The deadline for group health plans to submit their first online Gag Clause Prohibition Compliance Attestation (GCPCA) form is quickly approaching. Employers should familiarize themselves with the gag clause requirement, understand what health benefits it applies to, know what actions they need to take, and submit a GCPCA by December 31, 2023 (if necessary).
The extent of an employer’s responsibilities will largely depend on the willingness of their medical carrier or TPA to complete the attestation for the plan, and whether any medical benefits (like pharmacy or behavioral health) are administered by a vendor other than their medical carrier or TPA.
What is the gag clause prohibition and attestation requirement?
The Consolidated Appropriations Act, 2021 (CAA) prohibits group health plans from entering into agreements with entities offering access to a network of providers if those agreements (or any underlying agreements) contain gag clauses. It also requires them to submit attestations of compliance annually.
The gag clause prohibition applies to agreements entered into directly or indirectly between a group health plan and the plan’s service provider(s). Service providers include health insurance carriers, medical claim TPAs, PBMs, behavioral health vendors, direct care arrangements, and other similar entities. A gag clause is a contractual provision that restricts the plan from sharing price or quality of care information or data with other parties. The prohibition took effect on December 27, 2020 (the date the CAA was passed). Plans must annually attest to their compliance each year by December 31st.
When is the first attestation due?
The first GCPCA submission is due by December 31, 2023, and will satisfy the requirement for calendar years 2021, 2022, and 2023. Employers needing to attest for any part of this period must submit a GCPCA by the first due date.
Thereafter, the plan’s GCPCA is due by December 31st of each calendar year and will cover the period from the date of the prior submission through the date of the current submission. For example, if the plan’s first GCPCA was submitted on November 8, 2023, the plan’s second GCPCA will cover the period from November 9, 2023 through the date of the plan’s second GCPCA (due by 12/31/2024).
Which plans must comply?
All employer-sponsored group health plans must submit a GCPCA (with a few limited exceptions). The requirement applies to fully insured and self-insured/level-funded medical plans, ERISA plans, church plans, grandfathered and grandmothered plans, and non-federal governmental plans. It extends to standalone telehealth programs and direct care arrangements.
Under a limited exception, group health plans providing “excepted benefits” coverage (like standalone dental and vision plans and health FSAs), account-based plans like HRAs, most EAPs, and retiree-only plans are not subject to the attestation requirement.
Is there a penalty for noncompliance?
Although not entirely clear, it appears that a plan that fails to comply with the gag clause attestation requirement could be subject to the standard IRC §4980D penalty scheme, which is $100 per day per affected individual.
How do plans attest?
Plans must submit their attestations using the GCPCA webform, which is accessed at https://www.cms.gov/marketplace/about/oversight/other-insurance-protections/gag-clause-prohibition-compliance-attestation. FAQs, instructions, and a user manual are all available on the GCPCA webpage. To access the form, users must first obtain an authentication code from the website by entering an email address. It takes approximately 15 minutes to complete and submit a GCPCA. The process is straightforward, and the form is easy to complete. An Excel reporting template may need to be completed and uploaded to the webform, but only if the employer has more than one plan number and there are different medical benefits associated with them. This scenario will be uncommon.
The Departments of Labor, Health and Human Services, and the Treasury (collectively, “the Departments”) recognize that it is unusual for employers to directly enter into agreements with health care providers, so the guidance makes it clear that if specific requirements are met, employers may rely on their carriers, TPAs, PBMs, etc., to submit attestations on behalf of their plans. Although there are exceptions, there is a general pattern to which service providers are willing to attest and which service providers are not. Some examples here:
Fully-Insured Group Health Plans
With respect to a fully insured arrangement, both the group health plan and the health insurer are required to attest. However, when an insurer submits a GCPCA on behalf of the plan, the Departments will consider both the plan and the insurer to have satisfied the attestation requirement, per Q/A-10 of the Departments’ FAQs. Most health carriers have indicated they are willing to submit attestations on behalf of fully-insured plans.
In this instance, and when there are no other health benefits subject to the requirement (e.g., a carve-out pharmacy benefit), no action is required of the employer other than to retain documentation from their carrier that they are submitting the GCPCA on behalf of their plan.
Self-Insured/Level-Funded Group Health Plans
With respect to a self-insured/level-funded arrangement, only the group health plan is required to attest. Medical claim TPAs are not subject to the attestation requirement. An employer may satisfy the requirement by entering into a written agreement under which the service provider completes the GCPCA on the plan’s behalf, per Q/A-9. Nonetheless, the employer retains ultimate responsibility for compliance. Most medical TPAs are not offering to complete attestations for self-insured/level-funded plans, and therefore, employers will need to submit them.
Carve-Out Pharmacy, Behavioral Health, and Other Medical Benefits (Direct Primary Care, Telehealth Programs, etc.)
Although an employer is permitted to enter into a written agreement under which a PBM, behavioral health vendor, or other similar service provider would attest on the plan’s behalf, we have not encountered any such vendors that are willing to do so. Employers with these types of carve-out arrangements will need to attest on behalf of these benefits (in addition to their other medical benefits, if not being completed by their carriers or TPAs).
Ultimately, whether an employer needs to submit a GCPCA on behalf of some or all of the provider agreements associated with their health plan will depend on each of their vendor's willingness to do it for them. At a minimum, employers will need to take inventory of which health benefits are subject to the requirement, verify with their vendors that provider contracts are compliant, and determine who is submitting attestations. Many carriers, TPAs, and PBMs have already communicated with their customers about whether they will or will not assist with attestations. At times, a vendor will attest for a portion of the plan’s benefits and the employer will attest for others. Multiple GCPCA submissions on behalf of a single group health plan may be necessary to ensure that the plan has submitted a complete attestation addressing all of the provider agreements associated with the plan.
Employers who encourage their employees to leverage their available paid time off benefits oftentimes realize increased productivity levels amongst their employee population. Paid time off is often...
Since the pandemic, there has been a growing trend of using extended employee paid time off and sabbaticals in the workforce. To avoid any disruptions in productivity within the organization, it is...