The TPA Transparency Campaign Is Just Beginning

In healthcare plan design and administration, data is power, and for self-insured employers it’s also a fiduciary necessity.

Without detailed plan data from their third-party administrators (TPAs), employers are hamstrung; they cannot confidently oversee plan performance, control costs, or make informed benefits decisions. Some TPAs, however, do not readily hand over plan data, presumably to minimize their own administrative burdens and to avoid shining a brighter light on their business arrangements, performance, compensation, and the like. But there may be ways to force TPAs’ hands if brokers and their employer clients are ready to stay in the fight for the long haul.

The TPA Transparency Journey

Broker and employer groups have already laid groundwork to promote TPA data sharing. But like any tedious insurance topic, it’s a veritable slog to put the right policies in place and reach general industry compliance.

The non-admitted insurance space provides an example of how this challenge has played out in the past, though on a separate issue. It took years of Council advocacy and agitation for policymakers to act on state-by-state regulatory challenges around policy definitions, taxation, and other issues for non-admitted and surplus lines. The Nonadmitted and Reinsurance Reform Act (NRRA) was finally enacted in 2010 as part of the Dodd-Frank package (with a financial crisis driving lawmakers to actually pass robust reforms).

The NRRA imposed a regulatory regime dictating that only the rules of a policyholder’s home state apply to a surplus lines transaction (including, critically, the taxation authority over that transaction). But states and private stakeholders then spent years leveraging ambiguities in the law to implement the NRRA—the supposed big unifying policy— in different ways, to different degrees causing chaos for brokers seeking to comply. Today, however, those issues are almost all resolved, and non-admitted policies now comprise over one-third of the commercial property and casualty insurance market, up from about 8% prior to the NRRA’s enactment.

The TPA transparency journey is likely to be similar. Brokers and employers have set a consistent drumbeat with policymakers about the lack of transparency in the TPA and pharmacy benefit manager (PBM) spaces, and how that is impeding benefits design, plan administration, and cost reductions throughout the system. And Congress has been listening.

The Consolidated Appropriations Act (CAA) of 2021 contained notable pro-transparency measures, including requiring that insurance consultants (including TPAs and PBMs) disclose their direct and indirect compensation for services provided to group health plans and the so-called Gag Clause prohibiting third-party administrators from contractually barring or limiting plan sponsors’ access to specific de-identified plan data. However, as with the NRRA example, some industry stakeholders are taking advantage of alleged (or invented) ambiguities in the CAA to skirt or selectively implement these reforms.

So, consistent with experience, the CAA is proving to be a middle step toward securing TPA transparency. More steps and investment will be required to achieve real transparency. The law’s Gag Clause is a good place to start.

What the CAA Gag Clause Does and Doesn’t Do

The CAA’s Gag Clause prohibits TPAs from using restrictive contract language to keep critical data out of the hands of plan sponsors. It specifically prohibits contractual terms that limit disclosure of provider-specific cost or quality of care data or electronic access to de-identified claims and encounter data for each participant, beneficiary, or enrollee.

The CAA language clearly signals congressional recognition that plan sponsors need access to plan data and that they should be able to get it from their service providers. Practically, it forecloses TPAs’ historic practice of putting data-sharing restrictions in their contracts with plan sponsors. That removes a key hurdle to data access.

But some TPAs are capitalizing on what the CAA does not do: affirmatively require them to share the data. Instead of pointing to their old contractual language prohibiting data sharing, third-party administrators now emphasize more generalized privacy or proprietary data concerns as reasons to withhold the information.

Ultimately, the CAA opens the doorway wider for data sharing, but it does not compel TPAs to walk through it. The good news is there are multiple ways to ultimately shove TPAs through the metaphorical data-sharing door.

Closing the CAA Gap

First, employer and broker groups could ask Congress for clarifying amendments to the CAA Gag Clause. The intent clearly is there for TPAs to share data with plan sponsors, but lawmakers could affirmatively demand that happen. Given the political stalemate on Capitol Hill and other competing priorities like government and defense funding, this option could take a long time.

Second, these groups could request that the Department of Labor implement regulations or guidance that close the CAA gap. These efforts already are underway with respect to the CAA’s compensation disclosure requirements. The Department of Labor has clear political direction from the Trump administration via executive order to fully effectuate the CAA’s transparency provisions with respect to TPAs and PBMs, which is helpful. But under the new agency deference framework resulting from the Loper Bright Enterprises v. Raimondo U.S. Supreme Court decision, department policies that stray beyond clear delegations of authority from Congress are likely to draw litigation. Expanding the Gag Clause to compel TPA action would be controversial, and third-party administrators certainly would argue that it is beyond what the statutory text allows, which would drag out this path as well.

