Gag Clause Prohibition Compliance Attestation….that’s a mouthful but what is it?

By Michelina Covey

As we continue to move forward from the “COVID” days, we are still faced with the many compliance initiatives that were created during that time frame.   Let’s add the “Gag Clause Attestation” to our checklist as this phrase has been making frequent appearances in the last few months.

Under the Consolidated Appropriations Act of 2021 (CAA), a number of measures were introduced which focused on improving transparency and enhancing consumer protection in health coverage. One of the many transparency-related components of the CAA is the prohibition of group health plans entering into any agreement or contract that contains a “gag clause.”

If you’re like most people and reading this, you’re probably thinking: what is this thing? Do I need to do it?  Am I exempt? Can I hire someone?  How do I complete the attestation?  All of which are valid questions and have been asked by many.  Let’s see if we can break this down so we all understand the legal lingo:

What is the Gag Clause?

By definition, a “gag clause” is a contractual term that directly or indirectly restricts certain data and information that a plan or issuer can make available to another party.  For purposes of the Gag Clause Prohibition Compliance Attestation (GCPCA), this is a contractual provision that directly or indirectly restricts a plan or issuers from sharing specific cost and quality of care information with another party.

Language that restricts electronic access to de-identified claims and encounter information for individuals upon request is also prohibited (consistent with privacy rules under HIPAA, GINA and the ADA). Additionally, agreements cannot have language that restricts the sharing of the information described above.

Do I need to do it? Am I exempt from it?

There’s no other way to put this other than….YES, you do need to do it.  The attestation requirement applies to health insurance carriers and group health plans, including ERISA plans, non-federal governmental plans, church plans, and grandfathered plans – whether insured or self-insured. Excepted benefits (such as standalone dental and vision plans, Health FSAs and EAPs), HRAs, and other account-based plans are not required to submit an attestation.

Depending on what type of group health plan you have, here’s what you can generally expect:

  • For FULLY-INSURED group health plans:

Most carriers will complete the attestation on behalf of your plan however it is highly advisable to confirm with your carrier that they will be submitting the attestation as some may not/are not willing to do so.

  •  For SELF-INSURED group health plans:

You can enter into a written agreement with a TPA to complete the attestation however we are hearing most are not willing to or able to fulfill this requirement.  In such cases, the responsibility will fall on the employer to complete the plan’s attestation.

Regardless of what type of plan you have, the legal compliance responsibility always falls on the plan (or employer) to complete.  Confirm who will be doing the reporting well in advance to avoid non-compliance and fines.

How do I complete the attestation? 

If you are completing the attestation yourself, you can complete it through the Centers for Medicaid and Medicare Service’s (CMS’s). Health Insurance Oversight System (HIOS).  Within the website, there are links that provide instructions for completing the attestation, a link to the attestation and instructions for completion.

Instructions for Submitting

Step by Step User Manual

Actual Compliance Attestation

There is also a link provided to an Excel file which is only required if an entity is reporting on behalf of multiple parties, such as an insurance company reporting on multiple health plans.  Most, if not all, employers will not need to use this file as they will be filing their attestation directly into HIOS.

Lastly, the “Departments” have released an FAQ for all employers to reference which provides further clarifications and guidance.

The first compliance deadline (or attestation) of this is due by December 31, 2023 which covers the period from December 27, 2020 to the actual date of attestation.  After this initial attestation, it will be due on an annual basis and due by December 31st.

Next steps?       

Employers must ensure their agreements with insurers and TPAs do not contain provisions that violate the CAA’s prohibition of gag clauses and if they do, the agreements should be amended. Also, as previously noted, employers should reach out to their carriers or TPA to confirm whether the attestation will be completed on the plan’s behalf. If not, the employer should plan on completing the attestation through the CMS website.

Although the end of the year seems far away, employers should start preparing for the Gag Clause attestations now as December 31st will be here in the blink of an eye.