- On November 4, 2025
Federal regulations bar group health plans and health insurers from entering into agreements that restrict access to specific data regarding provider pricing or service quality. These contractual limitations—known as “gag clauses”—can prevent plans from sharing or obtaining vital cost and care information. To ensure compliance, plans and insurers must file an annual attestation with the U.S. Departments of Labor, Health and Human Services, and the Treasury. The next attestation is due by December 31, 2025. Failure to meet this obligation may result in enforcement actions by federal regulators.
Key Takeaways for Employers
- Review Service Contracts Carefully: Employers should examine their agreements with TPAs, networks, and other plan service providers to ensure they do not contain any gag clauses. Contracts should not limit the plan’s ability to disclose or access information related to provider costs or care quality. Additionally, employers should confirm that their providers are barred from entering into any secondary or “downstream” contracts that would restrict the plan’s access to such information. Even if the plan is not directly involved in those agreements, any resulting limitations could still violate federal rules.
- Understand Your Attestation Requirements
- Fully insured plans may rely on the insurer to submit the annual attestation, relieving the employer of the filing requirement.
- Self-funded plans may delegate the task to a TPA through a written agreement. However, the plan itself ultimately remains legally responsible. If a TPA will not submit on behalf of the plan, the employer must do it directly.
What Is Considered a Gag Clause?
A gag clause is any contractual language that directly or indirectly limits a health plan or insurer from:
- Sharing provider-specific cost or quality data with parties such as plan sponsors, participants, potential enrollees, or referring providers;
- Accessing de-identified claims or encounter data electronically, in accordance with HIPAA, GINA, and ADA privacy standards;
- Sharing that information with business associates when allowed under federal privacy laws.
For illustration: if a TPA’s contract states that the employer-sponsored plan can only see cost and quality metrics at the TPA’s discretion, that is considered a gag clause and violates federal law.
Regulators also expect health plans to prevent downstream agreements (e.g., between a TPA and a contracted network) from restricting access to data. Contracts that allow such limitations—even indirectly—can trigger compliance issues.
Attestation Requirements and Process
All group health plans subject to the gag clause rule—including ERISA plans, church plans, and nonfederal governmental plans—must certify compliance annually. This requirement applies even if a plan has discovered noncompliance in its contracts.
The annual attestation is submitted through a federal portal and must include any known violations that have occurred. Plans that are out of compliance must disclose specifics, such as:
- The nature of the prohibited clause;
- The name of the provider or TPA involved;
- Steps the plan has taken to remedy the violation;
- Evidence of efforts to have the clause removed.
Federal regulators have indicated that they will consider good-faith self-reporting when determining enforcement actions; however, the presence of a gag clause—even if disclosed—may still result in penalties.
Fully Insured vs. Self-Funded Plans
- Fully insured plans: Both the plan and the insurer are responsible for attestations, but if the insurer completes the process, it covers both parties.
- Self-insured plans: Employers may contract with TPAs to submit claims on their behalf; however, legal responsibility ultimately lies with the plan sponsor. Due to some TPAs’ unwillingness to handle the filing, employers may need to take responsibility for submission.
By acting now to audit contracts and prepare for the next annual filing, employers can avoid potential violations and ensure they remain in compliance with federal requirements.