Because the telehealth relief has not been extended, HDHPs that have not imposed a deductible on telehealth services will need to start doing so for the plan year beginning on or after Jan. 1, 2025. This means that employees will be required to pay the cost of telemedicine services, other than preventive care, until the HDHP deductible is satisfied. Once their HDHP deductibles have been satisfied, employees can have access to free or low-cost medical benefits without jeopardizing their HSA eligibility. Any changes to telemedicine coverage should be communicated to plan participants through an updated SPD or a summary of material modifications. Employers should also keep cybersecurity in mind when selecting service providers for their health plans, including those that provide or facilitate telemedicine platforms. Recently, the U.S. Department of Labor (DOL) updated its cybersecurity guidance to ensure that all plans governed by ERISA, including health plans, follow best practices for protecting sensitive information. Most private-sector employers are subject to ERISA’s fiduciary rules when it comes to administrating their employee benefit plans. ERISA’s fiduciary rules require employers to prudently select and monitor plan service providers, such as third-party administrators. Because employers rely on health plan service providers to keep participant data confidential and secure, they should only select service providers that follow strong cybersecurity practices. Employers should review the DOL’s tips for hiring a service provider with strong cybersecurity practices and incorporate these best practices into their review of potential service providers. 12