View as Webpage
regtap.cms.gov

This is a reminder on behalf of the Centers for Medicare & Medicaid Services (CMS), in collaboration with the Departments of the Treasury and Labor, that group health plans and health insurance issuers offering group or individual health insurance coverage must annually submit a Gag Clause Prohibition compliance attestation (GCPCA). Responsible Entities must attest annually by December 31. If your Responsible Entity has already attested in 2025, you may disregard this email.


What is the GCPCA?

 

The GCPCA is an attestation of compliance with Internal Revenue Code (IRC) Section 9824, ERISA Section 724, and Public Health Service (PHS) Act Section 2799A-9, as applicable. These provisions generally prohibit plans and issuers from entering into agreements (with a healthcare provider, provider network or association, third-party administrator (TPA), or other service provider offering network access), that would directly or indirectly restrict access to or disclosure of:

  • Provider-specific cost or quality of care information or data
  • De-identified claims or encounter information or data
  • Sharing such information with a business associate consistent with the HIPAA privacy rules

 

Who may attest to compliance on behalf of a plan or issuer?


Group health plans and health insurance issuers offering group or individual health insurance coverage must attest annually. A plan or issuer may authorize any appropriate individual within the organization, such as the plan administrator of a group health plan, to attest on behalf of the plan or issuer.

Entities submitting attestations on behalf of plans or issuers (such as brokers, agents, TPAs, or PBMs) must:

  • Notify the plan or issuer that they are submitting the attestation on their behalf
  • Obtain the plan's or issuer’s agreement to do so
  • Confirm that the plan or issuer is in compliance with the statutory requirements


A service provider that has been provided the authority to make the attestation on behalf of a plan or issuer, such as a TPA attesting on behalf of its clients, may authorize any appropriate personnel within the organization to make the attestation.

 

Where is the attestation submission form?


The GCPCA Instructions and User Manual for submitting a GCPCA are available here: https://www.cms.gov/marketplace/about/oversight/other-insurance-protections/gag-clause-prohibition-compliance-attestation. To submit a GCPCA, scroll to the bottom of the page and click on “Enter Webform Now for a GCPCA.”


What is the attestation period for each year?


The attestation period generally begins as of the day immediately following the date of the prior attestation and extends to the date of the current attestation. The attestation end date has to be the date of the current attestation or an earlier date. Responsible entities cannot attest through an end date that is in the future.


What’s new this year?


Since last year, the following updates were made:

  • The 2025 attestation year was added to the GCPCA webform drop-down menu.
  • A delete button was added to the Submission details page.
  • Users can elect to pre-populate their information from a prior GCPCA.
  • Users will now receive an email notification when their GCPCA is completed or deleted. 
  • Detailed instructions have been added to step 3 for downloading the reporting entity excel template.
  • The GCPCA User Manual has been updated. The current version is now dated June 2025.
  • There are no updates to the GCPCA Responsible Entity Excel Template (XLSX).

 

Need Help?

 

For technical assistance with the attestation process, please contact the Marketplace Service Desk:

  • Phone Number: 1-855-267-1515; Hours of Operation: 9:00 a.m. to 6:00 p.m. ET, Monday through Friday.
  • Email AddressCMS_FEPS@cms.hhs.gov - include “GCPCA” in the subject line of your email



Centers for Medicare & Medicaid Services (CMS) | 7500 Security Boulevard | Baltimore, MD 21244 US

Unsubscribe | Update Profile | Constant Contact Data Notice