Gag Clauses – New Guidance and Litigation Will Inform Compliance
Certain provisions of the Transparency in Coverage Final Regulations and the Consolidated Appropriation Act, 2021 (“CAA”) require group health plans and/or their vendors to report information to federal agencies. On December 31, 2023, group health plans will have to provide an attestation concerning compliance with the prohibition on gag clauses for the first time. Fully-insured group health plans will be deemed to satisfy the attestation requirement if the health insurance issuer submits an attestation on behalf of the plan. In contrast, the legal requirement to provide a timely attestation remains with a self-insured group health plan even if the plan enters into a written agreement with its third-party administrator (“TPA”) to provide the attestation on its behalf. The attestation obligation is yet another example of a CAA requirement for which self-insured plan sponsors are responsible even though their TPAs have primary control over the information or contract provisions subject to the reporting requirement. This tension is playing out in pending litigation and FAQ guidance published earlier this year.
Known colloquially as the “gag clause prohibition,” Section 201 of the CAA, codified as Section 724 of the Employee Retirement Income Security Act of 1974 (“ERISA”), prohibits a group health plan from entering into an agreement with a TPA, health care provider, or other vendor offering access to a network of health care providers that would directly or indirectly prevent the plan from accessing certain cost and quality information and providing that information to its business associates. To assist federal agencies in enforcing this requirement, group health plans and health insurance issuers must annually report compliance with the gag clause prohibition by filing an attestation with the Centers for Medicare and Medical Services (“CMS”). The compliance attestation due December 31, 2023 is for the period beginning December 27, 2020 (the effective date of the gag clause prohibition) onward. Compliance attestations will be due December 31 each year thereafter.
ACA FAQ Part 57
The Departments of Labor, Health and Human Services, and Treasury (collectively, the “Departments”) issued joint FAQs About Affordable Care Act and Consolidated Appropriations Act, 2021 Implementation Part 57 in February 2023. In addition to providing a link to the CMS website, which includes detailed information and a template for the required attestation, ACA FAQ Part 57 provides clarification regarding the scope of the gag clause prohibition. ACA FAQ Part 57 states that a group health plan cannot agree to restrictions in TPA or provider network contracts that would directly or indirectly prevent the plan from:
- disclosing provider-specific cost or quality-of-care information or data to referring providers, the plan sponsor, and individuals who are or are eligible to become participants or beneficiaries;
- electronically accessing de-identified claims information, including financial information, provider information, and service codes; and
- sharing this information with a business associate in accordance with applicable privacy protections.
ACA FAQ Part 57 also addresses what the Departments have likely identified as potential barriers to compliance, stating that contracts cannot restrict disclosure of provider rates even if a TPA considers the information “proprietary” and cannot provide a TPA with unilateral discretion over access to provider-specific cost and quality information. In addition, ACA FAQ Part 57 states that contractual terms that function to restrict a plan or issuer from providing, accessing, or sharing the cost or quality information constitute prohibited gag clauses. For example, some TPAs have allegedly erected barriers to accessing claims information by requiring plan sponsors and business associates to agree to unreasonable confidentiality provisions before disclosing claims data.
Though ACA FAQ Part 57 provides important clarifying information regarding the Departments’ position on the gag clause prohibition, interpretation of the prohibition is also playing out in the courts. For example, two pending cases involving Elevance Health, formerly Anthem, Inc., implicate the gag clause prohibition in the fight between plan sponsors and their TPAs to access claims data. Anthem has filed motions to dismiss in both cases and the briefing submitted both in support of and in opposition to the motions highlights fundamental disagreements between certain plan sponsors and TPAs about the scope of the gag clause prohibition.
One lawsuit, Trustees of the Int’l Union of Bricklayers and Allied Craftworkers Local 1 Conn. Health Fund et al v. Elevance, Inc. et al., Civ. No. 22-cv-01541 (D. Conn.), initiated in December 2022, pits the Trustees of two self-funded group health plans against Anthem, the TPA. In the lawsuit, the Trustees allege that Anthem is a plan fiduciary and breached its fiduciary duties by (1) denying access to claims data, (2) failing to manage claims prudently, and (3) engaging in prohibited transactions. Insisting the lawsuit is necessitated by their fiduciary duty of prudence, the Trustees, among other allegations, claim that Anthem is withholding claims data in violation of both Anthem’s fiduciary duty to the plans and the prohibition on gag clauses in Section 724 of ERISA. Specifically, the Trustees allege that the terms of the plans’ administrative services agreements contain impermissible gag clauses that should be considered unenforceable as against public policy. Referencing ACA FAQ Part 57 directly, the Trustees also allege that a non-disclosure agreement Anthem has asked them to sign as a condition of Anthem releasing the plans’ claims data constitutes a gag clause because the agreement (1) functions to impermissibly restrict the disclosure of claims data by limiting how the Trustees could use the data and (2) limits the type of business associates to which the data could be disclosed.
Anthem counters by alleging, among other things, that none of the defendants are ERISA fiduciaries and that it has not violated the gag clause prohibition. First, Anthem points out that Section 724 of ERISA creates obligations that apply exclusively to group health plans and health insurance issuers and, thus, does not compel Anthem, in its capacity as a TPA for the plans, to comply with the requirements and restrictions of the gag clause prohibition. Anthem also relies on the language in Section 724 that permits “reasonable restrictions on the public disclosure” of claims information to support its insistence that the plans execute non-disclosure agreements before it will release the claims data.
A similar dispute is ongoing in Owens & Minor, Inc. et al v. Anthem Health Plans of Virginia, Inc., Civ. No. 23-cv-00115 (E.D. Va.) filed in February 2023. In Owens, a single-employer plan sponsor alleges that Anthem breached its fiduciary duty by refusing to turn over claims data unless the plan sponsor signed a confidentiality agreement and release that, allegedly, would shield Anthem from liability if any of the data produced was erroneous, inaccurate, or incomplete. Anthem has countered with arguments similar to those lodged in the Bricklayers and Allied Craftworkers lawsuit. In addition, Anthem made the argument that Owens & Minor, by alleging it cannot comply with its fiduciary duties without the claims data, is effectively admitting a breach of its own fiduciary duties during plan years prior to making the request (i.e., 2017 – 2021). Anthem’s assertion illustrates a dangerous trap for plan sponsors who attempt to use their fiduciary obligations as leverage to argue for greater transparency regarding claims data.
Adjudication of the pending motions to dismiss in both cases will likely require the courts to address Article III standing issues in addition to arguments regarding the sufficiency of the plaintiffs' substantive allegations. Our hope is that the court in at least one of these lawsuits will address the merits of the allegations regarding gag clause prohibition violations and provide guidance regarding the scope of the “reasonable restrictions on public disclosure” exception to the prohibition.
Both ACA FAQ Part 57 and briefing in the pending litigation contain tacit acknowledgments of the difficult position the gag clause prohibition creates for sponsors of self-insured group health plans. The CAA requires plan sponsors to attest that their plans have not entered into agreements containing gag clauses when it is apparent the TPA controls nearly all aspects of a group health plan’s relationship with providers (e.g., network, negotiated rates, contract terms, claims payment) and may simply refuse to share claims data with the plan. Moreover, plaintiffs in the pending litigation have alleged that some TPAs, while acknowledging the obligations of the plans under the gag clause prohibition, refuse to make claims data available without placing allegedly unreasonable restrictions on the use and disclosure of that data. The hope among sponsors of self-insured group health plans, particularly those without significant negotiating leverage with their TPAs, is that the Departments or courts will provide some additional negotiating leverage that will facilitate the free flow of claims data from TPAs to the group health plans they support.
Please contact a member of Verrill’s Employee Benefits & Executive Compensation Group if you have any questions regarding compliance with the gag clause prohibition under the CAA or the impending attestation requirement.
 Section 724 of ERISA cross-references the definition of “business associate” found in the HIPAA Final Rules. Accordingly, for purposes of the gag clause prohibition, a business associate is any person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.