The Wagner Law Group | Est. 1996

Sophisticated Legal Solutions And Boutique-Style Service

Departments Issue Guidance Requiring First Annual “Gag” Attestation by December 31, 2023

by | Mar 9, 2023 |

By Dannae Delano, Roberta Casper Watson and Barry Salkin

The Consolidated Appropriations Act of 2021 (“CAA”) is the most significant compliance challenge for employer health plan sponsors since the Affordable Care Act. Compliance is now required for its provisions including the review of plan contracts and removal of all “gag clauses”; determination of “reasonableness” for vendor fees and services; prescription drug reporting for plan years 2020, 2021 and 2022; and analysis of parity between medical and mental health coverage.  The Departments of Labor (the “DOL”) and Health and Human Services (“HHS”) are serious about the enforcement of the CAA requirements for transparency in health coverage that apply to employer-sponsored health plans.  The DOL has conducted more than 200 audits of mental health parity compliance and publicly stated that there wasn’t even one plan of the 200 that was compliant with the requirements.  The Departments have submitted reports to Congress regarding the need for mental health parity compliance and guidance is being issued on the pending provisions including the prohibition of “gag clauses.”

Title II (Transparency) of Division BB of the CAA prohibited what are referred to as “gag clauses” with respect to price and quality information in provider agreements. In general, a gag clause is a contractual term that either directly or indirectly restricts specific data and information that a plan or issuer can make available to other parties. As a result, even in the absence of a contractual provision expressly prohibiting providing, sharing, or accessing information, a contractual provision that will function to prevent a plan from providing, sharing, or accessing information will violate the prohibition on gag clauses. Prior to the CAA, nondisclosure requirements were common in third party administration (“TPA”) agreements for self-funded health plans and in prescription benefit management agreements, to name two examples. Such clauses are still included in such agreements, but now cannot be used to prevent compliance with CAA requirements and thus must include exceptions for required disclosures.  A gag clause might also be found in agreements between a plan or health plan issuer and a health care provider; a network or association of providers; a TPA; or another service provider offering access to a network of providers. A gag clause violates the CAA if it:

  • Restricts disclosure of provider-specific cost or quality of care information or data to referring providers, a plan sponsor, and individuals who either were or were eligible to become participants, beneficiaries, or enrollees;
  • Restricts electronic data access to de-identified claims and encounter information or data for each participant, beneficiary, or enrollee upon request;
  • Restricts either the sharing of information or data described in the two preceding bullet points or is a direction that such information be shared with business associates.

However, the prohibition on gag clauses does not prevent health care providers, networks or associations of providers, or other service providers from placing reasonable restrictions on any of the information covered by the gag clause requirements.

The gag clause provisions became effective on December 27, 2020, and plans and issuers are required under the CAA to submit an annual attestation of complying with these requirements (a “Compliance Attestation”) to HHS, DOL, and the Treasury Department (the “Departments”). The Departments believed that the gag clause provisions themselves were self-implementing and did not require regulatory guidance.  However, the Departments also indicated they anticipated issuing guidance on the annual verification requirement, and such guidance was provided on February 24, 2022, in FAQ Part 57.

The first Compliance Attestation is due no later than December 31, 2023, and covers the period from December 27, 2020, or later if the effective date of the plan or health insurance coverage was later, through the date of attestation.

Compliance Attestations must be submitted by health insurance issuers in both the group health and individual markets, and by fully-insured as well as self-insured group health plans, including plans that are grandfathered and grandmothered.  A grandfathered plan is a group health plan that was in effect on March 23, 2010, and is exempt from several provisions of the Affordable Care Act (the “ACA”) if certain conditions are satisfied.  A grandmothered plan is a plan that does not fully comply with the ACA but is protected from ACA enforcement by a policy sometimes referred to as a nonenforcement policy.  Grandmothered plans are transitional health insurance policies purchased between March 23, 2010, and October 1, 2013 (December 31, 2013 in some states).   However, a plan that is required to attest is not required to attest with respect to any excepted benefits.

The FAQ also listed entities that are not required to attest. These include plans or issuers offering only excepted benefits; issuers offering only short-term, limited duration insurance; Medicare and Medicaid; a state’s Children’s Health Insurance Program (“CHIP”); Tricare; the Indian Health Services Program; Basic Health Programs plans; and HRAs including ICHRAs and other account-based group health plans.

A plan or issuer may designate any person within the organization as the person authorized to attest on behalf of the plan or issuer. A self-insured or partially self-insured plan or a health insurance issuer may also designate a TPA or other service provider to submit the attestation on its behalf, with the caveat that the self-insured or partially self-insured plan or health insurance issuer remains the party with the legal requirement to submit an attestation.

Additionally, there are FAQS concerning the manner in which plans and issuers should submit an attestation; technical requirements for using the Compliance Attestation user interface; and the procedures that interested parties should follow if they suspect a violation of the gag clause prohibitions or the related attestation requirements.

While explicit, direct violations of the prohibition on gag clauses may not be difficult to determine, provisions that have the effect of restricting the disclosure of information or data in violation of the gag clause prohibitions may not be obvious. Therefore, it is important that ERISA counsel for plans review service contracts with third parties such as TPAs to ensure that such provisions are either removed from the service agreement or modified to bring it into compliance.  Also, such agreements should provide the way the TPA or other service provider will handle compliance and attestation on behalf of the plan.

In addition, with ERISA fiduciary lawsuits being filed against health providers last year spurring everyone to remember what has happened since the early 2000s with retirement plans and noncompliance, plan sponsors should not continue to be content resting on their laurels and assuming that their TPAs and providers are taking care of compliance issues.  Rather, the fiduciaries should consider their own fiduciary responsibilities to the health plans they sponsor.