United States: Five Most Common Questions And Answers: Health Plans' Gag Clause Attestations – Due December 31, 2023

Group health plan sponsors are required to submit the Gag Clause Prohibition Compliance Attestation (GCPCA) by December 31, 2023, as we recently discussed here. Below are the five most asked questions we have received on the GCPCA, and our answers.

Question 1: What is the GCPCA?

Answer: A new regulatory filing that must be completed by December 31, 2023, for most group health plans.

The Consolidated Appropriations Act, 2021 (CAA) requires group health plans and health insurance issuers to attest that they are in compliance with the CAA's gag clause prohibition. On a high level, this rule prohibits plans and issuers from entering into agreements with providers, TPAs, or other service providers that would restrict (1) provider-specific cost or quality information sharing with plan members or (2) claims data sharing with plan sponsors and their service providers. Again, the first GCPCA is due by December 31, 2023.

Question 2: Do I need to submit the GCPCA?

Answer: It depends. In general, health insurance carriers offering fully insured plans will submit the GCPCA to the Centers for Medicare and Medicaid Services (CMS) directly. Self-funded plan sponsors, including employers who hire TPAs or other plan service providers to handle the administration of claim payments, must either: (1) submit the GCPCA to CMS directly; or (2) ensure vendors submit the attestation on their behalf.

If you are a self-funded plan sponsor and recently received a statement of gag clause compliance from a plan service provider, you will likely need to complete a GCPCA and directly file with CMS.

Plans that only provide the following benefits do not currently need to submit the GCPCA:

• Excepted benefits (more information below in Q&A #5);
• Short-term, limited-duration insurance;
• Government lines of business (Medicare and Medicaid plans, CHIP, TRICARE, Indian Health Service Program, and Basic Health Program Plans); and
• Health reimbursement arrangements (HRAs) or other account-based group health plans.

Question 3: Can vendors submit the GCPCA on behalf of my self-funded health plan?

Answer: Yes, but not all vendors will agree to complete this filing.

There is no industry standard—some vendors serving self-funded plans are filing the GCPCA on behalf of their clients, while others are simply providing a statement that plan sponsors can rely on when directly filing the attestation with CMS. Ultimately, the legal responsibility for the GCPCA rests with the plan sponsor, so even if a vendor agrees to complete the filing, you should follow up and request proof that the GCPCA was completed.

Question 4: What do I need to do to submit the GCPCA?

Answer: Attestations must be submitted to CMS's Health Insurance Oversight System (HIOS) by filling out a CMS webform or by completing and submitting a Microsoft Excel CMS template.

CMS recently updated its instructions for submitting the GCPCA, which can be accessed here, and its GCPCA User Manual, which can be accessed here. Please note that filing the GCPCA requires a HIOS account, which takes time because a significant amount of information is required to complete the account setup process.

Also, if you switched TPAs or vendors since 2020, technically you may need to ensure that your previous vendor also complied with this law. You may need to contact your previous plan service provider to determine whether they will submit an attestation to CMS on behalf of the plan or provide a statement that you can rely on when completing the GCPCA. The GCPCA does not contain a discrete year field, meaning it appears as if one attestation will cover compliance from December 27, 2020, to December 31, 2023.

Question 5: Do I need to submit the GCPCA for ancillary benefits like behavioral health, dental, vision, long-term care, and employee assistance programs?

Answer: It depends.

On one hand, the GCPCA is not required for excepted benefits such as disease-specific insurance, dental, vision, long-term care, and some employee assistance programs.

However, vendors who provide significant behavioral health services and more extensive employee assistance programs likely need to be included because they may not fit into the excepted benefit exclusion. Determining whether an ancillary service fits into the GCPCA excepted benefit exclusion requires a fact-specific analysis. Of course, Foley & Lardner LLP can help determine whether your GCPCA filing should include a specific ancillary service provider.

On the other hand, health plan vendors that provide services that are not excepted benefits or are otherwise exempt from the filing must be included in the attestation filing. As an example, pharmacy benefit managers must be included in the GCPCA filing.

Additional information regarding the GCPCA can be found on CMS's website here. CMS also released GCPCA FAQs, which you can access here.

It is possible that the regulators might delay the GCPCA, as they did with prescription drug data collection reporting as we discussed here, or air ambulance reporting as we discussed here. Foley will publish a new alert if the regulators issue a delay.

If you have questions about compliance with the above requirements or are looking for practical pointers on how to incorporate these new obligations into your existing business model, Foley can help. To review all of the major CAA requirements, you can access our checklist for plan sponsors here and our checklist for plan service providers here.