Gag Clause Prohibition: The Attestation Process

The Consolidated Appropriations Act of 2021 (CAA) added a provision to prohibit group health plans from entering contracts with Gag Clauses, effective December 27, 2020. The new rule also requires that group health plans submit an attestation of compliance with this provision.

Gag Clause Defined

A Gag Clause is any term that directly or indirectly restricts the plan from:

  • Accessing provider-specific cost or quality of care information or data
  • Electronically accessing de-identified claims and encounter information or data, or from sharing these types of information or data.

This generally means that insurers and third party claims administrators (TPAs) can no longer restrict a plan’s access to certain data by claiming that such data is “proprietary” in nature or by controlling the plan’s access to the data at the TPA’s or insurer’s sole discretion.

For additional details on the Gag Clause provision, please refer to our detailed article.

What is a GCPCA?

GCPCA is a new acronym that stands for Gag Clause Prohibition Compliance Attestation. It is the attestation of compliance with the Gag Clause provisions for group health plans.

Upcoming Deadline

The first annual attestation is due by December 31, 2023. This attestation covers the period from inception through 2023. Subsequent attestations will be required by December 31st each year thereafter.

Employer Action Items – Fully Insured Plans

Fully insured carriers are generally making mass submissions of attestation on behalf of all of their fully insured clients. That said, the legal responsibility for attestation still remains with the group health plan (regardless of the underlying agreement). Thus, there are still important steps that employers must take to ensure compliance with the attestation process.

Step #1 Confirm Compliance: Employers must first confirm (in writing) that their insurer complies with the Gag Clause (specifically, that their contracts do not contain any prohibited provisions). Insurers are typically providing a statement of compliance to employers. Note that employers will need to secure Certifications of Compliance from each carrier if coverage is offered through multiple carriers.

Step #2 Confirm Insurer to Complete Attestation: Employers must then confirm that their insurer will be completing the GCPCA on their behalf.

Step #3 Secure Written Confirmation: Employers must secure written confirmation that their insurer has or will submit the attestation on their behalf. Ideally, the acceptance of this responsibility would be included in the contractual agreement between the carrier and the employer. Until those agreements are updated, employers should request separate communication/confirmation of the carrier’s acceptance of responsibility.

Employer Action Items – Self-Funded Plans

Many employers plan on transferring responsibility for the GCPCA to either a TPA, broker, or another consulting party. That said, the legal responsibility for completing the GCPCA remains with the group health plan. Therefore, it is important to take steps to understand the process and recommended actions to affirm responsibility and document the completion of the attestation process.

Step #1 Confirm Compliance: Employers must first confirm (in writing) that their TPA complies with the Gag Clause (specifically, that their contracts do not contain any prohibited provisions). TPAs and PBMs typically providing a short Certificate of Compliance to employers.

Step #2 Confirm Who is Completing the Attestation: Employers must then confirm who will be completing the GCPCA for the group health plan. This can be completed by their TPA, by the employer directly, or by another third party “Submitter” (such as a broker) on their behalf.

Step #3 Secure Authorization for Submitter: If the GCPCA is completed by any entity other than the employer, an authorization is required. Specifically, the employer must authorize the “Submitter” to also be the “Attester” of compliance.

Step #4 Maintain Documentation of Attestation: The following elements of documentation should be maintained:

  1. Documentation of acceptance/transfer of responsibility for completion of the GCPCA.
  2. Certificate of compliance with Gag Clause provisions from TPA/PBM.
  3. Authorization for Submitter to be Attester (if applicable).
  4. Confirmation of GCPCA attestation from the website submission process.

Unique Situations for Self-Funded Plans

There are a few other notable items for self-funded employers.

  • Level-Funded Plans: Employers with level-funded plans should plan to follow the process as defined for self-funded employers.
  • Blue Shield: Blue Shield appears to be an outlier in that they will accept responsibility for attesting on behalf of plans. Refer to Blue Shield’s communications for an outline of details.
  • Still Figuring It Out: As a rule, ASO providers have made the determination to not accept the attestation responsibility on behalf of employer plans. However, a few are still “figuring out” their procedures. Employers should take note to confirm the final process with their TPA.

What if we have Fully Insured and Self-Funded Plans?

To the extent plans are offered both on a fully insured and self-funded basis (for example, Kaiser is offered alongside a self-funded plan), employers should plan to follow both the fully insured and the self-funded processes in parallel.

What if we changed carriers or changed funding?

Since the initial attestation covers the period of December 27, 2020, through December 31, 2023, employers will need to consider any changes in carrier or funding that have occurred during that period. For example, if a change was made from Carrier A to Carrier B in 2022, compliance documentation would need to be obtained from the prior carrier for that period of coverage. Similarly, if the plan funding mechanism has changed, employers will need to follow the applicable fully insured or self-funded processes (outlined above) for the respective periods.

Vita Clients – Attestation Completed for You

Fully Insured Plans: Vita will secure copies of the Certification of Compliance from all major carriers. The Vita account management team will work with employer groups to secure confirmation that the carrier will be completing the attestation on their behalf. However, employers should confirm that some written form of the acceptance of attestation responsibility is received.

Self-Funded Plans: Vita will complete the attestation process for clients with self-funded health plans. Vita will secure a copy of the Certification of Compliance from the TPA/PBM, complete the online attestation, and maintain documentation of the submission. Clients will be required to sign an authorization form (via DocuSign) to authorize Vita to complete the attestation on their behalf.


Website for Online GCPCA Attestation

Gag Clause FAQs

Instructions for submitting the GCPCA

User Manual for submitting the GCPCA [Word Doc Download]

Post a comment