Skip to main content
What can we help you find?
main content, press tab to continue
Article | Insider

Departments issue guidance on Gag Clause Prohibition and No Surprises Act

By Maureen Gammon and Anu Gogna | February 27, 2025

Recent FAQs cover the legal declaration required to attest that a health plan is not using contracts with healthcare providers that contain gag clauses.
Subscribe
Health and Benefits|Benefits Administration and Outsourcing Solutions
N/A

The Departments of Labor, Health and Human Services, and the Treasury have issued ACA FAQs Part 69 offering guidance on the No Surprises Act (NSA) and Gag Clause Prohibition and related attestation requirements under the Consolidated Appropriations Act, 2021 (CAA). The guidance covers downstream agreements, restrictions on providing de-identified claims data to a business associate and noncompliance reporting. In addition, the departments are extending enforcement relief for qualifying payment amount (QPA) calculations under the NSA.

Gag Clause Prohibition and attestation

The CAA prohibits group health plans and health insurance issuers from entering into an agreement — with a healthcare provider, network or association of providers, third-party administrator (TPA) or other service provider offering access to a provider network — containing any gag clause that would prevent the plan from doing any of the following:

  1. Making provider-specific cost or quality-of-care information or data available to active or eligible participants, beneficiaries and enrollees of the plan or coverage; plan sponsors; or referring providers
  2. Electronically accessing de-identified claims and encounter information or data for each participant, beneficiary or enrollee in the plan or coverage in a manner that complies with privacy regulations, upon request
  3. Sharing such information or data described in (1) and (2), or directing such data to be shared, with a business associate, in a manner that complies with privacy regulations.

In addition, plans and issuers must annually affirm that they adhere to these requirements by submitting a Gag Clause Prohibition Compliance Attestation (GCPCA). The first GCPCA was due by December 31, 2023, covering the period beginning December 27, 2020, or the effective date of the group health plan or health insurance coverage (if later), through the date of attestation. Subsequent attestations, covering the period after the preceding GCPCA, are due by December 31 of each year.

FAQs Part 69

Discussed below are key areas covered in the recent guidance for group health plans and their sponsors.

Downstream agreements (FAQ #6)

If a plan has a contract with a TPA or other service provider that offers access to a provider network, and the TPA or other service provider also has separate agreements with other entities to provide or administer the plan’s network (referred to as downstream agreements), then the downstream agreement must meet the gag clause prohibition requirements.

Business associate agreements (FAQ #7)

The Gag Clause Prohibition prohibits a plan or issuer from entering into any agreement with a healthcare provider, network or association of providers, TPA or other service provider offering access to a provider network that prevents or limits the plan or issuer from sharing de-identified claims data with a business associate.

Examples of prohibited restrictions on de-identified information (FAQ #8)

The FAQs provide examples of restrictions on access to de-identified claims and encounter information or data that are prohibited by the Gag Clause Prohibition. (Note: This is not an exhaustive list. Additional examples of prohibited gag clauses may be provided in future guidance.)

  • Limiting access to a statistically significant or the “minimum necessary” number of de-identified claims
  • Limiting the scope of access to the data to specific, narrow purposes (such as limiting access to the context of an audit)
  • Unreasonably limiting the frequency of claims reviews (e.g., no more than once per year)
  • Limiting the number and types of de-identified claims that a plan or issuer may access
  • Restricting the data elements of a de-identified claim that a plan or issuer may access
  • Providing access to de-identified claims data only on the TPA’s or service provider’s physical premises

Reporting of non-compliant provisions via GCPCA webform (FAQ #9)

When filing an annual GCPCA, plans and issuers that become aware of an existing agreement that violates the Gag Clause Prohibition must identify the non-compliant provision within the “Additional Information” text box in the GCPCA webform system.

No Surprises Act

The NSA helps protect against surprise medical bills for group health plan participants using certain out-of-network services. Previous regulatory guidance established a Federal Independent Dispute Resolution (IDR) process for resolving disputes between plans or issuers and providers, facilities or providers of air ambulance services about out-of-network rates. The guidance included provisions on calculating the QPA to determine the cost-sharing amount an individual must pay. The QPA is generally the median of the contracted rates of the plan or issuer for the item or service in the geographic region, adjusted for inflation.

On August 24, 2023, the provisions for calculating the QPA were vacated by a U.S. District Court. The Fifth Circuit Court later reversed the District Court’s decision of certain challenged provisions related to the QPA methodology, including the inclusion of contracted rates for items and services “regardless of the number of claims paid at that contracted rate”; the exclusion of single case agreements; and the exclusion of bonus, incentive and risk-sharing payments.

Recognizing the challenges plans and issuers now face when recalculating QPAs in light of these court decisions, the departments have extended their enforcement discretion to items and services furnished before August 1, 2025, for any plan or issuer, or party to a payment dispute in the Federal IDR process, that uses a QPA calculated in accordance with the prior regulatory guidance.

Going forward

Employer plan sponsors should:

  • Review their existing agreements with their TPAs and other service providers to confirm they do not include any gag clauses; in addition, employers will want to consider adding language in existing agreements to address the FAQ guidance on “downstream agreements”
  • Report, using the GCPCA webform, any provisions they are aware of that may run afoul of the gag clause prohibition requirements
  • Confirm that their TPA/carrier is calculating the QPA in accordance with the FAQ guidance for purposes of the NSA’s surprise medical billing protections

Authors

Maureen Gammon
Senior Regulatory Advisor, Health and Benefits
email Email phone +1 610 254 7476
Anu Gogna
Senior Regulatory Advisor, Health and Benefits
email Email phone +1 973 290 2599
Related content tags, list of links Article Insider Health and Benefits Benefits Administration and Outsourcing Solutions Healthcare

Related solutions

Health and Benefits
Benefits Administration and Outsourcing Solutions
Contact us