Under the Consolidated Appropriation Act of 2021 (CAA), group health plans and health insurance issuers are prohibited from entering into agreements with service providers restricting certain information that the plan may make available to another party. Plan sponsors and issuers must make a Gag Clause Prohibition Compliance Attestation (GCPCA) annually to confirm their compliance with the prohibition. With the deadline for the first GCPCAs approaching at the end of this year, plan sponsors and issuers should review the requirement, which is outlined in this quick reference guide, and ensure they have a strategy to either fulfill the requirement directly or delegate the responsibility to a service provider.
1. What is a gag clause?
For purposes of the GCPCA, a “gag clause” is a contractual provision that directly or indirectly restricts a plan or issuer from sharing specific cost and quality information with another party. For example, a provision in an agreement between a third-party administrator (TPA) and a self-funded group health plan that allows access to provider-specific cost and quality of care information only at the TPA’s discretion would constitute a gag clause. However, the guidance clarifies that healthcare providers, networks, TPAs, and other service providers may place reasonable restrictions on public disclosure of information.
2. What is prohibited?
Specifically, group health plans (including ERISA plans, non-federal governmental plans, and church plans) and health insurance issuers are prohibited from entering into agreements containing gag clauses. The requirement does not apply to excepted benefits, health reimbursement arrangements (HRAs), or other account-based plans. Plan sponsors should review agreements with insurers, healthcare providers, network providers, TPAs, and other service providers to ensure there are no gag clauses.
3. What reporting is required?
Plans and issuers must submit an attestation of their compliance with the prohibition annually by year’s end, with the first GCPCAs due by December 31, 2023. These first attestations apply to the period from December 27, 2020, through the date the attestation is made. Plans and issuers (or their delegate) must submit their attestations online through the Center for Medicare & Medicaid Services’ Health Insurance Oversight Systems. The GCPCA webpage includes links to FAQs, instructions, and a user manual with step-by-step instructions for submitting the attestation. The webpage also provides a link for a reporting template and a link to the website where the attestation can be made. These links are also listed below.
4. Can a self-funded plan contract with its third-party administrator for reporting?
Yes, a self-funded plan sponsor may contract with a service provider (such as a TPA, including an issuer acting as a TPA) who may complete the attestation on the plan sponsor’s behalf. However, the plan sponsor remains legally responsible for compliance. Failure to provide the attestation may result in a civil penalty of $100 per day for each individual affected by a violation. Self-funded plan sponsors who intend to delegate GCPCA reporting responsibilities to a service provider should ensure the delegation is stated in a written agreement.
The following sources provide more information on the GCPCA:
