Compliance Recap | November 2025

In November, employers prepared for the Gag Clause Prohibition Compliance Attestation, a requirement of the Consolidated Appropriations Act. A federal trial court vacated key portions of nondiscrimination regulations under Section 1557 of the Affordable Care Act that include gender-identity discrimination. A court case reminded employers to stay alert to potential Family and Medical Leave Act triggers. A federal case highlights the importance of both proper COBRA notices and the need to show real harm when challenging them.

THE ANNUAL GAG CLAUSE ATTESTATION DUE DEC. 31, 2025

Under the rules adopted by Congress in the Consolidated Appropriations Act, 2021 (CAA), group health plans and health insurance issuers of both fully insured and self-funded plans must certify that their contracts with providers, networks, third-party administrators (TPAs), pharmacy benefit managers (PBMs), or other service providers do not contain “gag clauses.”

Under the CAA, a “gag clause” is any contractual term that directly or indirectly restricts the plan or issuer from sharing or giving access to certain data. Specifically, the prohibition covers:

• Sharing provider-specific cost or quality-of-care data with plan sponsors, participants, beneficiaries, enrollees or eligible individuals.
• Providing electronic access, upon request, to de-identified claims and encounter data (financials, service codes, provider identifiers, etc.), subject to applicable privacy laws.
• Allowing data to be shared with business associates, consistent with privacy rules under HIPAA, GINA, and the ADA.

The gag-clause prohibition is a core part of the CAA’s transparency agenda and is intended to ensure that cost and quality data, plus claims information, remain accessible to the plan sponsor, participants, and other stakeholders for monitoring, decision-making, and cost management.

The Gag Clause Prohibition Compliance Attestation (GCPCA) must be submitted through the Centers for Medicare & Medicaid Services (CMS) Health Insurance Oversight System (HIOS). Users access HIOS through the CMS Enterprise Portal and register for a CMS IDM account. Additional information is available in the HIOS Reference Guide

Who Must File and Who Can Delegate

Fully insured plans: The insurance carrier (issuer) technically must file the GCPCA and often does so on behalf of the employer. Plan sponsors should confirm in writing that the carrier will submit the attestation on their behalf and keep that confirmation on record.

Self-funded (or level-funded) plans: The employer plan sponsor is ultimately responsible for filing. Many self-funded plans rely on their TPA or other plan service providers (PBM, behavioral-health vendor, etc.) to submit the attestation. However, even when the plan delegates filing, the legal obligation remains with the plan sponsor.

In either case, plan sponsors should review all current contracts, including downstream agreements entered by TPAs and PBMs to ensure no prohibited gag-clause language exists, even if the sponsor is not directly a party to the agreement.

Employer Considerations

With the December 31, 2025, deadline just weeks away, plan sponsors should:

• Confirm in writing with carriers, TPAs or PBMs whether they will submit the GCPCA on the plan’s behalf.
• If the plan sponsor must file, review all provider, TPA, PBM, and network-vendor agreements now to confirm there are no gag-clause provisions (including in downstream agreements).
• If any prohibited clause exists, request that the vendor remove it. If not removed, be prepared to self-report the clause in the “Additional Information” section of the GCPCA form. The agencies have said that good faith self-reporting will be taken into account.
• Submit the GCPCA via the CMS HIOS webform before Dec. 31, 2025, and retain a copy of the confirmation receipt and related documentation with your plan’s compliance records.

FEDERAL TRIAL COURT HAS VACATED PROVISIONS UNDER ACA SECTION 1557

A federal trial court recently vacated key portions of nondiscrimination regulations under Section 1557 of the Affordable Care Act (ACA) that extended protections to include gender-identity discrimination. The court concluded that the rule put forth by the U.S. Department of Health and Human Services (HHS) exceeded the agency’s statutory authority when it interpreted “sex discrimination” under Section 1557 to include gender identity.

This ruling directly affects the final regulations that HHS issued in May 2024, which formally reinterpreted Section 1557 to prohibit discrimination based on sex characteristics, pregnancy, sexual orientation, and notably gender identity.

Under the 2024 rule, “covered entities” including insurers, health exchanges, Medicaid/Medicare-funded providers, and other federally funded health programs would have been required to treat gender identity as a protected characteristic for nondiscrimination purposes.

However, the court concluded that HHS went beyond what Congress authorized. The judge emphasized that Congress, when adopting Title IX in 1972, likely understood “sex” to mean biological sex, not gender identity, and that HHS lacked authority to unilaterally expand that definition.

The court pointed out that decisions about gender-affirming care result from a person’s medical diagnosis, not their sex, and therefore refusing such care does not amount to prohibited “sex discrimination.” As a result, the portions of the 2024 regulations extending Section 1557 protections to gender identity (and related mandates for gender-affirming care) have been universally vacated.

Employer Considerations

For employers and plan sponsors of self-insured and fully funded group health plans, this decision introduces a new landscape. The prior expectation that Section 1557 would require coverage of gender-affirming care or forbid exclusions based on gender identity has now been invalidated at the federal level.

