series of steps to prove the submitter’s identity, requiring them to provide personal information, such as their social security number, as well as an authorization for a soft credit check with Experian. Because these steps take time, employers who wait until the last week or two of May may miss the 2025 RxDC Reporting deadline of June 1, 2026.

The good news is that, to assist those who must self-report, we can provide an RxDC Submission to HIOS walkthrough which outlines the five-step process that must be followed. We are also available for technical questions as needed.

Penalties for Non-Compliance:

Failure to comply with RxDC requirements may result in:

• Penalties and Enforcement Actions: Federal agencies can impose penalties under ERISA, the Internal Revenue Code, and the Public Health Service Act.
• Increased Scrutiny: Non-compliance could invite audits or investigations.
• Plan Sponsor Liability: Employers may face financial and reputational harm if they fail to ensure accurate and timely submissions.

Practical Impact to Employers:

Employers of all sizes are recommended to follow these steps to ensure full compliance:

• Verify Reporting Responsibility: Determine whether the carrier, TPA or PBM will handle reporting. Ensure agreements are in place to confirm accountability.
• Gather the Necessary Data: Work with vendors and other stakeholders to collect the required plan, cost and utilization data.
• Monitor Deadlines: Track annual submission deadlines, including carrier or TPA deadlines and confirm reporting has been completed.
• Self-Submit any Missing D1 and P2 Files (if needed): When necessary (such as when the carrier or TPA cutoff has passed), employers should verify what data was submitted and what data remains for the employer to submit, then consult CMS’s RxDC webpage for the current FAQs, instructions, templates and weblinks. If only the employer and employee contribution splits need to be reported, we can provide a simplified walkthrough on request.
• Document Compliance: Maintain records of data submissions, agreements with service providers and communications related to compliance efforts.