The No Surprises Act (NSA), effective January 1, 2022, is one of the most impactful healthcare billing regulations in recent years. It limits patient balance billing, mandates good faith estimates, creates a new independent dispute resolution (IDR) process, and holds practices accountable for compliance with significant penalties for violations.
Yet many practices still don’t fully understand the law’s scope, patient notice requirements, or the claims submission process. This guide breaks down the essentials for billers and practice managers.
What is the No Surprises Act and Why It Matters
The No Surprises Act is a federal law (part of the Consolidated Appropriations Act) that protects patients from unexpected medical bills in two main scenarios:
- Out-of-network emergency services: Patients cannot be balance-billed for emergency care at out-of-network facilities, even if they had no choice in provider selection.
- Out-of-network non-emergency care at in-network facilities: When a patient receives care at an in-network facility (like a hospital) but is seen by an out-of-network provider (like a visiting cardiologist), balance billing is prohibited.
The impact on medical billing is substantial. Out-of-network balances that historically could be collected from patients are now prohibited. Instead, practices must negotiate with insurers through the IDR process. A practice with $150,000 in annual out-of-network balance billing suddenly faces a complete rewrite of its revenue cycle.
Key Provisions Every Biller Must Know
Surprise Billing Prohibition
An out-of-network provider CANNOT balance-bill a patient for:
- Emergency services (regardless of in-network or out-of-network provider)
- Non-emergency care provided at an in-network facility
Instead, the patient pays the in-network cost-sharing amount (deductible, coinsurance, copay). The provider must accept the insurer’s allowed amount as payment in full. The difference between the provider’s billed amount and the allowed amount cannot be passed to the patient.
Example: A patient goes to an in-network emergency room with chest pain and is seen by a cardiologist who is out-of-network. The insurer’s allowed amount is $300. The cardiologist’s usual fee is $800. Pre-NSA, the practice could balance-bill the patient $500. Post-NSA, the practice must write off the $500.
Qualifying Payment Amount (QPA)
The QPA is the amount an out-of-network provider and insurer use as the baseline for negotiation in IDR disputes. The QPA is generally defined as the median contracted rate for the same or similar service in the same geographic area.
Insurers are required to calculate and provide the QPA to out-of-network providers upon request. Many insurers still drag their feet on QPA disclosure, but CMS enforcement is increasing. As of 2024, many state attorneys general have filed complaints against major insurers for non-compliance.
Good Faith Estimates (GFEs): Requirements and Process
Practices must provide a Good Faith Estimate when:
- A patient is uninsured or self-pay
- A patient specifically requests an estimate
- The practice receives a request for unscheduled or non-emergency care and expects charges over $275
The GFE must be provided at least 3 business days before the patient’s first appointment (or before delivering care, if shorter).
GFE Content Requirements
The GFE must include:
- Patient name and date of birth
- Date of estimate and estimate validity period (at least 60 days)
- Type of care (office visit, diagnostic test, procedure)
- Provider name and facility name (if applicable)
- List of expected charges with item-level detail (office visit, lab test, imaging, etc.)
- A summary of expected charges (total estimated patient responsibility)
- A disclaimer about individual costs and potential variation
- Contact information for questions
CMS provides a standardized GFE form. Many EHR vendors now include GFE generation modules. However, templates vary in completeness. Audit your current GFE process: are you capturing all required fields?
GFE Liability and Penalties
Failure to provide a GFE when required can result in a penalty of up to $300 per patient violation. A practice with 200 self-pay patients per year that fails to provide GFEs could face $60,000 in annual penalties.
Additionally, if a patient receives a bill that exceeds the GFE by more than 10%, the patient can dispute the bill and may be entitled to a refund of the excess.
Common GFE Mistakes
- Not providing GFE for self-pay patients: Practices often assume GFE is only for uninsured/underinsured. Wrong. Any patient with cost-sharing responsibility needs an estimate.
- Providing GFE after care begins: The law requires 3 days before the appointment. Sending an estimate after the visit does not comply.
- GFE missing line-item detail: A single charge for $1,500 without breakdown (office visit $300, lab $800, imaging $400) does not meet requirements. Each component must be listed.
- Not updating valid estimates: If care needs change after a GFE is provided, a new GFE should be issued if charges increase materially.