• Review benefit plan design and coverage policies. Plans that expanded benefits in 2024 or 2025 to include gender-affirming care in response to the 2024 rule may now revisit those changes.
• Update nondiscrimination policies. Employers with documented nondiscrimination policies must update any language referencing gender identity as a protected characteristic under Section 1557, to reflect that the federal rule is vacated.
• Monitor state and local law. Even though the federal regulation is vacated, some states may maintain or enact their own protections for gender-identity nondiscrimination in health care. Employers operating in multiple states should track applicable state laws.
• Communicate thoughtfully with stakeholders. Changes in coverage or policy should be communicated clearly and sensitively to employees to manage expectations and avoid confusion or perceptions of discrimination.

AN OVERLOOKED FMLA RISK EMPLOYERS SHOULDN'T MISS

The Family and Medical Leave Act (FMLA) remains one of the most commonly misunderstood workplace laws, particularly when it comes to recognizing when an employee may be requesting protected leave. A recent Eleventh Circuit Court of Appeals decision, James v. FedEx Freight, offers a timely reminder that employers must stay alert to potential FMLA triggers, even when employees never utter the words “FMLA leave.”

The Case: A High-Risk Pregnancy

A freight handler working overnight shifts faced a growing challenge at home. His spouse’s pregnancy evolved into a medically high-risk condition, requiring frequent appointments, the inability to work or drive, and sometimes urgent care. The employee repeatedly informed supervisors that:

• His spouse’s pregnancy had become “high-risk.”
• She could not drive, making him the only available transportation.
• Unexpected complications could require him to leave work without warning.

While these statements pointed to a potential need for FMLA leave, the employer dismissed early inquiries and never provided FMLA information.

As the pregnancy progressed, the employee occasionally declined overtime to tend to his spouse’s medical appointments and needs—actions that resulted in corrective documentation and, ultimately, termination for alleged “job abandonment.”

FMLA Notice: No “Magic Words” Required

Under the FMLA, eligible employees may take leave to care for a spouse experiencing a serious health condition, including pregnancy-related complications and prenatal care. Critically:

• Employees do not need to specifically request “FMLA leave” to be protected.
• Employers must act once they receive information suggesting a situation may qualify.
• If details are unclear, the employer, not the employee, is responsible for seeking additional information.

Employees are expected to give notice as soon as practicable, especially when complications or emergencies make advance notice impossible. Once on notice, employers must evaluate whether FMLA applies and provide all appropriate rights and responsibilities information.

The Eleventh Circuit held that the employer had sufficient information to trigger its duty to investigate FMLA eligibility. The court emphasized:

• Transporting a pregnant spouse who cannot drive is a qualifying caregiving activity.
• Intermittent leave may be appropriate when complications cause unpredictable needs.
• An employer cannot require “ironclad proof” before recognizing an FMLA-qualifying situation.
  
  

Employer Considerations

The court’s decision underscores a critical responsibility: managers must recognize potential FMLA scenarios and elevate them to HR promptly. Employers expose themselves to significant risk when front-line supervisors dismiss or overlook early signs of an FMLA-qualifying need.

Key reminders:

• FMLA protections can apply before a child is born.
• Attendance or overtime conflicts may reflect underlying caregiving needs.
• Supervisors should never ignore comments suggesting a medical complication or need for time away.
• HR, not individual managers, must determine whether FMLA applies.

FMLA compliance is more than a legal requirement; it’s an opportunity to support employees during meaningful moments in their personal lives. Proactive education and consistent escalation procedures can help employers avoid costly missteps and ensure employees receive the protections the law intends.

COBRA NOTICE FAILURES RESULT IN nO HARM

A recent federal case, Marrow v. E.R. Carpenter Co., Inc., highlights the importance of both proper COBRA notices and the need to show real harm when challenging them. In this case, a former employee sued her employer (the plan administrator) claiming that errors in her COBRA election notice kept her from electing continuation coverage and left her with unpaid medical and dental expenses. The dispute centered on two alleged notice flaws: the absence of a clear deadline for returning the election form and mixed messages about whether the first premium payment had to be sent with that form.

When the court later reviewed those claims, it dismissed the case. The key issue was not whether mistakes existed, but whether those mistakes caused the employee’s losses. The court found no such connection. The employee acknowledged she understood she had 60 days to elect coverage, knew a premium payment would be required, and could afford it, but she never attempted to enroll. Because she could not show that the unclear deadlines or instructions influenced her decision, the court determined the notice deficiencies did not lead to her uninsured expenses.

Employer Considerations

While courts do not always impose penalties for COBRA notice violations, especially when no harm can be shown, they have wide discretion to do so. The safest path for employers and plan administrators is to ensure that COBRA notices are complete, accurate, and easy to follow. Clear communication can help avoid disputes, reduce litigation risk, and support a smooth continuation coverage process.

Question of the Month

Q: An employee has a COBRA subsidy from their prior employer that is ending. Is that a qualified life event, allowing them to enroll in the new employer’s plan outside of open enrollment?

A: No, the ending of any COBRA subsidy is not a HIPAA special enrollment event that would entitle an employee to enroll in a new employer’s plan outside of open enrollment.

Answers to the Question of the Week are provided by Kutak Rock LLP. Kutak Rock provides general compliance guidance through the UBA Compliance Help Desk, which does not constitute legal advice or create an attorney-client relationship. Please consult your legal advisor for specific legal advice.