Mental health benefits aren’t just expected, they’re essential. And as the need grows, so does the focus on Mental Health Parity and Addiction Equity Act (MHPAEA) compliance. The Department of Labor (DOL) has made clear that mental health parity enforcement is a top priority, and big changes are arriving for the 2025 plan year.

At Paragon Partners, we’re here to help brokers and employer clients navigate these shifting requirements with clarity, confidence, and compliance. Here’s what you need to know about the latest MHPAEA updates and how to help your clients stay ahead.

DOL Enforcement Is Ramping Up

The DOL isn’t just watching, it’s taking action. Employers and health plans have been receiving insufficiency letters after failing to provide adequate documentation for mental health parity compliance. These letters are more than just a warning; they can trigger follow-up investigations, required corrective action, and even public disclosure.

Key takeaway: Mental health parity enforcement is no longer theoretical. It’s here, and it’s real.

Comparative Analyses: No Longer Optional

Under the Consolidated Appropriations Act (CAA) of 2021, group health plans must be able to provide comparative analyses of non-quantitative treatment limitations (NQTLs), things like prior authorization, step therapy, provider reimbursement, or medical necessity criteria.

These analyses are used to determine whether mental health and substance use disorder (MH/SUD) benefits are being managed in parity with medical/surgical benefits.

For brokers: Help your clients understand that this is a documentation issue, not just a plan design issue. Even if the benefits look good on paper, if the processes behind them aren’t documented and justified, it could still mean noncompliance.

What’s New for 2025: The Final Rule

Starting with plan years beginning on or after January 1, 2025, a new Final Rule brings even more accountability:

• Fiduciary certification will now be required, confirming that a prudent process was used to select qualified service providers who performed and documented the NQTL comparative analyses.
  
• Employers must be prepared to demonstrate active oversight—not just outsource responsibility to a carrier or vendor.
  
• Regulators expect ongoing review and updates to ensure continued parity.
  

Best Practices for Brokers and Employers

This isn’t just a compliance box to check once, it’s a living process. Here’s how brokers can support their clients now:

• Request comparative analyses from carriers and TPAs early in the plan year.
  
• Review plan documents and summary plan descriptions (SPDs) for any red flags in how mental health benefits are administered.
  
• Encourage ongoing audits and updates to ensure continued compliance—especially if any plan changes occur.
  
• Ask carriers and vendors about their NQTL methodology and documentation processes.
  
• Ensure fiduciary roles are clearly defined, especially in self-funded arrangements.
  

How Paragon Partners Supports You

Mental health parity compliance is a moving target, but you don’t have to go it alone. At Paragon, we equip our broker partners with the insights and tools they need to guide clients confidently, including:

• Carrier vetting to ensure they meet current and upcoming MHPAEA standards.
  
• Support for plan design review during quoting and renewals.
  
• Guidance on documentation needs and fiduciary responsibilities.
  
• Education on trends in mental health and employee expectations.
  

We’re your behind-the-scenes partner—staying ahead of regulation so you can stay focused on client service and growth.

Compliance with MHPAEA

As mental health becomes an essential part of every benefits conversation, compliance with MHPAEA must follow suit. The 2025 Final Rule raises the bar, but it also opens the door to better, more thoughtful benefits.

Let’s help your clients meet that bar—and build stronger plans in the process.

Contact your Paragon rep to talk through mental health parity readiness and how we can help simplify the path to compliance.

Paragon Partners Blog | April 2025

Cybersecurity is no longer just an IT issue, it’s a compliance imperative. In January 2025, the Department of Health and Human Services (HHS) proposed significant updates to the HIPAA Security Rule to strengthen protections for electronic protected health information (ePHI). For brokers, employers, and benefit administrators, these changes are a wake-up call to reassess how sensitive health data is handled, shared, and secured.

At Paragon Partners, we’re here to help our broker network and their clients stay ahead of the curve. Let’s walk through what’s changing, what it means for your clients, and how we can support smarter, safer compliance strategies.

What’s Changing in the HIPAA Security Rule?

The HHS’s proposed updates reflect a shift toward modern, proactive cybersecurity practices. While not finalized yet, the proposals signal clear expectations for how organizations should protect ePHI.

Here are the key proposed requirements:

• Mandatory multifactor authentication and encryption protocols for systems accessing ePHI.
  
• Annual technical inventories and detailed security risk assessments.
  
• Stronger oversight of business associates, with mandatory incident reporting protocols.
  
• Formalized incident response plans, plus regular testing of contingency and disaster recovery strategies.
  

Together, these updates aim to improve transparency, reduce vulnerability, and hold all parties handling PHI to a higher standard.

What’s Already in Effect: Privacy Rule Updates

In December 2024, a separate update to the HIPAA Privacy Rule took effect, specifically addressing reproductive health information. Covered entities are now required to:

• Limit disclosures of reproductive health data.
  
• Ensure policies and procedures reflect this sensitive category of PHI.
  
• Provide training and audit trails to demonstrate compliance.
  

For employers offering self-insured plans or brokers managing groups in healthcare-related fields, this is a critical change that requires both attention and documentation.

What This Means for Brokers and Employers

These HIPAA updates may feel far removed from day-to-day benefits conversations—but they’re not.

Many employers, especially those offering self-funded plans or using benefits platforms that store health data, fall under these rules. And brokers are often the first line of communication when it comes to helping those clients understand their compliance responsibilities.

Here’s how you can help your clients stay prepared:

• Review vendor agreements: Are business associate agreements (BAAs) up-to-date and enforceable under the new standards?
  
• Ask about incident response plans: Do benefit admin platforms or TPAs have formalized testing processes?
  
• Evaluate MFA and encryption protocols: Especially for HR systems or platforms that house eligibility and enrollment data.
  
• Support privacy audits: Encourage clients to review disclosures, especially those touching reproductive health or other sensitive categories.
  

How Paragon Partners Supports You

Compliance shouldn’t feel overwhelming. That’s why Paragon is committed to keeping you informed and equipped to respond, not just to what’s happening now, but what’s on the horizon.

Here’s how we help:

• Carrier & vendor vetting: We work with trusted partners who are proactive about cybersecurity and HIPAA compliance.
  
• Field underwriting & group assessments: We help identify potential compliance risks during onboarding.
  
• Education & updates: We share timely, digestible updates so you can keep your clients confident and compliant.

Cybersecurity and data protection are more than regulatory checkboxes, they’re part of the trust your clients place in you. As HIPAA evolves, the brokers and partners who understand the risks and prepare early will stand out as true leaders in the field.

Have questions about how these updates might impact your clients or your business? Reach out to your Paragon rep for insights, support, or a compliance check-in.

Paragon Partners: Supporting broker success with integrity, innovation, and the human connection that makes all the difference.