Compliance + Machine Readable Files (MRFs)

Compliance Alert
Consolidated Appropriations Act (CAA) Transparency in Coverage (TiC) 
Machine Readable Files (MRFs)

PAI is hosting access to the CAA TiC required Machine Readable Files (MRFs), for our employer group customers, reflecting: 

  1. In-Network rates; and 
  2. Out-of-Network allowed amounts.

PAI is following the guidelines available on the GitHub website for posting MRFs. 

What is a machine-readable file (MRF)? 

A machine-readable file is defined as a digital representation of data or information in a file that can be imported or read by a computer system for further processing without human intervention, while ensuring no semantic meaning is lost. The Transparency in Coverage Rule (TiC) specifies that insurers/plans must create and publicly post machine-readable files (MRF) with detailed in-network and out-of-network pricing data. TiC requires each machine-readable file to use a non-proprietary, open format.

What data is available in the MRFs provided? 

The MRFs we produce only contain the data we administer and maintain. This includes MRFs with preferred provider organization (PPO) in-network pricing and out-of-network pricing. These files include pricing for drugs* covered under the medical plan. 

Out-of-network MRFs are created for each group.

If a plan uses a third-party vendor (such as carved-out behavioral health), then the group should work with that vendor to determine whether it is providing a similar solution.

*The prescription drug file compliance date has been postponed, but we will be compliant with regulations when that date is announced.

How will users select the correct files? 

Our web portal is set up to allow users to search for MRFs by the employer’s IRS Employer Identification Number (EIN). The search returns all the relevant files for the employer based on their EIN ID and network code. 

For groups with custom pricing, such as a hospital employer with a domestic pricing tier, we generate the in-network MRFs that apply to that tier. These files are available at our public website for that employer only.

How many files are created for a group? 

An in-network file is created for each network a group uses and includes a separate file for each plan. The out-of-network file is a single file. 

How often are the MRFs be updated? 

The files are updated monthly.

Does PAI create these files and/or the website internally or utilize a subcontractor? 

We create these files internally. 

In what format do you provide the files? 

Files are in JSON format. 

Can plan sponsors link to the files? 

These files are accessible through this publicly available website/webpage. Plan sponsors may link to those files as desired. 

Does PAI provide employers with MRFs on a monthly basis? 

Because of sharing limitations due to file size, the machine-readable files are only be made available on the public website.

Are there any fees to employers to get the MRFs?


Are members able to access the MRFs? 

Anyone can visit our public website and download files based on employer group EIN. However, these files are not intended for member consumption. Members who wish to review pricing for specific provider or procedures should contact our PAI Customer Service Team. 

How do you monitor and validate your processes to ensure the ongoing accuracy of the data in the files? 

Quality assurance processes is an integral part of our solution design for the monthly file postings. 


FAQs: Gag Clause Prohibition Compliance Attestation

What is a gag clause?

For purposes of this requirement, the government defines a gag clause as a contractual term that directly or indirectly restricts specific data and information that a health plan or insurer can make available to another party.  Prohibited gag clauses must not be included in agreements between a health plan or insurer and any of the following:

•  A health care provider
•  A network or association of providers
•  A third-party administrator (TPA)
•  Another service provider offering access to a network of providers

What gag clauses are prohibited? 

Effective December 27, 2020, clauses in certain contracts which restrict (or “gag”) disclosure of cost and quality information, or restrict access to certain de-identified data, are not allowed.

Did PAI review its existing contracts, and if needed, update them?

Yes.  Where needed, we updated applicable contracts to meet the requirements. 

What is the Gag Clause Prohibition Compliance Attestation (GCPCA)?

The GCPCA is a formal declaration from the health plan or insurer that there are no prohibited gag clauses in agreements.  The Consolidated Appropriations Act, 2021 requires this formal declaration or “attestation” to be submitted to the government annually.  

When is the GCPCA due?

The first GCPCA is due no later than December 31, 2023.  This first GCPCA will cover the period beginning December 27, 2020 (the date the CAA, 2021 became law).  Thereafter, a GCPCA must be filed every year by December 31 to cover the period from the last GCPCA submission.

