On February 23, 2023, the Departments of Labor, Health and Human Services, and Treasury (collectively the “Departments”) released guidance to initiate the enforcement provisions related to the “gag clause” prohibitions contained in and compliance attestations required by the transparency provisions of the Consolidated Appropriations Act of 2021 (“CAA”), which is codified in Section 9824 of the Internal Revenue Code of 1986, as amended (“Code”), Section 724 of the Employee Retirement Income Security Act of 1974, as amended (“ERISA”), and Section 2799A-9 of the Public Health Service Act (“PHS Act”), as amended (together the “Gag Clause Laws”). See the FAQs available at Part 57 of the Affordable Care Act Frequently Asked Questions (“ACA FAQ 57”). Below is a brief summary of the rules relating to the Gag Clause Laws found in ACA FAQ 57 and suggested next steps for employer plan sponsors.
What Are Gag Clauses and Compliance Attestations?
The Gag Clause Laws prohibit “gag clauses”. “Gag clauses” are any provisions in an agreement between a group health plan or issuer (i.e., insurance carrier) and a health care provider, network or association of providers, third-party administrator (“TPA”), or other service provider offering access to a network of providers that would directly or indirectly restrict the group health plan from providing cost or care information to plan participants or accessing de-identified claims data, or sharing such information in compliance with privacy regulations (or requiring that such information be shared with a business associate). The Gag Clause Laws also require that group health plans and issuers submit an annual attestation of compliance with the prohibitions on gag clauses (a “Compliance Attestation”).
Who Must Submit Compliance Attestations?
All employer-sponsored group health plans (whether fully insured, level funded, or self-insured) are subject to the Compliance Attestation requirements, except for excepted benefits (such as standalone dental or vision plans and certain employee assistance programs) health care flexible spending accounts, and health reimbursement arrangements.
When Must Compliance Attestations Be Submitted?
The first Compliance Attestation submission is due by December 31, 2023, and the submission will cover the period of December 27, 2020 through the date of the Attestation. Subsequent submissions will be due by December 31st of each year thereafter, and will cover the respective periods between the most recent submission and the current submission.
How Must Compliance Attestations Be Submitted?
Compliance Attestations must be submitted electronically through this CMS website, and the instructions and user manual are available here. For more information, see Q5 through Q13 of ACA FAQ 57 (link above).
Can Compliance Attestation Submissions Be Delegated?
Yes. According to ACA FAQ 57, plans can satisfy their Compliance Attestation obligations by having third parties, such as insurance carriers or TPAs, submit the attestation on their behalves.
Next Steps for Employer Plan Sponsors
NOTE: For fully insured plans, the group health plan and the insurance carrier are each required to annually submit a Compliance Attestation. However, if the carrier submits the Compliance Attestation on behalf of the plan, the plan will be considered to have complied with this requirement.
NOTE: Since TPAs that are also carriers (i.e., TPAs that offer fully insured plans and act as TPAs for self-insured group health plans) are permitted to submit a single Compliance Attestation on behalf of themselves, their fully insured group plans, and their self-insured administrative services only (“ASO”) clients, we anticipate that most plans will not have to carry out the Compliance Attestation themselves. However, the plan sponsor is ultimately liable for any failure to attest (even if the failure is by the TPA), so it is important to amend the ASO to require that the TPA carry out this service and for the TPA to indemnify the plan sponsor for any failure to attest.
As is the case with many of the CAA requirements, complying with the Gag Clause Laws and Compliance Attestation requirements is a complex process with numerous parties to involve and steps to take. While the December 31, 2023 deadline is still several months away, now is a good time for plan sponsors to begin consulting with their ERISA attorneys, reviewing their agreements with the carriers/TPAs, and discussing roles and responsibilities with their TPAs and service providers.
 The Gag Clause Laws have been effective since December 27, 2020, the date on which the CAA was signed into law; however, enforcement of the Compliance Attestation requirement was delayed pending further guidance on the gag clause provisions, which has now been issued by the Departments.
Sign up for our newsletter and get the latest to your inbox.