Compliance
Deadline for Submitting Gag Clause Attestation Is December 31, 2023
October 23, 2023
Effective December 27, 2020, the Consolidated Appropriations Act, 2021 (CAA) prohibits health plans and health insurance issuers from entering into contracts with health care providers, third-party administrators (TPAs) or other service providers that contain gag clauses (i.e., clauses restricting the plan or issuer from providing, accessing or sharing certain information about provider price and quality and de-identified claims).
Plans and issuers must annually submit an attestation of compliance with the CAA’s gag clause prohibition to the Departments of Labor, Health and Human Services and the Treasury (Departments). The first gag clause attestation is due by December 31, 2023, covering the period beginning December 27, 2020, through the date of attestation. Subsequent attestations, covering the period since the last attestation, are due by December 31 of each following year.
Action Steps
Employers should review their contracts with issuers, TPAs or other health plan service providers to confirm they do not contain prohibited gag clauses. Also, employers should review what action they may need to take to comply with the gag clause attestation requirement.
- If the issuer for a fully insured health plan provides the attestation on behalf of the plan, an employer does not also need to provide an attestation for the plan.
- Self-insured employers can enter into written agreements with their TPAs to provide the attestation, but the legal responsibility remains with the health plan. While some TPAs are willing to submit attestations on behalf of their self-insured groups, other TPAs have indicated they are unwilling to do so.
Employers who need to submit their own attestations should review the instructions and user manual for submitting attestations electronically through the Centers for Medicare & Medicaid Services (CMS).
Prohibition on Gag Clauses
A gag clause is a contractual term that directly or indirectly restricts specific data and information that a health plan or issuer can make available to another party. Effective December 27, 2020, the CAA generally prohibits group health plans and issuers offering group health insurance from entering into agreements with health care providers, TPAs or other service providers that include certain gag clause language. Specifically, these contracts cannot restrict a plan or issuer from:
- Providing provider-specific cost or quality-of-care information or data to referring providers, the plan sponsor, participants, beneficiaries or enrollees (or individuals eligible to become participants, beneficiaries or enrollees of the plan or coverage);
- Electronically accessing de-identified claims and encounter information or data for each participant, beneficiary or enrollee upon request and consistent with privacy rules under the Health Insurance Portability and Accountability Act (HIPAA), the Genetic Information Nondiscrimination Act (GINA) and the Americans with Disabilities Act (ADA); and
- Sharing information or data described in (1) and (2) above or directing such information to be shared with a business associate, consistent with applicable privacy rules.
For example, if a contract between a TPA and a health plan provides that the plan sponsor’s access to provider-specific cost and quality-of-care information is only at the discretion of the TPA, that contractual provision would be considered a prohibited gag clause.
Plans and issuers must ensure their agreements with health care providers, networks or associations of providers, TPAs or other service providers offering access to a network of providers do not contain provisions that violate the CAA’s prohibition of gag clauses.
Gag Clause Compliance Attestations
Health plans and issuers must annually submit an attestation of their compliance with the CAA’s prohibition of gag clauses to the Departments. The first attestation must be submitted no later than December 31, 2023, covering the period beginning December 27, 2020, through the date of the attestation. Subsequent attestations are due by December 31 of each following year, covering the period since the last attestation.
According to the Departments’ FAQs, health plans and issuers that do not submit their attestations by the deadline may be subject to enforcement action.
Covered Health Plans
The attestation requirement applies to fully insured and self-insured group health plans, including ERISA plans, nonfederal governmental plans and church plans. Additionally, this requirement applies regardless of whether a plan is considered “grandfathered” under the ACA. However, plans that provide only excepted benefits and account-based plans, such as health reimbursement arrangements (HRAs), are not required to submit an attestation.
Relying on Issuers/TPAs to Submit Attestation
With respect to fully insured group health plans, the health plan and the issuer are each required to submit a gag clause compliance attestation annually. However, when the issuer of a fully insured group health plan submits a gag clause compliance attestation on behalf of the plan, the Departments will consider the plan and issuer to have satisfied the attestation submission requirement. In general, most issuers have indicated they are willing to submit the attestations on behalf of fully insured health plans.
Employers with self-insured health plans can satisfy the gag clause compliance attestation requirement by entering into a written agreement under which the plan’s service provider, such as a TPA, will provide the attestation on the plan’s behalf. However, even if this type of agreement is in place, the legal requirement to provide a timely attestation remains with the health plan. Also, some service providers have indicated they are unwilling to submit attestations for their self-insured groups. In this case, employers need to submit the attestations for their health plans.
Submitting Attestations
Gag clause attestations must be submitted electronically by completing a CMS webform. The Departments have provided instructions for submitting the attestation, a system user manual and FAQs, all of which are available here.
To access the webform, a user must first obtain an authentication code by going to CMS’ website and selecting “Don’t have a code or forgot yours?” The user will be asked to provide their e-mail address. The system will then generate an authentication code and send it to the e-mail address provided. The user can then return to the CMS website, enter the e-mail address and code where indicated, and select “Login to the system” to proceed with submitting the attestation.
Reach out to your Hylant representative for further information. Don’t have one? Contact us here.
The above information does not constitute advice. Always contact your employee benefits broker or trusted advisor for insurance-related questions.