Insurance companies now have to ensure patients have full access to their health care costs. Previously, insurance companies had gag clauses in place that prevented patients from seeing specific data regarding their treatment. With the new Gag Clause Prohibition Compliance Attestation in place, patients have easier access to their own data than ever before.
The GCPCA prevents group insurance plans and health insurance issuers offering group health insurance from entering an agreement with a health care provider, network or association of providers, third-party administrator or other service provider that restricts a plan or issuer from the following:
- Providing provider-specific cost or quality of care information through a consumer engagement tool. This includes any other means to referring providers, the plan sponsor, participants, beneficiaries or enrollees, or individuals eligible to become participants, beneficiaries or enrollees.
- Electronically accessing de-identified claims and encounter information or data for each participant, beneficiary or enrollee in the plan or coverage upon request. It must be consistent with the privacy regulations covered by section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Genetic Information Nondiscrimination Act of 2008 (GINA) and the Americans with Disabilities Act of 1990 (ADA), including, on a per claim basis:
- Financial information (the allowed amount or any other claim-related financial obligations in the contract)
- Provider information (including name and clinical designation)
- Service codes
- Any other data element included in transactions
- Sharing any information or data described in the previous two points, or directing such information to be shared with a business associate, consistent with the privacy regulations in section 264(c) of HIPAA, GINA and the ADA.
On the flip side, PHS Act section 2799A-9(a)(2) prohibits health insurance issuers from offering individual health insurance from entering an agreement with a health care provider, network or association of providers, or other service providers that restrict a plan or issuer from the following:
- Providing provider-specific price or quality of care information through a consumer engagement tool. This includes any other means, referring to providers, enrollees or individuals eligible to become enrollees of the plan or coverage.
- Sharing, for plan design, plan administration, and plan, financial, legal and quality improvement activities, and data from the first point with a business associate, consistent with the privacy regulations in section 264(c) of HIPAA, GINA and the ADA.
Plans and issuers are required to submit an attestation of compliance annually to the Departments of Labor, Health and Human Services and the Treasury. The Centers for Medicare & Medicaid Services collects GCPCAs on their behalf. Attestations are due on Dec. 31 of each year.
If you have any questions or concerns about what GCPCAs mean for your organization, don’t hesitate to reach out to the CanopyNation team.