In the waning days of 2020, with little advance warning and similarly little fanfare, Congress enacted a landmark slate of healthcare transparency legislation. More than 2,200 pages in total, the CAA 2021 included a host of important healthcare reforms, promising to curtail surprise medical bills, improve access to mental health and substance use disorder benefits, empower individuals to shop for better prices for medical services, and ban “gag clauses” that prevent employers from accessing their own plan healthcare cost and quality data. Five years later, that last component – the prohibition on gag clauses in contracts between group health plans and their service providers (e.g., TPAs, provider networks) – has yet to deliver on its promise.
The gag clause prohibition has two requirements: the prohibition itself and an attestation of compliance. These requirements are intended to give group health plan sponsors unprecedented – and, importantly, unfettered – access to cost, quality, and financial information about their own plan’s performance, which they can then use to better evaluate the performance of their service providers. To ensure compliance with the prohibition, the CAA 2021 requires all group health plans to annually attest that their service providers have not restricted the plan’s access to such information. Attestations are due to CMS every year by December 31. The first attestation was due by December 31, 2023, covering the period from December 27, 2020 (the CAA 2021 enactment date), to the date the plan attested. Each subsequent attestation covers the period since the plan’s previous attestation.
Fully insured plans may rely on the carrier’s attestation that their provider contracts are in compliance. However, self-insured plans remain responsible for compliance, even if a TPA agrees to submit the attestation on their behalf. Employers preparing to attest (or make arrangements for their carrier or TPA to do so) are encouraged to ask their NFP broker or consultant for a copy of the NFP publication Gag Clause Prohibition and Attestation: A Guide for Employers for practical guidance on completing the attestation.
Rather than thinking of the annual Gag Clause Prohibition Compliance Attestation (GCPCA) deadline as just another compliance box to check before the end of the year, it’s important to consider why plans attest in the first place. Ahead of this year’s GCPCA due date, let’s talk about gag clauses.
The Gag Clause Prohibition Promise
Following on the heels of the Transparency in Coverage final rules – which required group health plans to provide a self-service tool for enrollees to compare prices of services from different providers, as well as publish a host of pricing data online for app developers and researchers to build tools and study cost trends – the CAA 2021 sought to equip employers with even more insight into their healthcare costs. Among other things, the CAA 2021 requires service providers (including brokers) to disclose details about their compensation to group health plan sponsors, requires plans to report data to the federal government on their prescription drug spending, and prohibits contractual gag clauses that prevent group health plans from accessing their own spending data.
In particular, the CAA 2021’s prohibition on gag clauses promised to dramatically transform the way employers shop for service providers. It prohibits a group health plan (and, in the case of a fully insured plan, the carrier) from agreeing to any contract with a service provider if that contract restricts the plan’s ability to:
- Share provider-specific cost or quality of care information with referring providers, enrollees in the coverage, or individuals eligible to become enrolled in the coverage.
- Electronically access claims and encounter data on a per-claim basis, stripped of identifying details, including things like financial information, allowed amounts, financial obligations required by a provider contract, provider information, service codes, and “any other data element” included in the transaction.
- Share any of the above information or data with the plan’s business associates.
The prohibition on gag clauses applies broadly to all group health plans (including non-ERISA plans), with limited exceptions for retiree-only plans and excepted benefits, like stand-alone dental and vision plans. Through sweeping catch-all language, the prohibition reaches a broad range of restrictions that service providers place on access to health plan data, both directly and indirectly. In fact, the prohibition doesn’t just apply to agreements to which a plan is a party, like a plan’s administrative services agreement with a TPA. It also extends to “downstream” agreements, meaning agreements between a service provider and other vendors who work with the service provider. All told, the gag clause prohibition was intended to arm employers with more information about their healthcare spending, ostensibly making it easier for them to make informed decisions about whether to hire or retain a particular service provider.
Obstacles to Transparency
While some employers have had more success than others in negotiating the removal of gag clauses from their contracts, gag clauses remain frustratingly entrenched for many plan sponsors. This means that many plan sponsors still do not have access to the full range of information that the gag clause prohibition is meant to unlock.
One obstacle to transparency is that liability is one-sided: the law prohibits group health plans (and carriers) from entering into contracts that contain gag clauses, but it does not prohibit service providers from doing so. Compounding this problem, while Congress has imposed additional responsibilities on employers who sponsor group health plans in recent years, it has not equipped federal regulators with the necessary tools to rein in service providers. This leaves service providers, who often provide access to provider networks on a take-it-or-leave-it basis and view claims-related and financial information as proprietary, with little incentive to proactively remove gag clauses from their contracts.
A second obstacle to transparency is that guidance on the attestation requirement has been slow to arrive. Shortly after the CAA 2021 was enacted, the tri-agencies declined to issue regulations that could have clarified the requirement. While more recent guidance has provided examples of prohibited gag clauses and affirmed that plans are required to attest every year, even if they are out of compliance, employers that are unsuccessful in negotiating the removal of gag clauses face an uncertain enforcement atmosphere.
Enforcement Outlook
There has been no publicly reported enforcement of either the gag clause prohibition or the GCPCA. Unlike the MHPAEA NQTL comparative analysis, which imposes audit quotas on the tri-agencies and requires them to regularly report enforcement results to Congress, the gag clause prohibition does not affirmatively require the tri-agencies to undertake any particular enforcement activity (beyond collecting attestations) or publicly disclose the results of their investigations.
Of course, the lack of publicly reported enforcement activity and the apparent focus on service providers does not mean that the tri-agencies are not enforcing the gag clause prohibition or the GCPCA requirement, nor should employers think they can ignore them. Agency enforcement priorities are always subject to change, and past enforcement activity (public or otherwise) is not an indicator of future enforcement priorities. Indeed, as we previously observed in Compliance Corner, the Trump administration has signaled a renewed focus on healthcare transparency initiatives, so it is entirely possible that the tri-agencies will prioritize gag clause enforcement in the near future.
Reasons to Attest
The first reason to attest is that the law requires it. Virtually all group health plans are subject to the gag clause prohibition, including the requirement to attest to compliance. The law does not provide any exceptions for plans that are unsuccessful in negotiating the removal of their gag clauses.
Second, attesting to a plan’s compliance (or noncompliance) with the gag clause prohibition may inform future federal efforts to increase transparency with the goal of lowering overall healthcare costs for plan sponsors. Indeed, that may explain why the tri-agencies currently appear to be more concerned by the service providers and downstream vendors who impose gag clauses than the plans bound by them.
Final Thoughts
At the risk of stating the obvious – and dramatically oversimplifying the dynamics at play – the best way to ensure compliance with the gag clause prohibition and GCPCA requirement is to have hard conversations with service providers and secure the removal of gag clauses. For plans subject to ERISA, hiring and monitoring service providers is a fiduciary act, so a plan sponsor has an obligation to avoid contracts that contain prohibited gag clauses. If a plan sponsor is ultimately unsuccessful in removing existing gag clauses, removal efforts should be documented.
For a roadmap to identify and remove gag clauses, please ask your NFP broker or consultant for a copy of the NFP publication Gag Clause Prohibition and Attestation: A Guide for Employers.