No More Gags
The Consolidated Appropriations Act (CAA) of 2021 prohibited “gag clauses” in contracts between insurance plans, insurance issuers, and providers. The law provides that a group health plan can’t enter into an agreement with a healthcare provider, network or association of providers, third-party administrator, or other service provider offering access to a network of providers that would directly or indirectly restrict a group health plan from: (a) providing provider-specific cost or quality of care information or data; (b) electronically accessing de-identified claims and encounter certain information or data for each participant or beneficiary in the plan, upon proper request; or (c) sharing information contained in the points above, or directing that such data be shared, with a business associate as defined in the federal regulations.
As of 2023, group health plans are required to submit a gag clause prohibition compliance attestation (GCPCA) through the Centers for Medicare and Medicaid Services’ (CMS) Health Insurance Oversight System (HIOS) to attest they have complied with the prohibition on gag clauses.
The prohibition went into effect on December 27, 2020. The first GCPCA, covering the period from December 27, 2020, to the date of the first attestation, is due no later than December 31, 2023. Attestations for subsequent years are due every year on December 31. Failure to submit the GCPCA may result in agency enforcement actions.
Who Is Required to Submit an Attestation?
The following entities are required to submit a GCPCA:
- Fully insured and self-insured group health plans, including Employee Retirement Income Security Act (ERISA) plans, nonfederal governmental plans; and church plans subject to the code;
- Health insurance issuers offering group health insurance coverage; and
- Health insurance issuers offering individual health insurance coverage, including student health insurance coverage and individual health insurance coverage issued through an association.
Certain other entities are exempted from the attestation requirement, including plans or issuers offering only excepted benefits, such as limited scope dental or vision benefits. Employers that sponsor self-insured group health plans should connect with the plans’ third-party administrators or other service providers to determine who will file the GCPCA. The CMS has issued guidance stating that a self-funded or partially self-funded plan may enter into a written agreement with a service provider for the provider to attest on the plan’s behalf.
The information to be reported includes the reporting entity’s name and employer identification number, ERISA number (for ERISA plans), the type of reporting entity, contact information, and information about the type of provider agreement to which the attestation relates.
The attestation will satisfy the parallel requirements under the code, ERISA, and the Public Health Service Act, as applicable. More information about the GCPCA and submission instructions can be found on the CMS website.
Martin J. Regimbal, a shareholder of the Kullman Firm, may be reached at mjr@kullmanlaw.com, and Molly Gunnels, an associate of the Kullman Firm, may be reached at mjg@kullmanlaw.com.