Summary: On May 24, 2024, the Department of Health and Human Services (HHS), the Department of Labor (DOL), and the Department of the Treasury (collectively, the Departments) released updated Gag Clause Prohibition Compliance Attestation submission instructions detailing the requirements for health plans to submit annual gag clause prohibition compliance attestations (GCPCAs) to the Departments for 2024.
Employers are advised to start preparing to submit this GCPCA for 2024, the deadline of which is December 31, 2024.
This article serves as a reference guide with detailed instructions and the Centers for Medicare & Medicaid Services (CMS) user manual screenshots for those employers sponsoring group health plans who are required to submit GCPCAs directly to the Departments, rather than relying on their carrier/third-party administrator (TPA), or other plan service provider to submit on their behalf.
Read on for more information.
The Consolidated Appropriations Act of 2021 (CAA), enacted by Congress on December 27, 2020, includes a provision prohibiting health plans (and health insurance carriers) from entering into agreements with health care providers and/or networks, third-party administrators (TPAs), or other plan service providers that include language constituting gag clauses. The Departments state that gag clauses, for these purposes, are contractual terms that directly or indirectly restrict specific data and information a plan can make available to another party. In this context, gag clauses contain language that directly or indirectly restricts a plan from:
|
CAA Gag Clause Prohibition Examples |
|
Example 1: A contract between a TPA and a group health plan states the plan will pay providers at certain designated rates, which the TPA considers to be confidential or proprietary and includes language in the contract prohibiting the plan from disclosing those rates to plan participants. This provision prohibiting disclosure would be considered a prohibited gag clause under the CAA. Example 2: A contract between a TPA and a group health plan provides that the plan sponsor’s access to provider-specific cost and quality of care information is only at the discretion of the TPA. This provision would be considered a prohibited gag clause under the CAA. |
Although health care providers and/or networks, TPAs, and other plan service providers may impose reasonable restrictions on the public disclosure of this information, plans must ensure that their agreements with these providers do not contain language in violation of the CAA’s prohibition on gag clauses.
The intention of these gag clause prohibitions, like other CAA health plan provisions, is to increase and enhance health plan cost transparency. See prior Risk Strategies articles detailing other recent plan cost transparency provisions here, here, and here.
As a reminder, the chart below details which health plans are subject to the annual GCPCA requirement:
|
Type of Plan |
Required to submit annual GCPCA? (Yes/No) |
|
ERISA Group Health Plan[1] including
|
Yes |
|
Non-federal governmental plans[3] |
Yes |
|
Church plans |
Yes |
|
Individual health coverage plans
|
Yes |
|
Tribal health plans that qualify as ERISA plans or state or local government plans[4] |
Yes |
|
Excepted benefit plans, including:
|
No |
|
Retiree-only group health plans |
No |
|
Short-term, limited duration insurance policies |
No |
|
Health Reimbursement Arrangements (HRAs) and other account-based plans, including individual coverage HRAs (ICHRAs) |
No |
|
Medicare and Medicaid plans |
No |
|
Children’s Health Insurance Program (CHIP) plans |
No |
|
TRICARE and Indian Health Service program plans |
No |
Health plans are required to submit a GCPCA on an annual basis confirming their compliance with this gag clause prohibition requirement, as confirmed by the February 2023 Departments FAQs guidance.
The first GCPCA, covering the period from December 27, 2020 through the end of 2023, was due by December 31, 2023.
After December 31, 2023, GCPCAs are due by December 31 of each year, covering the period since the last preceding GCPCA.
The Departments created a dedicated website (accessed here) detailing the GCPCA process with helpful resources for health plans, insurance carriers, and other service providers, including links to the attestation submission site, a user manual, and submission instructions.
The updated GCPCA submission instructions contain several noteworthy changes for 2024, highlighted below:
Definition of “Responsible Entity” (previously “Reporting Entity”): A Responsible Entity is a plan or issuer that is subject to Code section 9824, ERISA section 724, and/or PHS Act section 2799A-9, as applicable, and has directly or indirectly—generally through a third-party administrator (TPA) or another vendor, such as a Pharmacy Benefit Manager (PBM), Independent Practice Association (IPA), or Behavioral Health Manager (BHM)—entered into an agreement(s) with health care providers, a network or association of providers, TPAs, or other service providers offering access to a network of providers.
The Responsible Entity is responsible for ensuring it annually attests, or that another party (such as its TPA or vendor) attests on its behalf, and that the Responsible Entity complies with the prohibition on gag clauses.
The “Attestation Period” generally begins as of the day immediately following the date of the prior attestation and extends to the date of the current attestation.
The “Attestation Year” is the year in which the GCPCA is submitted and covers the “Attestation Period.”
The webform now reflects the “Attestation Period” field.
Example: For a GCPCA submitted on October 10, 2024, a Responsible Entity that submitted its GCPCA for the prior Attestation Year on November 30, 2023, would have an Attestation Period of December 1, 2023, to October 10, 2024, and an Attestation Year of 2024.
Generally, employers sponsoring group health plans are advised to rely on their carriers, TPAs, and other plan service providers to comply with these CAA gag clause prohibition rules since employers do not typically enter into agreements directly with health care providers and networks on behalf of their group health plan. Employers should receive written confirmation from their carriers, TPAs, PBMs, and other plan service providers that all current plan-related contracts do not contain prohibited gag clause language.
Fully Insured Plans: Employers with fully insured group health plans may rely on their insurance carriers to submit their GCPCA. The February 2023 FAQs confirm that fully insured plans will be considered in compliance with this requirement when their carriers submit the GCPCA on their behalf. Fully insured plan sponsor employers should receive written confirmation from their carriers that they will submit the GCPCA on the plan’s behalf well in advance of the December 31, 2024 deadline.
Self-Funded Plans: Employers with self-funded group health plans (including level-funded plans) are directly responsible for the GCPCA requirement but may contract with their plan service providers (e.g., TPAs, PBMs, and/or managed behavioral health organizations) to submit the GCPCAs on their behalf via a written agreement. Self-funded plans should be aware that (as with most compliance obligations) if a service provider fails to submit the required GCPCA, the self-funded plan bears the ultimate responsibility for such failures.
Carriers, TPAs, and other plan service providers have already started to contact their group health plan sponsor clients with next steps on completing and submitting GCPCAs to the Departments. Employers are advised to pay close attention to these communications and respond accordingly to ensure timely compliance with these requirements.
However, certain carriers, TPAs, and PBMs have already notified their group health plan sponsor clients (particularly self-funded plan sponsor clients) that they will not be submitting the GCPCAs on their behalf. This means that these group health plans are responsible for directly submitting their GCPCAs to the Departments.
Get started by clicking here to access the GCPCA webform.
Scroll through the CMS user manual screenshots directly below for detailed instructions on how to submit the required GCPCA.
Click the left and right arrows to navigate through the screenshots
Although the GCPCA is due by December 31, 2024, those plan sponsors who must submit their GCPCA directly to the Departments can be proactive and complete the GCPCA webform now to ensure compliance with this requirement well in advance of the year-end deadline.
Don’t forget – plans that do not submit their annual GCPCAs by the December 31, 2024 deadline are at risk of enforcement action by the Departments.
Risk Strategies is here to help. Contact your Risk Strategies team members with any questions or contact us directly at benefits@risk-strategies.com.
[1] Including grandfathered and grandmothered group health plans.
[2] The revised 2024 instructions provide details on who is the Responsible Entity for MEWAs.
[3] Including plans sponsored by states, counties, school districts, and municipalities.
[4] New in the 2024 GCPCA submission instructions.