Your Definitive Guide to the No Surprises Act

Your Definitive Guide to the No Surprises Act

The No Surprises Act (NSA) went into effect on January 1, 2022, as a protection against unexpected medical bills for the nearly 200 million Americans with private health insurance. The law prevents surprise billing by establishing a process for resolving billing disputes between healthcare providers and health plans while keeping the patient out of it. The NSA ensures that patients are only responsible for in-network cost-sharing amounts and protects them from receiving unexpected bills for out-of-network care from providers in emergency, air ambulance, and in-network hospital settings.

While guarding patients’ pockets is a critical initiative, staying NSA compliant has proven to place an additional administrative burden on providers and health plans. To avoid penalties and fees, providers must keep their personal information up-to-date, and as a result, health plans are required to ensure their provider directories are updated frequently—a daunting task if you’re attempting it without automation.

Intentions of the No Surprises Act

The primary intent of the NSA is critical: increase transparency in healthcare billing and reduce financial burdens on patients. Two in three adults worry about receiving a surprise bill which are often the result of emergency services. Further, studies have found the average balance billing charge for surprise bills was over $1,200 for anesthesia, $2,600 for surgical assistants, and $750 for childbirth.

In the case of emergencies, patients often don’t have a choice where or from whom they receive care and may end up at an out-of-network facility or in the hands of an unknown provider. An estimated 1 in 5 emergency claims and 1 in 6 in-network hospitalizations include at least one out-of-network bill. However, non-emergency care also results in balance billing. Even if patients choose an in-network hospital, they may unknowingly receive care from a provider that’s out-of-network, either because they were not able to choose the provider (e.g., anesthesiologist) or because the provider’s information was incorrect in a provider directory.

Due to the NSA, provider directories are being put under the microscope. Providers and health plans have a greater responsibility to keep provider data current. NSA also requires health plans to provide patients with clear and transparent information about their coverage, including information about in-network and out-of-network providers and estimated costs of care. The NSA established an independent dispute resolution process to resolve disputes that arise from surprise bills.

Enforcement of the No Surprises Act

The NSA contains multiple provisions designed to protect patients from surprise medical bills. Here are a few of the key provisions:

  • Private health plans are required to cover out-of-network claims and apply in-network cost sharing. The law applies to both job-based and non-group plans, including grandfathered plans.
  • Doctors, hospitals, and other covered providers are prohibited from balance billing patients for amounts that exceed the in-network cost-sharing amounts when patients receive out-of-network care.
  • Patients can request advance information about how services will be covered; and the health plan must provide written information within three business days.
  • Health plans and issuers are required to establish a verification process to update provider directory information at least every 90 days. They must also notify enrollees when a provider or facility leaves the plan network.
  • For any surprise out-of-network medical bill, an independent dispute resolution (IDR) process must take place following a 30-day period when the plan and provider try to negotiate a payment amount.

The law allocates roles to states to implement and enforce protections under the NSA. Most states are partnering with the federal government. In the majority of states, disputes over payments to out-of-network providers will be resolved by the federal independent dispute resolution (IDR) system. Some state systems for resolving payments are more favorable to health care providers, potentially leading to higher awards and inflating health care costs. In many states, the NSA expands state protections against surprise bills, but some states offer additional protections. Consumer and provider education is important to guaranteeing effective protections.

No Surprises Act Milestones

Here is a timeline of the NSA which highlights a few of the challenges faced since being signed into law.


  • Dec. 31:The NSA is signed into law.


  • Oct. 28:The Texas Medical Association (TMA) sues over what it says is an unfair process to resolve billing disputes between health insurers and providers.


  • Jan. 1:The NSA takes effect.
  • Sept. 22: TMA files a second lawsuit challenging the NSA, arguing the final rule will “unfairly advantage health insurers by requiring arbitrators to give outsized weight or consideration to the [qualifying payment amount].”
  • Nov. 30: TMA files its third lawsuit against the NSA, arguing that portions of the rule “artificially deflate the qualifying payment amount.”


