Deadline for Submitting Gag Clause Attestation Is Dec. 31, 2025

Federal law prohibits group health plans and health insurance issuers from entering into contracts with health care providers,third-party administrators (TPAs) or other service providers that contain gag clauses (i.e., clauses restricting the plan or issuerfrom providing, accessing or sharing certain information about provider price and quality and de-identified claims).

Health plans and issuers must annually submit an attestation of compliance with the gag clause prohibition to theDepartments of Labor, Health and Human Services, and the Treasury (Departments). These attestations are due on Dec. 31 ofeach year. The next attestation is due on Dec. 31, 2025. The Departments may take enforcement action against plans andissuers that do not timely submit the required attestations. 

Action Steps 

Employers should review their contracts with health plan service providers to confirm they do not contain prohibited gagclauses. Employers should also confirm that these contracts prohibit their service providers from entering into agreements withother entities that provide or administer the plan’s network (“downstream agreements”) that restrict the plan from accessing orsharing relevant information or data. According to the Departments, this restriction would be a prohibited gag clause, eventhough the health plan is not a party to the agreement. 

Also, employers should review what actions they may need to take to comply with the gag clause attestation requirement.Employers with fully insured health plans do not need to provide an attestation if their plan’s issuer provides the attestation.Self-insured employers can enter into written agreements with their TPAs to provide the attestation, but the legal responsibilityremains with the health plan. Self-insured employers may need to submit their own attestations if their TPA is unwilling tosubmit the attestation on their behalf. 

Prohibition on Gag Clauses 

A gag clause is a contractual term that directly or indirectly restricts specific data and information that a health plan or issuercan make available to another party. Federal law generally prohibits group health plans and issuers offering group healthinsurance from entering into agreements with health care providers, TPAs or other service providers that include certain gagclause language. Specifically, these contracts cannot restrict a plan or issuer from: 

1. Providing provider-specific cost or quality-of-care information or data to referring providers, the plan sponsor,participants, beneficiaries or enrollees (or individuals eligible to become participants, beneficiaries or enrollees of the planor coverage); 

2. Electronically accessing de-identified claims and encounter information or data for each participant, beneficiary or enrolleeupon request and consistent with privacy rules under the Health Insurance Portability and Accountability Act (HIPAA), theGenetic Information Nondiscrimination Act (GINA) and the Americans with Disabilities Act (ADA); and 

3. Sharing information or data described in (1) and (2) above or directing such information to be shared with a businessassociate, consistent with applicable privacy rules. 

For example, if a contract between a TPA and a health plan provides that the plan sponsor’s access to provider-specific costand quality-of-care information is only at the discretion of the TPA, that contractual provision would be considered aprohibited gag clause.

A health plan’s TPA or other service provider may have separate agreements with other entities to provide or administer theplan’s network. If such downstream agreements restrict the health plan from providing, accessing or sharing the relevantinformation or data, this would be a prohibited gag clause, even if the plan is not a party to the agreement. To comply with thegag clause prohibition, the Departments expect that, in their direct contracts with TPAs or other service providers, health planswill include provisions that prohibit the TPA or other service provider from entering into a downstream agreement that restrictsthe plan from accessing or sharing relevant information or data. 

Plans and issuers must ensure their agreements with health care providers, networks or associations of providers, TPAs or otherservice providers offering access to a network of providers do not contain provisions that violate the prohibition of gag clauses. 

Gag Clause Compliance Attestations 

Health plans and issuers must annually submit an attestation of their compliance with the gag clause prohibition to theDepartments. Attestations are due on Dec. 31 of each following year, covering the period since the last attestation. Thedeadline for submitting the next attestation is Dec. 31, 2025. 

The attestation requirement applies to fully insured and self-insured group health plans, including ERISA plans, nonfederalgovernmental plans and church plans. Additionally, this requirement applies regardless of whether a plan is considered“grandfathered” under the Affordable Care Act. However, plans that provide only excepted benefits and account-based plans,such as health reimbursement arrangements, are not required to submit an attestation. 

According to the Departments’ FAQs, health plans and issuers that do not submit their attestations by the deadline may besubject to enforcement action. 

Gag clause attestations must be submitted electronically through a federal website. The Departments have providedinstructions for submitting the attestation, a system user manual and FAQs, all of which are available here.

Noncompliant Agreements 

Health plans are required to submit the annual gag clause attestation even if they are aware that they have entered into anagreement that violates the gag clause prohibition (including because a TPA or service provider has entered into a downstreamagreement that restricts the use of relevant information or data). According to the Departments’ FAQs, health plans mustidentify the noncompliant provision as part of their attestation, using the text box labeled “Additional Information” in Step 3 ofthe online system for this purpose. Such additional information should include: 

• Any prohibited gag clauses that a service provider has refused to remove;

• The name of the TPA or service provider with which the plan has the agreement containing the prohibited gag clause;

• Conduct by the service provider that shows the service provider interprets the agreement to contain a prohibited gagclause;

• Information on the plan’s requests that the prohibited gag clause be removed from such agreement; and

• Any other steps the plan has taken to come into compliance with the provision. 

Even if a health plan submits this additional information, the provision in question could still be considered a prohibited gagclause and may be subject to enforcement action by the Departments. However, the Departments have indicated that they willtake into account good-faith efforts to self-report a prohibited gag clause in any such enforcement action.

Relying on Issuers/TPAs to Submit Attestation 

With respect to fully insured group health plans, the health plan and the issuer are each required to submit a gag clausecompliance attestation annually. However, when the issuer of a fully insured group health plan submits a gag clausecompliance attestation on behalf of the plan, the Departments will consider the plan and issuer to have satisfied the attestationsubmission requirement. 

Employers with self-insured health plans can satisfy the gag clause compliance attestation requirement by entering into awritten agreement under which the plan’s service provider, such as a TPA, will provide the attestation on the plan’s behalf.However, even if this type of agreement is in place, the legal requirement to provide a timely attestation remains with thehealth plan. Also, some service providers have indicated they are unwilling to submit attestations for their self-insured groups. In this case, employers may need to submit the attestations for their health plans.