For Washington employers, the annual gag clause prohibition compliance attestation is not just another year-end form. It is a practical test of whether your health plan contracts let you access the cost and quality information needed to oversee benefits responsibly.

Talk with Washington Health Insurance Agency (WHIA) about organizing your benefits-strategy questions before the annual deadline.

Staying on top of this filing is a useful part of annual plan governance. This guide explains who is responsible, what to request from vendors, how to prepare, and why contract transparency supports stronger benefits decisions.

Reviewed by Vernon Bonfield, Washington Health Insurance Agency.

Gag clause prohibition compliance attestation explained

A gag clause prohibition compliance attestation, often called a GCPCA, confirms that a group health plan has not entered into agreements that contain prohibited limits on access to certain data. The requirement comes from the Consolidated Appropriations Act, 2021. It applies to contracts with health care providers, provider networks, third-party administrators, and other service providers.

What a prohibited gag clause does

A prohibited term may restrict a plan from seeing provider-specific cost or quality information. It may also limit electronic access to de-identified claims and encounter data for each participant or beneficiary. These limits can keep plan sponsors from reviewing how their plan works and from sharing allowed information with business associates.

The federal rule focuses on whether agreements contain these restrictions. The annual filing is the plan’s formal statement that it complies with the prohibition. Employers should not treat the filing as a simple box to check. The facts behind the statement need support from contracts, vendor confirmations, and a clear review process.

The annual deadline

Group health plans and issuers generally submit the attestation each year by December 31 through the federal GCPCA webform. The filing covers the period since the prior attestation. An employer should confirm the current instructions and reporting period before each submission because federal guidance and system steps may change.

This article is educational and is not legal advice. Employers should work with qualified legal counsel on how the rules apply to a specific plan or contract.

Who is responsible for the annual attestation?

The responsible entity depends on the type of coverage and the filing arrangement. In general, group health plans and health insurance issuers are subject to the annual requirement. This includes many fully insured and self-funded employer health plans. Certain arrangements, such as plans made only of excepted benefits, may fall outside the requirement.

Fully insured plans

For a fully insured plan, the carrier may submit an attestation that covers the plan. An employer should still ask the carrier whether it will file, which plan and contract periods it will cover, and when written confirmation will be available. A broad statement that the carrier handles compliance may not answer those questions.

Self-funded plans

A self-funded plan often relies on a TPA, pharmacy benefit manager, network, or other vendor. One vendor may be willing to attest for part of the plan but not for every agreement. The employer should map each vendor to the services and contracts it covers, then identify any gap that remains.

Responsible entity and attesting entity

The responsible entity is the plan or issuer subject to the rule. The attesting entity is the organization whose authorized person submits the webform. A carrier or TPA may act as the attesting entity for a plan, but the employer should not assume that delegation covers every contract.

Ask for the scope in writing. Keep the vendor’s confirmation with the plan’s compliance records. If a vendor will not attest, the employer should consult legal counsel and determine how to review the contract and complete the filing.

What should employers request from carriers and TPAs?

Start vendor outreach well before the filing deadline. A short, consistent request makes it easier to compare answers and find missing coverage. Send the request to every carrier, TPA, PBM, behavioral health vendor, and network partner tied to the plan. An employee benefits RFP checklist can also help your team document what it expects from plan partners.

Request	Why it matters
Will you submit the GCPCA for our plan?	Confirms whether the vendor will act as the attesting entity.
Which plans, contracts, and dates are covered?	Shows whether the vendor confirmation leaves any gaps.
Have relevant agreements been reviewed for prohibited terms?	Supports the basis for the attestation.
When will filing proof be provided?	Gives the employer a record to retain.
What information do you need from us?	Prevents delays caused by missing plan details.

Look for a clear scope

A useful response names the legal plan, the covered agreement, and the reporting period. It also states whether the vendor will submit on the plan’s behalf or only provide support. If the response refers only to the vendor’s standard contract, ask how custom amendments and related service agreements are handled.

Follow up on partial answers

Some vendors may cover only their own agreement. That does not confirm compliance for other plan relationships. Build a simple tracker that lists each arrangement, the vendor response, the filing party, and the date proof was received. Escalate unanswered or unclear items to counsel before signing an attestation.

How can an employer prepare for GCPCA filing?

Getting ready for the year-end filing starts with a clear plan. Most Washington companies need to work with several partners to follow the rules. The gag clause prohibition compliance attestation happens every year. Setting up a standard workflow will save you time. Start this work two months before the deadline to avoid any last-minute data gaps. WHIA’s employee benefits renewal timeline offers a useful model for assigning milestones and owners.

Build your compliance team

First, you need to pick a lead for this project. This person will manage the timeline and talk to your vendors. In many small and mid-sized firms, the HR manager or the CFO takes this role. They will need to track every health plan you offer. This includes dental and vision plans if they are not excepted benefits. One person in charge keeps the project on track and ensures that no plan is missed.

Your lead should also work with your legal experts. Many vendors provide help, but the final duty to file rests with the plan sponsor. A trusted Washington benefits advisor can help organize benefits-strategy questions and facilitate vendor discussions. Clear roles within your team prevent double work and help you find errors early.

