Reminder – Plans Must Submit Gag Clause Attestations by Dec. 31, 2023
This is a reminder related to the information we sent in August.
On Feb. 23, 2023, the Departments of Labor, Health and Human Services and the Treasury (Departments) issued FAQs on the prohibition of gag clauses under the transparency provisions of the Consolidated Appropriations Act, 2021 (CAA). These FAQs require health plans and health insurance issuers to submit their first attestation of compliance with the CAA’s prohibition of gag clauses by Dec. 31, 2023.
Effective Dec. 27, 2020, the CAA prohibits health plans and issuers from entering into contracts with health care providers, third-party administrators (TPAs) or other service providers that would restrict the plan or issuer from providing, accessing or sharing certain information about provider price and quality and deidentified claims.
Plans and issuers must annually submit an attestation of compliance with these requirements to the Departments. The first attestation is due by Dec. 31, 2023, covering the period beginning Dec. 27, 2020, through the date of attestation. Subsequent attestations, covering the period since the last attestation, are due by Dec. 31 of each following year.
Prohibition on Gag Clauses
A gag clause is a contractual term that directly or indirectly restricts specific data and information that a health plan or issuer can make available to another party. Effective Dec. 27, 2020, the CAA generally prohibits group health plans and issuers offering group health insurance from entering into agreements with health care providers, TPAs or other service providers that include certain gag clause language.
Specifically, these contracts cannot restrict a plan or issuer from:
- Providing provider-specific cost or quality-of-care information or data to referring providers, the plan sponsor, participants, beneficiaries or enrollees (or individuals eligible to become participants, beneficiaries or enrollees of the plan or coverage);
- Electronically accessing deidentified claims and encounter information or data for each participant, beneficiary or enrollee upon request and consistent with privacy rules under the Health Insurance Portability and Accountability Act (HIPAA), the Genetic Information Nondiscrimination Act (GINA) and the Americans with Disabilities Act (ADA); and
- Sharing information or data described in (1) and (2) above or directing such information to be shared with a business associate, consistent with applicable privacy rules.
For example, if a contract between a TPA and a health plan provides that the plan sponsor’s access to provider-specific cost and quality-of-care information is only at the discretion of the TPA, that contractual provision would be considered a prohibited gag clause.
|Plans and issuers must ensure their agreements with health care providers, networks or associations of providers, TPAs or other service providers offering access to a network of providers do not contain provisions that violate the CAA’s prohibition of gag clauses.
Gag Clause Compliance Attestations
Health plans and issuers must annually submit an attestation of their compliance with the CAA’s prohibition of gag clauses to the Departments. The first attestation must be submitted no later than Dec. 31, 2023, covering the period beginning Dec. 27, 2020, through the date of the attestation. Subsequent attestations are due by Dec. 31 of each following year, covering the period since the last attestation. According to the Departments’ FAQs, health plans and issuers that do not submit their attestations by the deadline may be subject to enforcement action.
Covered Health Plans
The attestation requirement applies to fully insured and self-insured group health plans, including ERISA plans, non-federal governmental plans and church plans. Additionally, this requirement applies regardless of whether a plan is considered “grandfathered” under the ACA. However, plans that only provide excepted benefits and account-based plans, such as health reimbursement arrangements (HRAs), are not required to submit an attestation.
Relying on Issuers/TPAs to Submit Attestation
With respect to fully-insured group health plans, the health plan and the issuer are each required to submit a gag clause compliance attestation annually. However, when the issuer of a fully-insured group health plan submits a gag clause compliance attestation on behalf of the plan, the Departments will consider the plan and issuer to have satisfied the attestation submission requirement. Therefore, if the issuer for a fully-insured health plan provides the attestation, the plan does not also need to provide an attestation.
Employers with self-insured health plans can satisfy the gag clause compliance attestation requirement by entering into a written agreement under which the plan’s service provider, such as a TPA, will provide the attestation on the plan’s behalf. However, even if this type of agreement is in place, the legal requirement to provide a timely attestation remains with the health plan.
Employers should ensure any contracts with TPAs or other health plan service providers offering access to a network of providers do not violate the CAA’s prohibition of gag clauses. Also, employers with fully insured or self-insured health plans should prepare to provide the compliance attestation by Dec. 31, 2023. As a reminder, if the issuer for a fully-insured health plan provides the attestation, the plan does not also need to provide an attestation, and employers with self-insured health plans can enter into written agreements with their TPAs to provide the attestation, but the legal responsibility remains with the health plan.
The Departments launched a website through the Centers for Medicare and Medicaid Services for health plans and issuers to submit their gag clause compliance attestations. The Departments have also provided instructions for submitting the attestation, a system user manual and a reporting entity Excel template for plans and issuers to submit the required attestation, all of which are available here.
Top HR and Health Plan Compliance Issues for 2024
This year presented employers with many new and difficult compliance challenges, including federal and state laws and regulations expanding worker protections, widespread adoption of artificial intelligence (AI) in the workplace and increased enforcement actions by federal agencies. Employers have had to respond as courts and federal agencies addressed several hot-button issues. In addition to these novel and growing compliance challenges, employers have also had to navigate record-high inflation, economic slowdown and an unusually resilient labor market. For many employers, these challenges made it more difficult to prioritize compliance or establish successful mitigation strategies because they lacked sufficient time, proper resources or trained personnel. Entering 2024, employers will continue to face the challenge of responding to new legal requirements and increased enforcement efforts.
In addition, employers should be aware of the top compliance issues that impact their health plan coverage for 2024. Some of these compliance issues are established requirements for employers, such as the expanded electronic reporting requirement under the Affordable Care Act (ACA). Other compliance issues are anticipated developments employers should monitor, such as new regulations under the Mental Health Parity and Addiction Equity Act (MHPAEA).
Please review our 2024 Compliance Outlook as well as our 2024 Health Plan Compliance brief to make sure your organization is adequately prepared for any new compliance requirements that might apply to it. As you consider the information presented above, evaluate which changes and trends you may be susceptible to in the upcoming year. Then, reach out to us to discuss the next steps and request valuable resources to help evaluate potential solutions and meet 2024’s compliance challenges.