Independent Dispute Resolution (IDR): The New Out-of-Network Negotiation Process
When an out-of-network provider and insurer cannot agree on a reimbursement rate for emergency or in-network facility services, either party can initiate IDR. This is a binding arbitration process that has fundamentally changed how out-of-network disputes are resolved.
Who Can Initiate IDR
Either the provider (or billing entity) or the health plan can request IDR if:
- The claim involves emergency services or non-emergency care at an in-network facility where the provider is out-of-network
- The plan has made an initial payment or denial determination
- There is a payment dispute (the plan’s offer differs from the provider’s charge by at least $400, or 5% of the proposed payment, whichever is greater)
IDR Timeline
Day 1: Initiating party submits IDR request with supporting documentation (claim, QPA, medical records supporting necessity of service).
Days 1-30: The non-initiating party has 10 calendar days to respond with counter-evidence.
Days 30-45: An independent arbiter is selected (from a CMS-approved list).
Days 45-60: Arbiter reviews both sides’ evidence and submits determination.
Day 60+: Both parties receive the IDR determination, which is binding. Payment is due within 30 days.
The entire process takes about 60-90 days. During this time, the patient balance cannot be billed.
What Evidence Matters in IDR
Arbiters evaluate:
- QPA (primary factor): The arbiter is instructed to select a payment rate within 30% of the QPA unless extraordinary circumstances exist.
- Complexity and severity of case: Emergency intubation vs. routine office visit. Extraordinary cases may justify deviation from the QPA.
- Quality and experience of provider: Credentials, training, specialization.
- Medical necessity and appropriateness: Was the service necessary and appropriate for the patient’s condition?
- Billing codes accuracy: Were CPT/ICD-10 codes correct?
Cost alone is not enough to win an IDR case. You must demonstrate that the service was complex, medically necessary, and the charge was reasonable for the expertise required. A 2024 data report showed that 73% of IDR determinations were made within 15-20% of the QPA, regardless of the range submitted by either party.
Common IDR Submission Mistakes
- Submitting without QPA: Never fight IDR without the QPA baseline from the plan. It’s the primary factor arbiters use to decide.
- Vague documentation: Include detailed medical necessity, testing, and decision-making specifics, not generic statements.
- Timing: IDR requests have 120-day deadlines from plan response. Missing the deadline forfeits your right to IDR.
How NSA Changes Your Claims Submission Process
Before any appointment with an out-of-network provider, verify the patient’s coverage and notify the patient in writing at least 48 hours beforehand (or immediately for emergencies). Pre-calculate patient cost-sharing (deductible, coinsurance, copay) for clarity.
When the plan responds after you submit the claim, the patient owes only their cost-sharing amounts. Do NOT balance-bill for NSA-covered emergency or in-network facility services, even if the plan underpays. If the plan underpays by more than $400 (or 5%), consider IDR to recover more. Otherwise, accept the payment and write off the difference.
Penalties for Non-Compliance
The NSA enforces violations with significant penalties: up to $300 per patient for balance billing, missing GFEs, inadequate patient notice, or failure to participate in IDR. A practice balance-billing 10 NSA-covered patients monthly faces $36,000 in annual penalties. Enforcement is escalating: in 2024, HHS settlements required millions in patient refunds plus civil penalties.
Billing Compliance Checklist
- Verify provider network status before appointment
- Notify patients 48 hours in advance if out-of-network provider involved
- Provide GFE for self-pay patients 3 days before visit
- Collect only cost-sharing (deductible, coinsurance, copay) at appointment
- Submit claims promptly; never balance-bill NSA-covered services
- If underpaid more than $400, evaluate IDR; otherwise write off the difference
- Keep all notices, GFEs, claims, and responses for 5 years
Bottom Line
The No Surprises Act fundamentally restricts out-of-network balance billing and creates new administrative obligations: GFEs, patient notices, and IDR participation. Practices that ignore these rules face penalties up to $300 per violation. The best defense is a systematic approach: verify coverage early, provide clear notices, generate accurate GFEs, and never balance-bill NSA-covered services. IDR is now your primary tool for recovering shortfalls from plans. Master the process, document meticulously, and you’ll navigate the NSA without compliance issues.