Gather data from your partners

Next, you must talk to your health insurance carriers and TPAs. Each partner may handle the filing in a different way. Some carriers for fully insured plans will submit the filing for you. But they may still need you to confirm your company details. For self-funded plans, the TPA might only give you a data file. You will then have to upload it to the CMS system yourself. Get these details in writing so there is no confusion.

Reach out to your PBMs as well. Deals for drug coverage often have the types of gag clauses that the law now forbids. Review guidance on transparent PBM contracts for Washington employers as you examine pharmacy benefit arrangements. If a vendor is slow to respond, it could put your filing at risk. Start these talks early to give them enough time to prepare the needed reports.

Review your service contracts

Checking your contracts is a vital part of the work. You are looking for any language that stops you from seeing or sharing cost and quality data. The law wants to make sure that employers can see how their money is spent. If you find a clause that restricts this data, you may need to update the contract. These “gag clauses” are no longer allowed under the CMS guidance on health plan clear data rules.

Reviewing these terms helps you understand your plan better. If your contracts are not clear, it is hard to say that you are in full compliance. Use this time to clean up any old language in your service deals. This makes your plan more open and helps you make better choices for your staff in the long run.

1. List all plan setups: Make a full list of every health, dental, and vision plan your company offers. Note which ones are fully insured and which are self-funded.
2. Pick a filing lead: Choose one person to be the owner of the project. They will be the main point of contact for all your vendors and partners.
3. Ask vendors for data: Send a formal request to each carrier and TPA. Ask if they will file for you or if they will provide a file for you to submit.
4. Review plan terms: Check your service deals for any “gag clauses” that limit data sharing. Make sure these terms have been removed or updated.
5. Set up your account: If you are filing on your own, you must have an account on the CMS HIOS system. Set this up early as the sign-up process can take a few days.
6. Submit the filing: Upload your data to the CMS site and complete the attestation. Ensure you do this before the December 31 deadline each year.
7. Save your proof: Keep a copy of the receipt from the CMS system. Retain your notes and vendor emails according to your plan’s document-retention policy and counsel’s guidance.

Why contract transparency matters beyond compliance

The gag clause rule is about more than an annual form. Access to plan data helps an employer understand what it buys, how vendors perform, and where employees may face barriers to care. Clear contract rights also help a plan sponsor ask better questions before a benefits renewal.

Support better plan oversight

Cost, quality, and claims data can help a plan sponsor review trends and test whether the plan is serving employees as intended. Without usable data, it is harder to compare options or hold a vendor accountable. A transparent agreement gives the employer a stronger base for sound benefits decisions.

Make vendor duties clear

Contracts should state what data the plan can receive, how it can use that data, and when the vendor must provide it. The employer should also understand any limits tied to privacy law or business associate agreements. Removing a prohibited gag clause does not remove the need to protect personal health information.

Use the filing as a governance checkpoint

The annual attestation creates a natural time to review contracts, confirm vendor duties, and document unresolved issues. Employers can add this work to the same calendar used for renewals and other plan duties. Washington Health Insurance Agency (WHIA) can help employers organize benefits-strategy questions and coordinate discussions with plan partners.

Build a clear record for each plan year

A strong file shows how the employer reached its attestation. Keep the final submission receipt, vendor responses, the contract inventory, notes from follow-up, and the names of people who reviewed the filing. Store records in a place the next plan administrator can find.

Create a repeatable calendar

Set reminders early enough to resolve gaps before December 31. Start with an inventory review, then send vendor requests, check responses, and prepare the filing. After submission, save proof and note what should change next year. A repeatable process reduces last-minute risk and makes vendor accountability part of normal plan governance.

Know when to seek legal advice

Benefits advisers can help employers organize the process and talk with carriers or TPAs. Legal counsel should address questions about contract language, plan-specific responsibility, exceptions, and whether a plan can make the attestation. This guide provides general education, not legal advice.

Frequently Asked Questions

How do I submit the gag clause attestation?

You must submit your form through a web portal called the HIOS GCPCA system. This site is run by the federal government. Users must first set up an account to access the filing area. You will then enter details about your plan and sign the form with a digital signature. Plan sponsors can visit the CMS portal to find the link and start their filing before the year-end deadline.

What is the annual deadline for the Gag Clause Prohibition Compliance Attestation?

The deadline to submit your form is December 31 of each year. This date stays the same no matter when your plan year starts or ends. You must attest that your provider contracts do not have prohibited terms that block the sharing of certain cost or quality data. Plan sponsors should start the work early to ensure all data is ready for the portal.

Can an employer rely on their TPA or carrier to submit the GCPCA?

Yes, but the rules change based on your plan type. Fully insured plans can often have their carrier handle the filing through a written agreement. For self-funded plans, the employer can hire a vendor to help with the filing. However, the plan sponsor should confirm its responsibilities, vendor scope, and filing proof in writing.

What happens if a plan sponsor does not submit the required gag clause attestation?

A missing attestation can create compliance risk and may lead to federal enforcement. Plan sponsors should review current federal guidance and consult qualified legal counsel about plan-specific consequences. To reduce risk, check contracts early, resolve vendor-scope gaps, and retain proof of the completed annual filing.

Ready to organize your gag clause compliance process?

A timely filing begins with clear vendor roles, contract access, and a documented process. Starting early gives your team time to identify gaps and seek legal guidance when needed.

Ready to talk with WHIA about benefits-strategy guidance? Call 360-464-1622 or contact WHIA to organize the right questions for your plan partners.