Third, proponents of TPA data sharing can tackle the issue in their own court challenges. This also is already happening: an emerging line of cases argues that third-party administrators owe fiduciary obligations to self-insured plan sponsors on whose behalf they manage plans and that those fiduciary obligations include a duty to share plan data with the self-insured employers.

This line of argument makes logical and practical sense. TPAs are hired by self-insured plan sponsors to manage the employer’s benefit plan. The data therefore is the employer’s to begin with—it captures the money spent by the employer on specific services, providers, and employees. The third-party administrator is merely collecting the data through its administrative function. That function doesn’t convert the employer’s data into TPA data such that the third-party administrator has colorable proprietary or privacy claims to it. In other words, it’s not the TPAs’ data to guard or hoard.

This litigation strategy also appears to have legal merit. Courts have recognized TPA fiduciary status under ERISA in two scenarios:

• When TPAs control plan assets, even without exercising discretion; and
• When TPAs exercise discretion in plan management, such as making benefit determinations or interpreting plan rules.

For example, courts have held that TPAs are fiduciaries when using plan funds to pay mandatory state fees, using plan funds for their own purposes rather than paying claims, controlling plan assets after terminating the relationship with the employer, and holding plan assets used to pay healthcare expenses. Courts have also found TPAs to be fiduciaries under ERISA when they were authorized to make final benefit determinations for plan participants and were tasked with interpreting rules imposed by employers.

Under ERISA, once you’re a fiduciary, you owe duties of loyalty and prudence, and you must act for the sole benefit of the plan participants and beneficiaries. While no court has yet held that withholding plan data breaches these general fiduciary duties, litigants are testing that proposition. Specifically, they are challenging TPAs’ refusal to hand over detailed plan data as breaches of the duties of loyalty and prudence.

In Trustees of the International Union of Bricklayers and Allied Craftworkers v. Elevance (formerly Anthem), for example, the union alleges that Anthem breached both duties by repeatedly refusing to share claims data, thereby preventing the labor group from properly overseeing plan administration and fulfilling its own fiduciary obligations. As the complaint notes, “The duty of loyalty and prudence include a duty to provide, upon request, an accounting of its activity with respect to its role in claims administration to other Plan fiduciaries who have retained Anthem and, therefore, have a duty to monitor Anthem.” If courts agree with these plaintiffs and decisions start going employers’ way, other employers will have valuable leverage to compel TPA data sharing without having to file lawsuits.

The litigation path isn’t without obstacles. If a TPA-employer contract includes a comprehensive arbitration clause, for instance, it could kick a fiduciary suit out of court. This appears to have happened in Kraft Heinz v. Aetna, where Kraft voluntarily dismissed its lawsuit alleging that Aetna breached its fiduciary duty by not sharing plan data. The parties are instead headed to arbitration. But, in a similar suit against Aetna by Aramark, a court denied Aetna’s motion to stay the proceeding because the arbitration clause in question allowed for claims seeking equitable relief to proceed outside of arbitration. So it’s worth a careful look at TPA contracts before going this route.

Will States Step Up?

In recent legislative sessions, states have considered and adopted proposals to put explicit fiduciary and transparency obligations on PBMs and TPAs. Two 2025 legislative efforts are illustrative:

• Missouri proposed legislation that would have imposed fiduciary duties on “any person who negotiates with a pharmacy benefit manager on behalf of a purchaser of health care benefits,” which would encompass many TPAs that negotiate with PBMs on self-insured employers’ behalf. The bill failed to pass before the state legislature adjourned for the year, but similar legislation has already been pre-filed for the 2026 session.
• Indiana enacted Senate Bill 3, which explicitly states that TPAs owe fiduciary duties of loyalty and care to plan sponsors. It requires transparency in all financial and contractual arrangements related to the sponsor’s health coverage. While it stops short of mandating data disclosure, it clearly answers the threshold fiduciary question and strengthens the argument that withholding data is inconsistent with third-party administrators’ duties to their employer clients. As Indiana Gov. Mike Braun (R) noted when signing the bill into law, “My partners in the General Assembly and I have enacted landmark health care solutions to bring transparency, accountability, and competition to the health care system. Indiana is now the national leader in health care reform and lowering prices for patients.”

These state actions provide additional leverage for employers seeking to compel data sharing by TPAs and open up litigation avenues in state courts when these organizations do not fulfill their obligations.

The TPA transparency story is far from over. Important chapters have undoubtedly been completed (e.g., raising awareness of the problem, securing helpful legislation). But brokers and employers will have to keep chipping away at TPA resistance with new policies and/or litigation victories to achieve real transparency. The value of plan data for self-insured employers—for their bottom line, employee care and satisfaction, and fulfilment of their own fiduciary obligations—makes it worth it to stay the course and see it all the way through.