Search Blog

The Gag Clause Quandary for Self-Insured Group Health Plans—New FAQ Guidance

Print to PDF

The Departments of Labor, Health and Human Services, and the Treasury, with the Office of Personnel Management (the “Departments”) jointly released FAQs About Consolidated Appropriations Act, 2021 Implementation Part 69 (“FAQs Part 69”) on January 14, 2025. In addition to providing guidance pertinent to the ever-evolving federal independent dispute resolution (“IDR”) process, FAQs Part 69 offers guidance regarding Section 201 of the Consolidated Appropriations Act, 2021, known colloquially as the “gag clause prohibition.”

Under the gag clause prohibition, a group health plan is prohibited from entering into an agreement with a third-party administrator (“TPA”), health care provider, or other vendor offering access to a network of health care providers that would prevent the plan from accessing certain cost, quality, and de-identified claims information and providing that information to its business associates. FAQs Part 69 provide additional guidance regarding the implications of the gag clause prohibition on downstream agreements and access to de-identified data but offer little comfort to self-insured group health plans, which may be required to report non-compliant contract provisions they have been unable to remove from their contracts without immunity from enforcement action by the Departments.

The gag clause prohibition states that a group health plan cannot agree to restrictions in TPA or provider network contracts that would directly or indirectly prevent the plan from:

  • disclosing provider-specific cost or quality-of-care information or data to referring providers, the plan sponsor, and individuals who are or are eligible to become participants or beneficiaries;
  • electronically accessing de-identified claims information, including financial information, provider information, and service codes; or
  • sharing this information with a business associate in accordance with applicable privacy protections.

ACA FAQ Part 57, described in more detail in our June 2023 blog post, provides guidance on the scope of the prohibition and instructions about the requirement to submit annual attestations regarding compliance with the gag clause prohibition. It does not, however, address the practical reality that many self-insured group health plans do not have the negotiating leverage necessary to ensure unfettered access to the cost and quality of care information and de-identified claims data required to be disclosed under the gag clause prohibition. Without greater leverage, sponsors of self-insured group health plans are stuck between a rock and a hard place, destined to rely on vague promises by TPAs about their intent to comply with the gag clause prohibition or report that they are a party to a non-compliant agreement.[1]

FAQs Part 69 reaffirms the Departments’ view that the gag clause prohibition should be broadly construed. Specifically, Q/A-6 states that agreements between a TPA and parties other than the plan to provide or administer the plan’s network (so-called downstream agreements) that restrict the plan from providing, electronically accessing, or sharing certain cost and quality information violate the gag clause prohibition. Similarly, Q/A-7 clarifies that agreements between a TPA and a plan that allow a health care provider, network, association of providers, or the TPA to restrict the plan from providing deidentified claims data to the plan’s business associate(s)[2] violates the gag clause prohibition.

FAQs Part 69 also contains detailed examples of restrictions on disclosing de-identified claims data that the Departments deem to violate the gag clause prohibition. The examples of the restrictions on audit and claims review are, unfortunately, all too familiar to plan sponsors that have attempted to negotiate audit rights in an administrative services agreement (“ASA”) with a TPA. For example, the Departments state that they will consider the following non-exhaustive list of provisions impermissible gag clauses: (i) limiting the frequency of claims reviews (e.g., no more than once per year); (ii) limiting access to a minimum necessary number of claims; (iii) limiting the number or types of de-identified claims that a plan may access; (iv) restricting the data elements of a de-identified claim that a plan may access; and (v) providing access to de-identified claims data only on the TPA’s physical premises.[3] Unfortunately, regardless of the number of covered lives benefitting under their plans, many plan sponsors cannot negotiate ASAs entirely free of the above restrictions.

The examples presented in FAQs Part 69 highlight the quandary facing self-insured group health plan sponsors subject to the annual gag clause prohibition compliance attestation requirement: how to remain compliant when many TPAs simply refuse to abandon ASA terms and audit restrictions that violate the gag clause prohibition? Unfortunately, FAQs Part 69 offers little reassurance. Q/A-9 outlines the Departments’ position regarding plan sponsors that are a party to ASAs containing prohibited gag clauses. The Departments state that such plans must identify the non-compliant provision(s) in their annual gag clause prohibition compliance attestation. Although the Departments state that plan sponsors may include “Additional Information” regarding the non-compliant terms the TPA has refused to remove and include the identity of the TPA, they stop well short of guaranteeing the reporting plan sponsor immunity from enforcement actions. Rather, the guidance states only that the Departments “will take into account good faith efforts to self-report a prohibited gag clause” in any enforcement action they initiate. Conscious of the expense and administrative burden associated with defending enforcement actions, this
stance provides cold comfort to plan sponsors that have failed to extricate their plans from ASAs containing non-compliant provisions.

Considering the guidance in FAQs Part 69, the best approach for plan sponsors facing this quandary may be to carefully record their attempts to eliminate prohibited gag clauses from their ASAs. FAQs Part 69 states that this information can be included in the annual gag clause prohibition compliance attestation, and including the information will, hopefully, provide some protection to the plans until TPAs and others are held to account.

Please contact Chris Lockman or any member of Verrill’s Employee Benefits & Executive Compensation Group if you have any questions regarding the ongoing compliance obligations regarding the gag clause prohibition and the negation of services agreements with TPAs, health care providers, and other vendors offering access to a network of health care providers.


[1] Our June 2023 blog post posited that litigation might provide some relief for self-insured group health plan sponsors that remain liable for submitting annual compliance attestations. We referenced two pending cases –Trustees of the Int’l Union of Bricklayers and Allied Craftworkers Local 1 Conn. Health Fund et al v. Elevance, Inc. et al., Civ. No. 22-cv-01541 (D. Conn.) and Owens & Minor, Inc. et al v. Anthem Health Plans of Virginia, Inc., Civ. No. 23-cv-00115 (E.D. Va.). Unfortunately, neither case has (yet) provided a clear path forward for plan sponsors. The original Bricklayers Complaint was dismissed for failure to state a claim because the U.S. District Court for Connecticut determined that the plaintiffs failed to plausibly allege the defendant TPAs were “fiduciaries” under ERISA and, thus, could breach “fiduciary” duties to the plans. An Amended Complaint was filed, once again alleging a violation of the gag clause prohibition, but a motion to dismiss the Amended Complaint is pending. The parties agreed to dismiss the Owens & Minor case in August 2023, presumably because the TPA agreed to turn over at least a portion of the claims data requested by the plan. Owens & Minor has since initiated a second lawsuit against Anthem Health Plans of Virginia alleging various ERISA and state law breach of contract actions based on its review of the data received (see Owens & Minor Inc. et al v. Anthem Health Plans of Virginia Inc., Civ. No. 24-cv-00820 (E.D. Va.)).

[2] For purposes of the gag clause prohibition, a “business associate” is defined by cross-reference to the HIPAA Rules to include any person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.

[3] FAQs Part 69 caveats that the restrictions provided as examples will not constitute impermissible gag clauses if the cost and quality information required to be made available under the statute “is otherwise electronically accessible to the plan…” The scope of this caveat is not entirely clear. It would be unfortunate if TPAs were to allege that by providing cost-sharing information through the public disclosure tool required under the Transparency in Coverage Final Rule [85 Fed. Reg. 72158 (Nov. 12, 2020)], the necessary information was “electronically accessible” to the plan, thus, the audit restrictions in their ASAs would not constitute prohibited gag clauses.

Topics: Fiduciary Duties, Health and Welfare Benefit Plans, Plan Administration