On Jan. 14, 2025, the Departments of Health and Human Services, Labor and the Treasury (Departments) issued frequently asked questions (FAQs) on the implementation of several federal transparency requirements, including the prohibition on gag clauses.

Background

Federal law prohibits group health plans and health insurance issuers from entering into agreements with third-party administrators (TPAs) or other service providers offering access to a network of providers that contain gag clauses (i.e., provisions that restrict the plan or issuer from providing, accessing or sharing certain information about provider price and quality and de-identified claims).

Health plans and issuers must annually submit an attestation of their compliance with the prohibition of gag clauses to the Departments. These attestations are due on Dec. 31 of each year. Health plans and issuers that do not submit their attestations by the deadline may be subject to enforcement action.

Employers with fully insured health plans do not need to provide an attestation if their plan’s issuer provides the attestation. Employers with self-insured health plans can enter into written agreements with their TPAs to provide the attestation, but the legal responsibility remains with the health plan.

New Guidance

The Departments’ FAQs provide the following clarifying guidance for health plans regarding the gag clause prohibition and attestation requirement.

Downstream Agreements

 A health plan’s TPA or other service provider may have separate agreements (downstream agreements) with other entities to provide or administer the plan’s network. If such downstream agreements restrict the health plan from providing, accessing or sharing the relevant information or data, this would be a prohibited gag clause, even if the plan is not a party to the agreement. To comply with the gag clause prohibition, the Departments expect that, in their direct contracts with TPAs or other service providers, plans will include provisions that prohibit the TPA or other service provider from entering into a downstream agreement that restricts the plan from accessing or sharing relevant information or data.

De-identified Claims Data

To comply with the prohibition on gag clauses, health plans cannot enter into an agreement with a TPA or other service provider that restricts the plan from providing de-identified claims data to a business associate (consistent with applicable privacy rules), except at the discretion of the TPA or other service provider.

Annual Attestation

Health plans are required to submit the annual gag clause attestation even if they are aware that they have entered into an agreement that violates the gag clause prohibition. Plans must identify the noncompliant provision as part of their attestation, using the text box labeled “Additional Information” in Step 3 of the online system for this purpose. Such additional information should include:

• Any prohibited gag clauses that a service provider has refused to remove;
• The name of the TPA or service provider with which the plan has the agreement containing the prohibited gag clause;
• Conduct by the service provider that shows the service provider interprets the agreement to contain a prohibited gag clause;
• Information on the plan’s requests that the prohibited gag clause be removed from such agreement; and  Any other steps the plan has taken to come into compliance with the provision.

Even if a health plan submits this additional information, the provision in question could still be considered a prohibited gag clause and may be subject to enforcement action by the Departments. However, the Departments will take into account good- faith efforts to self-report a prohibited gag clause in any such enforcement action.

This Bulletin is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice. Design ©2025 Zywave, Inc. All rights reserved.