Gag Clause Prohibition Compliance Attestation

Gag Clause Prohibition Compliance Attestation


A Gag Clause Prohibition Compliance Attestation (GCPCA) is an attestation of compliance with Internal Revenue Code (Code) section 9824, Employee Retirement Income Security Act (ERISA) section 724, and Public Health Service (PHS) Act section 2799A-9, as added by section 201 of Title II (Transparency) of Division BB of the CAA, as applicable.

These provisions prohibit group health plans and health insurance issuers offering group health insurance coverage from entering into an agreement with a health care provider, network or association of providers, third-party administrator (TPA), or other service provider offering access to a network of providers that would directly or indirectly restrict a plan or issuer from—

    (1) providing provider-specific cost or quality of care information or data, through a consumer engagement tool or any other means, to referring providers, the plan sponsor, participants, beneficiaries, or enrollees, or individuals eligible to become participants, beneficiaries, or enrollees of the plan or coverage; 

    (2) electronically accessing de-identified claims and encounter information or data for each participant, beneficiary, or enrollee in the plan or coverage upon request and consistent with the privacy regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Genetic Information Nondiscrimination Act of 2008 (GINA), and the Americans with Disabilities Act of 1990 (ADA), including, on a per claim basis—

    (i) financial information, such as the allowed amount, or any other claim-related financial obligations included in the provider contract;

    (ii) provider information, including name and clinical designation;

    (iii) service codes; or

    (iv) any other data element included in claim or encounter transactions; or 

(3) sharing information or data described in (1) and (2), or directing such information be shared, with a business associate, as defined in 45 CFR 160.103, consistent with applicable privacy regulations promulgated pursuant to section 264(c) of HIPAA, GINA, and the ADA. 

PHS Act section 2799A-9(a)(2) prohibits health insurance issuers offering individual health insurance coverage from entering into an agreement with a health care provider, network or association of providers, or other service provider offering access to a network of providers that would directly or indirectly restrict the issuer from— 

(1) providing provider-specific price or quality of care information, through a consumer engagement tool or any other means, to referring providers, enrollees, or individuals eligible to become enrollees of the plan or coverage; or 

(2) sharing, for plan design, plan administration, and plan, financial, legal, and quality improvement activities, data described in (1) with a business associate, consistent with the privacy regulations promulgated pursuant to section 264(c) of HIPAA, GINA, and the ADA.

Plans and issuers must annually submit an attestation of compliance with these requirements to the Departments of Labor, Health and Human Services, and the Treasury (collectively, the Departments). The Centers for Medicare & Medicaid Services is collecting GCPCAs on behalf of the Departments 

The first GCPCA is due no later than December 31, 2023. Subsequent attestations are due by December 31 of each year thereafter.



Resources


Frequently Asked Questions (PDF) 

Instructions for submitting the GCPCA (PDF)

User Manual for submitting the GCPCA (PDF)

GCPCA Reporting Entity Excel Template (XLSX)

Enter Webform Now for a GCPCA


 

Page Last Modified:
01/09/2024 04:22 PM