Yet Another Group Health Plan Disclosure Requirement – Attestation of Gag Clause Compliance

8.3.2023

Sponsors and administrators of group health plans, after spending the past two years ensuring compliance with a multitude of new public disclosure requirements (e.g., making available machine-readable files of health plan data, generating a consumer price transparency tool, and filing a report on prescription drug spending), might be wondering if the storm has passed. But as is common in the Midwest, a pop-up tempest appeared in the form of a new filing obligation–with an initial compliance deadline of December 31, 2023.

Specifically, a group health plan must annually attest by December 31 that the plan complies with a statutory requirement prohibiting entry into certain agreements which include “gag” clauses. Fortunately, the Departments of Labor, Health and Human Services, and the Treasury released guidance earlier this year outlining the compliance rules surrounding the attestation. This Client Alert summarizes this guidance in order to describe the mandate and address methods of compliance.

What is a Gag Clause and Why are Gag Clauses Prohibited?

A gag clause is a contractual term which directly or indirectly restricts specific data and information that a group health plan can make available to another party. Prohibiting gag clauses in contracts serves to improve care outcomes and plan administration. By accessing cost or care information and de-identified claims data, group health plans are better able to compare providers as part of their fiduciary duties.

How are Gag Clauses Prohibited?

The Consolidated Appropriations Act, 2021 (CAA) prohibits group health plans from entering into an agreement with a health care provider, network or association of providers, third-party administrator (TPA), or other service provider offering access to a network of providers that would directly or indirectly restrict the plan from:

  • Providing provider-specific cost or quality of care information or data to referring providers, the plan sponsor, participants, beneficiaries, enrollees, or individuals eligible to become participants, beneficiaries, or enrollees;
  • Providing electronic access to de-identified claims and encounter information or data for each participant, beneficiary, or enrollee upon request and consistent with privacy regulations;
  • Sharing, or directing the sharing of, the information or data described above with a business associate consistent with privacy regulations.

For example, if a contract between a TPA and a group health plan states that the plan will pay health care providers at designated rates, but the contract notes such rates are proprietary and non-disclosable to plan participants, the contract violates the gag clause prohibition of the CAA. However, a health care provider, network or association of providers, and other service providers may place reasonable restrictions on the public disclosure of such information.

What Types of Plans Must Attest?

Numerous group health entities must attest to compliance with the gag clause prohibition of the CAA, including fully-insured and self-insured group health plans subject to ERISA (regardless of whether the applicable plan is grandfathered or grandmothered). Moreover, fully-insured and self-insured non-Federal governmental group health plans and church plans must also attest (regardless of whether the applicable plan is grandfathered or grandmothered). Such group health plans will need to attest to the medical, behavioral, and pharmacy coverage available under the plan, but need not attest to coverage that is an excepted benefit (e.g., limited scope dental and vision benefits and health flexible spending accounts).

What is the Period of Attestation?

A group health plan must first attest by December 31, 2023 that the plan has complied with the prohibition on gag clauses since December 27, 2020 (or the effective date of the applicable plan, if later) through the date of attestation. The group health plan must subsequently attest by the next December 31 (and annually thereafter) continued compliance covering the period from the last preceding attestation.

What are the Methods of Attestation?

A group health plan can submit the annual attestation online through the Health Insurance Oversight System (HIOS) website hosted by the Centers for Medicare & Medicaid Services. A group health plan may authorize any appropriate individual within the organization to file the attestation (such as a delegate of the plan administrator).  The filer will not need to register with HIOS, but instead will need to login through an authentication code that is delivered to an email address provided by the filer. Once the filer enters the login credentials and accesses the attestation portal, the filer will need to input plan identification information with the submission. 

Complete instructions for filing are available by clicking here.

Alternatively, another entity (such as a TPA or pharmacy benefit manager) may attest on behalf of a self-insured group health plan with respect to the covered benefit administered by the service provider. To do so, the group health plan must enter into a written agreement with the service provider explicitly requiring the service provider to attest on the plan’s behalf. Importantly, if the service provider fails to submit the attestation, the plan and not the service provider will be the entity out of compliance and subject to governmental enforcement action (although the plan could seek contractual remedies against the service provider).

If the TPA of a group health plan also issues health insurance policies, the TPA may still attest on behalf of the group health plan, even if the TPA submits a single attestation for itself, its policyholders, and its self-insured group health plan clients. Moreover, while fully-insured group health plans are required to attest to compliance with the gag clause prohibition, if a health insurance issuer attests on behalf of a fully-insured plan, the plan will be deemed to have complied with the attestation requirement.

What Must Employers Do?

Employers that sponsor or administer a group health plan should review the contracts with their TPAs or other relevant service providers to ensure the contracts do not violate the gag clause prohibition.

Employers should then prepare to attest to compliance by December 31, 2023:

  • Employers that sponsor or administer a fully-insured group health plan should verify the insurer will provide the attestation on behalf of the group health plan; and
  • Employers that sponsor or administer a self-insured group health plan should either prepare to attest for themselves or outsource the duty (but not the responsibility) by amending service agreements so that their TPAs will so attest. Such employers may want to include indemnification language protecting the group health plan in the event the TPA fails to follow through on the attestation.

Please contact your Butzel attorney, or the authors of this Client Alert, if you have any questions or would like more information.

Mark Jane
734.213.3617
jane@butzel.com

Lynn McGuire
734.213.3261
mcguire@butzel.com

Nicholas Nahat
248.258.2520
nahat@butzel.com

What's Trending

Follow us on social media

Jump to Page

By using this site, you agree to our updated Privacy Policy and our Terms of Use.