- within Employment and HR topic(s)
- within Intellectual Property, Immigration and Technology topic(s)
- with readers working within the Banking & Credit, Business & Consumer Services and Healthcare industries
Overview: Gag Clause Prohibition Compliance Attestations
The Consolidated Appropriations Act, 2021 (CAA) amended the Internal Revenue Code (Code), the Public Health Service Act of 1944 (PHS) and the Employee Retirement Income Security Act of 1974 (ERISA) to promote transparency in health benefits. Accordingly, the CAA restricts group health plans and health insurance carriers from entering into restrictive service provider contracts that would otherwise limit access to crucial information on benefit claims and health care provider cost and quality.
Under the CAA, group health plans are prohibited from entering into any agreement with a third party administrator (TPA), health care provider, network of providers or other service provider offering access to a network of providers that includes a "gag clause."
A "gag clause" is any contractual term that directly or indirectly restricts a plan from (1) making provider specific cost or quality of care information or data available to covered individuals; (2) electronically accessing de identified claims and encounter information or data for each covered individual; or (3) sharing the information noted above with a business associate, in each case consistent with applicable privacy regulations.
For transparency and compliance purposes, the CAA requires plans to annually attest that they are in compliance with the gag clause prohibition on or before December 31.
What's New: Downstream Reporting
Since 2023, health plans have been required to attest to the lack of prohibited gag clauses in their service provider and TPA contracts. However, as plans prepare to submit the attestation for this year, there are additional compliance and reporting obligations to consider.
In January 2025, the U.S. Departments of Labor, Health and Human Services, and the Treasury (collectively, the Departments) issued Frequently Asked Questions (FAQs) guidance offering additional guidance on the gag clause prohibition. Specifically, the Departments confirmed that the gag clause prohibition also applies to "downstream agreements" between plan service providers and third parties (such as agreements between a network administrator and its participating providers). In other words, separate agreements between a plan service provider and third parties that restrict the plan from providing, electronically accessing or sharing covered information or data similarly violate the CAA's gag clause prohibition. As a result, plans must now additionally attest that their service providers and TPAs have not entered into downstream agreements with third parties that contain a prohibited gag clause.
Furthermore, the FAQs clarify that if an agreement (including a downstream agreement) does include a noncompliant provision that the applicable service provider has refused to remove, the affected plan must still submit an attestation for that year. As part of the attestation, the FAQs require the plan to describe the noncompliant provision in the "Additional Information" section of the electronic form, including information on the identity of the service provider, the gag clause provision at issue, any demonstrated use of the service provider's gag clause and details about the plan's requests for removal, as well as any other steps taken by the plan. Therefore, the FAQs are essentially asking plans to report on noncompliant vendors, if the plan has taken other steps to ensure the plan's compliance, including by requesting that the prohibited gag clause be removed.
The Departments issued the clarifying guidance in the FAQs as of January 14, 2025, meaning these additional obligations are applicable for the December 31, 2025 filing deadline.
What's Next: Steps for Plan Sponsors
In preparation for the December 31, 2025 deadline, plan sponsors should take the following steps:
- Review service provider contracts for any prohibited gag clause.
- Confirm or request written confirmation from service providers that no downstream vendor contracts include prohibited gag clauses; if necessary, confirm with the service provider (in accordance with any contractual confidentiality terms) that the plan will complete the "Additional Information" section of the electronic form with all required details about any noncompliant provision, including in a downstream agreement.
- Submit the attestation to the electronic portal (or, as applicable, ensure that the plan's insurance carrier, TPA or other service provider will attest on the plan's behalf).
As a matter of ongoing compliance, we recommend that plan sponsors negotiate with their TPAs and other service providers to obtain contractual comfort, documented in the service agreement, that the service provider will not enter into any downstream agreement containing a prohibited gag clause.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
