Health Plan Regulation

In 2020, Congress adopted a ban on insurer and group health plan contracts containing “gag clauses” on health care price and quality information. The ban was included in the Consolidated Appropriations Act, 2021 (CAA 2021) and took effect on December 27, 2020. Group health plans and insurers must annually attest to compliance with the gag clause prohibition. The first attestation of compliance is due by December 31, 2023, attesting to compliance for contracts in 2021, 2022, and 2023 and subsequent attestations are due by December 31 of each year.

Here’s the problem – how is an employer who purchased a group health plan supposed to know whether the insurer has complied, let alone for that past three years?

DOL and the other oversight agencies issued instructions that allow the insurer to attest on the employer’s behalf.

“With respect to fully-insured group health plans, the group health plan and the issuer are each required to annually submit a Gag Clause Prohibition Compliance Attestation. However, when he issuer of a fully-insured group health plan submits a Gag Clause Prohibition Compliance Attestation on behalf of the plan, the Departments will consider the plan and issuer to have satisfied the attestation submission requirement.”

BUT, what happens when the attestation is wrong? What if the insurer attests that it does not use gag clauses but its provider agreements contain extensive proprietary and confidentiality provisions? As DOL describes the gag clause ban:

“For example, if a contract between a TPA and a group health plan states that the plan will pay providers at rates designated as “Point of Service Rates,” but the TPA considers those rates to be proprietary and therefore includes language in the contract stating that the plan may not disclose the rates to participants or beneficiaries, that language prohibiting disclosure would be considered a prohibited gag clause.” [DOL Gag Clause FAQs]

The federal statute provides:

29 U.S. Code § 1185m – Increasing transparency by removing gag clauses on price and quality information

(a) Increasing price and quality transparency for plan sponsors and consumers

(1) In general

A group health plan (or an issuer of health insurance coverage offered in connection with such a plan) may not enter into an agreement with a health care provider, network or association of providers, third-party administrator, or other service provider offering access to a network of providers that would directly or indirectly restrict a group health plan or health insurance issuer offering such coverage from—

(A) providing provider-specific cost or quality of care information or data, through a consumer engagement tool or any other means, to referring providers, the plan sponsor, participants or beneficiaries, or individuals eligible to become participants or beneficiaries of the plan or coverage;

(B) electronically accessing de-identified claims and encounter information or data for each participant or beneficiary in the plan or coverage, upon request and consistent with the privacy regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996, the amendments made by the Genetic Information Nondiscrimination Act of 2008, and the Americans with Disabilities Act of 1990 [42 U.S.C. 12101 et seq.], including, on a per claim basis—

(i) financial information, such as the allowed amount, or any other claim-related financial obligations included in the provider contract;

(ii) provider information, including name and clinical designation;

(iii) service codes; or

(iv) any other data element included in claim or encounter transactions; or

(C) sharing information or data described in subparagraph (A) or (B), or directing that such data be shared, with a business associate as defined in section 160.103 of title 45, Code of Federal Regulations (or successor regulations), consistent with the privacy regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996, the amendments made by the Genetic Information Nondiscrimination Act of 2008, and the Americans with Disabilities Act of 1990 [42 U.S.C. 12101 et seq.].

(2) Clarification regarding public disclosure of information

Nothing in paragraph (1)(A) prevents a health care provider, network or association of providers, or other service provider from placing reasonable restrictions on the public disclosure of the information described in such paragraph (1).

(3) Attestation

A group health plan (or health insurance coverage offered in connection with such a plan) shall annually submit to the Secretary an attestation that such plan or issuer of such coverage is in compliance with the requirements of this subsection.

The statutes do not exempt an employer who relies on an insurer statement. Employers are required to ensure that their benefit plan contracts do not contain any prohibited gag clauses and must attest to compliance. But insurers and other network administrators contracting with providers have historically imposed contractual limitations on the disclosure of information that the insurer or network considers to be confidential or proprietary.

Shouldn’t employers be permitted to rely on state insurance regulators to ensure federal compliance?

In Washington State, all health care provider agreements must be filed with the Insurance Commissioner for review and approval prior to use. Except for the provider payment rate exhibits, these agreements can be obtained by anyone with internet access from the Commissioner’s website.

For example, the Regence template for provider contracting approved by the Commissioner on 04/26/2023 [For Public Professional Services Agreement Template WA4] starts and ends with every contract page designated as “Confidential and Proprietary.” Why? It’s public.

The Regence agreement contains a Data Access, Use, and Transfer Addendum restricting access and disclosure of “confidential and proprietary information.”

CONFIDENTIAL AND PROPRIETARY INFORMATION. As used in this Addendum, “Regence Confidential and Proprietary Information” means: (a) proprietary information of Regence in whatever form (hard-copy, electronic, on-line, encoded disk, etc.); (b) information marked or designated by Regence as confidential or proprietary; (c) claims and health information that Regence treats as confidential, including raw claims data, claim data extracts, utilization information and health information specific to a particular Member or his/her dependents; (d) the names, addresses and telephone numbers of all Members and employer groups; (e) this Agreement; and (f) other information provided by Regence, which Regence is obligated to keep confidential. “Regence Confidential and Proprietary Information” excludes any information now or hereafter voluntarily disseminated by Regence to the public, which otherwise becomes part of the public domain through lawful means, or which is required to be disclosed by or to a government agency publicly.


Purpose and Use. The Provider will hold the Regence Confidential and Proprietary Information in confidence and will use the Regence Confidential and Proprietary Information for the sole and limited purpose for which it was disclosed, namely, providing the services set out in the Agreement (“Purpose”). Provider shall make reasonable efforts to use, disclose and request only the minimum amount of Regence Confidential and Proprietary Information necessary to accomplish the intended purposes of the use, disclosure, or request. The Provider agrees to implement and follow appropriate minimum necessary policies in the performance of its obligations under the Agreement.

Without limiting the foregoing, the Provider will not, in whole or in part, use the Regence Confidential and Proprietary Information in either aggregate or de-identified form: (i) for any purpose other than the Purpose; (ii) to provide services to any other party; or (iii) for its own benefit to develop normative and benchmarking data, internal or external research, analysis and product development, without the prior written consent of Regence.

What should a conscientious employer do? Should the employer attest that this agreement does or does not contain an impermissible “gag clause?” How would the employer make that decision? What is the employer’s liability if Regence attests on the employer’s behalf and regulators find problems?

How should an employer judge the following clause in the Regence provider agreement?

7.4 IMMEDIATE TERMINATION. Notwithstanding any other provision of this Agreement, Regence may terminate this Agreement immediately upon notice to Provider, in accordance with Section 9.3, in the case of any of the following:

…7.4.12 Any action or communication that fundamentally undermines or could fundamentally undermine the confidence of Members, potential Members, their employers, unions, physicians, other health care professionals, or the public in Regence or in the quality of care provided to Members.

By now you should have come to the same conclusion that most employers have come to – “What the {**} was Congress thinking?” Why is this an employer problem unless the employer is self-insured?

Why should an employer who purchases a heavily regulated health plan have any responsibility for the decisions made by the insurer and reviewed by insurance regulators?

Would an insurer amend their provider agreements if Joe’s Pizzaria objected to a provider contract provision?

What on earth will federal agencies do with a blizzard of attestations by employers, insurers, networks, and administrators that attest, ‘We obey.”

Who will report otherwise?