If your company offers a group health plan, you are almost certainly a plan fiduciary. In 2026, that responsibility comes with more scrutiny, more documentation expectations, and more personal liability than most employers realize.
For decades, the word "fiduciary" lived almost exclusively in the world of retirement plans. The Employee Retirement Income Security Act (ERISA) of 1974 set that standard. People running 401(k) plans knew the drill: act in the best interest of participants, choose vendors prudently, and document everything. Health and welfare plans operated quietly in the background.
That changed with the Consolidated Appropriations Act (CAA), passed in 2021. The CAA pulled the same fiduciary duties that have governed retirement plans into the world of health benefits. None of those duties is brand new. What is new is the level of scrutiny the federal government and plaintiffs' attorneys are bringing to them.
A plan fiduciary is anyone with direct oversight of how a benefits plan operates and pays out. That includes people named as fiduciaries in the plan document. It also includes anyone with real decision-making authority over the plan, even if no one ever handed them a title. If you are a Human Resources leader, a Chief Financial Officer (CFO), a controller, or a business owner making calls about which broker to hire, which Third-Party Administrator (TPA) processes claims, or which Pharmacy Benefit Manager (PBM) handles prescriptions, you are acting as a fiduciary. And you can be personally named in a lawsuit.
The Johnson & Johnson case made that risk concrete. A plan participant sued the company's fiduciaries for failing to scrutinize pharmacy costs, arguing that lax oversight inflated employee premiums. The case was dismissed, but it cracked open a new path for plaintiffs' attorneys to challenge plan oversight. The pressure is moving down market. This is no longer just a Fortune 100 problem.
Most of what fiduciary duty requires comes down to four ongoing practices.
Review vendor contracts and broker compensation. Under the CAA, brokers and consultants must disclose their compensation to plan sponsors, and the burden is on the employer to request and review those disclosures. Reasonable fees are not necessarily the cheapest. They are fees you can defend with documented value.
Access your claims and pricing data. For self-funded plans especially, you should be able to see your claims costs, network discounts, utilization, and pharmacy rebates. The Health Insurance Portability and Accountability Act (HIPAA) is sometimes used as a reason to refuse that access. It is not a valid one. You are managing the covered entity. You can see your data.
Formalize fiduciary governance. You do not have to charter a formal committee tomorrow, but you do need to demonstrate governance: meeting minutes, vendor decisions, Request for Proposal comparisons, and the rationale behind each significant choice. If a Department of Labor investigator or a plaintiff's attorney shows up, that paper trail is your defense.
Stay current on day-to-day deliverables. The Prescription Drug Data Collection (RxDC) report is due June 1 each year. Gag clause attestations are due by December 31. Affordable Care Act (ACA) reporting still applies. The mental health parity Non-Quantitative Treatment Limitation analysis is getting more regulator attention every year.
Documentation is the through-line. Compliant fiduciaries document everything: who attended which meeting, what was discussed, why a particular vendor was selected. The point is not legal performance, it is to show the intent to comply. A decision that looks imperfect in hindsight is still defensible when the process behind it was prudent and documented.
If you carry a fully insured plan, the temptation is to assume fiduciary duty does not apply. It does. The data you can access is more limited, but the duty to review fees, document decisions, and follow the plan as written still applies. ERISA covers nearly every private-sector and nonprofit employer regardless of size or funding strategy. The only carve-outs are governmental plans, true church plans, and tribal plans.
If this is the first you are hearing of any of it, do not panic. Take baby steps. Start a conversation with your CFO or controller. Pull your plan document and reread it. Ask your broker for a compensation disclosure. Schedule a fiduciary governance review for the next quarter and document what you discuss. This is not a one-day project. It is a discipline you build over time.
If you are not sure where your plan stands, that is exactly the conversation we love to have.
Want to learn more about fiduciary duty? Check out the Generous Benefits Podcast episode where Amanda Brummitt and Sarah Borders break it down: https://generousbenefits.podbean.com/e/fiduciary-duty-unpacked-what-employers-must-know-under-the-caa/