Deadline Nears for Plan Sponsors to Sign Attestations for Access to Health Plan Data

New health care regulations should give plan sponsors more clarity related to the cost and quality of provider services—but some of the onus will remain on plan sponsors to ensure access to the relevant data.

To comply with the Consolidated Appropriations Act of 2021, employers must attest that service providers have removed gag clauses from health care contracts by December 31, 2024, notes Jamie Greenleaf, a retirement plan and health benefits adviser who has been focused on CAA ’21 enactments through the company she co-founded, Fiduciary In A Box.

When CAA ’21 was enacted, it included a provision that prohibits group health plans and health insurance carriers from entering into agreements that restrict the release of certain information related to provider networks. These restrictions are known as “gag clauses,” and their removal is intended to help plan sponsors better assess the health benefit services they are receiving and select the best options for their employees, says Greenleaf, who has been speaking at industry events and giving webinars to try and spread the word about the new regulations.

But CAA ’21, which was passed as part of a massive COVID-19 relief bill during the first administration of President-elect Donald Trump, requires plans and carriers to attest annually that their agreements do not contain those gag clauses. The first gag clause attestation was due December 31, 2023, with the next one due at the end of this year.

Plans and carriers must complete the Gag Clause Prohibition Compliance Attestation form electronically, using the form provided. The attestations are being collected by the Department of Health and Human Services on behalf of the Department of Labor and the Department of the Treasury.

There are no specific penalties outlined in the CAA ’21 if a group health plan does not complete the attestation, but in the FAQs, the departments indicated that failing to submit the attestation by the deadline may subject the plan or carrier to enforcement action. In such cases, it is possible for the departments to assess a penalty of up to $100 per day per affected individual.

Evolving Regulation

According to insurance company Woodruff-Sawyer & Co. Inc., the attestation was somewhat modified for 2024, including, among other things, a new requirement to include an attestation year, a new requirement to include the attestation period (the period between when the last gag clause attestation was submitted and the current gag clause submission) and a section to include the plan type (ERISA plan, non-federal governmental plan or church plan).

Specifically, under the CAA ’21 gag clause provision, group health plans and insurers are prohibited from entering into agreements—with a health care provider, provider network, third-party administrator or other service provider offering access to a provider network—that include:

1. Restrictions on the disclosure of provider-specific cost or quality of care information or data;
2. Restrictions on electronic access to de-identified claims and encounter information for each participant, beneficiary or enrollee upon request; and
3. Restrictions on sharing information or data described in (1) and (2) or directing that such information or data be shared with a business associate.

The gag clause provision is designed to ensure plan sponsors and participants have the necessary access to both provider-specific costs and quality of care data.

But even with these new requirements under the CAA ’21, adviser Greenleaf says many employers are still having tremendous difficulties getting the information they need from third-party administrators and service providers.

A recent example came when Owens & Minion Inc., a health care logistics company, filed a complaint last week against its TPA, Anthem Blue Cross Blue Shield, claiming the company refused to provide necessary claims data to the plan. After receiving a portion of the plan’s claim data from Anthem in 2023, Owens & Minor alleged that Anthem overpaid certain claims, secured kickbacks from providers and pocketed rebates belonging to Owens.

Anthem noted in response that the firm does not comment on active litigation.

Fiduciary Focus

Greenleaf says because of the CAA ’21, it is likely that Owens had more leverage to obtain the plan claim data because gag clauses now have to be removed.

“What it has shown is that now that employers are pushing to get access to the cost and quality [of their health plans], they’re starting to recognize that there are problems, that there are issues with claims data, in particular, with overpayments, with inappropriate payments [and] items that are a problem from a fiduciary standpoint,” Greenleaf says.

Greenleaf further explains that, as fiduciaries, there is a lot of risk for employers if they do not have access to their plan information, as they need it to conduct a prudent process. Instead of going back and forth with a covered service provider and pointing out specific gag clauses that need to be removed, Greenleaf says more employers are starting to amend their documents to put in writing that nothing in the contract is a gag clause and they are entitled to access to all data related to cost and quality.

Group health plans also need to confirm that any agreements with their pharmacy benefit manager do not contain gag clauses. According to Woodruff Sawyer, these clauses would typically be found in confidentiality or other privacy provisions of the agreements.