Who must attest? 
Entities Required to Attest (Reporting Entities)Entities Not Required to Attest
  1. Insurers offering individual health insurance coverage, including:
    •  Student health insurance plans
    •  Grandfathered and grandmothered plans
    •  Policies sold on or off Exchanges
    •  Policies sold through an association
  2. Insurers offering group health insurance coverage, including:
    •  Grandfathered and grandmothered plans
    •  Policies sold on or off Exchanges
    •  All other group health insurance plans
  3. Group health plans, including the following to the extent they are considered group health plans:
    •  ERISA plans (or sponsors of ERISA plans)
    •  Non-Federal governmental plans, such as plans sponsored by state or local governments
    •  Church plans
    •  Grandfathered group health plans
  1. Account-based plans, such as health reimbursement arrangements (HRAs), including individual coverage HRAs
  2. Insurers and group health plans that offer only excepted benefits coverage, including, but not limited to:
    •  Hospital indemnity or other fixed indemnity insurance
    •  Disease-specific insurance
    •  Dental, vision and long-term care
    •  Accident-only, disability and workers’ compensation
  3. Insurers that offer only short-term, limited-duration insurance
  4. Medicare and Medicaid plans
  5. State children’s health insurance program plans
  6. Basic Health Program plans

Source:  Tri-Agency Annual Submission Webform Instructions, Gag Clause Prohibition Compliance Attestation (

Who may submit the GCPCA?

Insurers and group health plans are required to submit the GCPCA, but they may contract with TPAs, PBMs, and other vendors to do so on their behalf.  A group may have more than one GCPCA submitted on its behalf by various vendors if there is a subset of separately-contracted administered benefits, and/or if different vendors were contracted to insure or administer the same benefits at different times throughout the period at issue.

Will PAI submit the 2023 GCPCA on my behalf?

Yes. For our fully-insured, self-funded, and level-funded groups, if we are a party to a contract subject to the gag clause prohibition and the group is receiving services or benefits (e.g., provider network access) as a result of that contract, we will submit the 2023 GCPCA on the group’s behalf, in accordance with the terms of an applicable executed GCPCA Agreement between PAI and the group. Please note that PAI will submit a 2023 GCPCA on behalf of a self-funded or level-funded group if the group agrees to execute a GCPCA Agreement with us by November 15, 2023.  If the group does not agree to execute a GCPCA Agreement, the group will be responsible for their own attestation. 

Since this first attestation covers the period beginning December 27, 2020 and goes through 2023 (the applicable period), will you be filing the GCPCA on behalf of groups that terminated services within this time period?

For fully-insured groups, we will file the GCPCA for groups that had coverage with us during the applicable period.

For self-funded groups, we will file the GCPCA for groups that had active contracts beginning December 27, 2020 through present.

I am a self-funded or level-funded group.  If PAI submits my 2023 GCPCA, will it submit my GCPCAs for later years if my status remains the same?

While we expect to continue offering this service, government refinements to the requirements are likely and may necessitate revisiting our ability to file on behalf of our customers.

Will PAI need anything from groups to file the GCPCA?

The GCPCA requires a point of contact from each group and that person’s e-mail along with other data.  We may need to contact groups to ensure the accuracy of our records or fulfill the required data elements in the GCPCA.  If so, please respond promptly and by the due date we provide.  If responses are not timely provided by self-funded or level-funded groups, we may have to exclude them from our attestation filing.  If this occurs, the excluded self-funded or level-funded groups must file their own attestation. 

I am a self-funded plan and want to file my own GCPCA. When should I notify PAI that I want to do my own submission? 

By no later than November 15, 2023, respond to PAI’s survey indicating that you will be filing your own GCPCA.

Where can I find more information?

The GCPCA, information required to be submitted with the GCPCA, submission instructions, and FAQs can be found on the government’s GCPCA webpage: Gag Clause Prohibition Compliance Attestation | CMS.  Instructions are subject to updates at the government’s discretion.