  • Jan. 31: The TMA files a fourth lawsuit, this time challenging a 600 percent hike in administrative fees when seeking dispute resolutions.
  • Feb. 10: The Centers for Medicare & Medicaid Services instructs certified IDR entities to hold all payment determinations under the NSA until the departments of Health and Human Services and the Treasury issue further guidance. (Determinations resumed on Feb. 27).
  • Oct. 6: The departments of HHS, Labor, and the Treasury reopen the Federal IDR portal to process certain new single disputes.
  • Aug. 11: CMS lowers the IDR fee to $50 following the government’s latest court loss.
  • Dec. 15: The departments reopen of the Federal IDR portal to process to all dispute types.
  • Dec. 18: CMS increases the IDR fee to $115 per party per dispute.

Challenges with the No Surprises Act

As highlighted in the milestones, the NSA has faced its fair share of challenges since being signed into law. Since implementation, state associations, providers, and health plans have voiced their disappointment and frustration—and have even filed lawsuits—over concerns related to good faith estimates, the IDR process, lower reimbursement rates, and more.

Additionally, providers and health plans face steep financial penalties when they fail to be NSA compliant. Inaccurate provider directories and compliance failures can be grounds for significant fines. The federal government can issue health plans fines of up to $100 per individual impacted by an NSA violation while providers can also be fined up to $10,000 for compliance errors. Furthermore, each state is authorized to impose their own set of financial penalties for outdated data.

While the NSA has successfully saved many patients from costly billing disputes, other areas of the legislation require further consideration, and potentially some changes.

The Impact on Payers

Today’s health plans don’t have it easy. Provider data updates are on the rise and payers are struggling to keep up. Now, health plans are on the hook to comply with the regulations of the NSA, making the daunting volume of provider updates even more unmanageable. Under the NSA, health plans must meet a series of stringent requirements establishing a verification process that ensures the accuracy of their provider directories.

Health plans have a significant responsibility due to the NSA, especially to ensure patients are protected from surprise billing. The law requires health plans to maintain accurate and up-to-date provider directories, and it imposes penalties on plans that fail to do so. Health plans must ensure that their provider directories are easily accessible and searchable, and that they provide transparent information about coverage.

NSA Provider Directory Verification Requirements

Health plans must establish a verification process and removal process for any unverified providers

90 Days

At least every 90 days, health plans must verify and update provider directories

48 Hours

Health plans must update their records within 48 hours of receiving updated provider information

24 Hours

All requests regarding the network status of a provider must be responded to within 24 hours

Failure to comply with the regulations outlined in the NSA not only could mean hefty fines that will significantly impact your bottom line, but it could also be detrimental for your business. If you’re noncompliant, be prepared to face the repercussions.

  • Financial penalties: Payers face substantial fines of up to $100 per instance per day of noncompliance.
  • Legal action: Patients who receive surprise medical bills may have legal recourse, leading to costly legal battles and payout.
  • Loss of reputation: Being perceived as noncompliant can damage your member trust, reputation, and ultimately enrollment.

How Automation Helps Health Payers Stay NSA-Compliant

With regulatory enforcements in full swing, it’s important to take control of your provider data and stay NSA compliant. Madaket’s Provider Data Management platform and their newly released Provider Data Exchange (PDX) solution help automate and modernize provider directories so you can spend more time growing your business and less time stressing about compliance.

The Madaket Provider Data Exchange is designed to help payers stay compliant with the NSA through real-time provider directory updates. This information exchange platform is a sophisticated infrastructure that facilitates the seamless exchange of critical information, enabling a single source of truth and helping to eliminate inefficient information silos. This information exchange platform will verify and update data in all necessary places, allowing administrators to focus their attention on other essential tasks and trust that they remain compliant with all regulatory requirements.

The provider data exchange helps payers streamline their operations through:

  • Automated payer roster ingestion and maintenance
  • Automated inbound provider updates
  • Group-specific, multi-step data verification processes to ensure accurate information
  • Realtime payer reports for transparency and verification
  • Flexible, scheduled data delivery that powers payer systems

Madaket’s existing PDM software has helped thousands of providers and payers use real-time, accurate data to help streamline and automate tedious administrative tasks. Madaket works with every health plan in the US and has helped to execute more than 7 million transactions across licensing, credentialing, and enrollment. Madaket’s PDM dramatically shortens the engagement lifecycle from 2-3 months to just 2-3 weeks and has saved customers more than $600 million.

Ready to take control? Let’s talk. Reach out to to schedule a demo and find out how we can help your organization work smarter and stay NSA-compliant.

Optimize your provider directories for NSA compliance. Discover Madaket’s solution and book a demo today.

Madaket Logo