No Surprises Act Implementation: What to Expect in 2022

The No Surprises Act (NSA) establishes new federal protections against surprise medical bills that take effect in 2022. Surprise medical bills arise when insured consumers inadvertently receive care from out-of-network hospitals, doctors, or other providers they did not choose. Peterson-KFF and other studies find this happens in about 1 in 5 emergency room visits. In addition between 9% and 16% of in-network hospitalizations for non-emergency care include surprise bills from out-of-network providers (such as anesthesiologists) whom the patient did not choose. Surprise medical bills pose financial burdens on consumers when health plans deny out-of-network claims or apply higher out-of-network cost sharing; consumers also face “balance billing” from out-of-network providers that have not contracted to accept discounted payment rates from the health plan.1  The federal government estimates the NSA will apply to about 10 million out-of-network surprise medical bills a year.

The NSA will protect consumers from surprise medical bills by:

  • requiring private health plans to cover these out-of-network claims and apply in-network cost sharing. The law applies to both job-based and non-group plans, including grandfathered plans2
  • prohibiting doctors, hospitals, and other covered providers from billing patients more than in-network cost sharing amount for surprise medical bills.

The NSA also establishes a process for determining the payment amount for surprise, out-of-network medical bills, starting with negotiations between plans and providers and, if negotiations don’t succeed, an independent dispute resolution (IDR) process.

Federal agencies published two interim final regulations and another proposed rule this year to implement the law.3 This brief summarizes key provisions that will take effect in 2022.

New federal protections apply to most surprise bills

Protections will apply to most surprise bills for specific types of services provided in certain settings.

Emergency Services  – Surprise billing protections4 apply to most emergency services, including those provided in hospital emergency rooms, freestanding emergency departments, and urgent care centers that are licensed to provide emergency care. The federal law also applies to air ambulance transportation (emergency and non-emergency), but not ground ambulance.5  Emergency care includes screening and stabilizing treatment sought by patients who believe they are experiencing a medical emergency or active labor.

The federal government estimates there are 39.7 million emergency visits annually by patients with private job-based or individually purchased insurance, and of these 18% (or about 7.1 million visits) will involve at least one out-of-network claim.

Post-emergency stabilization services – The NSA defines emergency services to also include post-stabilization services provided in a hospital following an emergency visit. Post-stabilization care is considered emergency care until a physician determines the patient can travel safely to another in-network facility using non-medical transport, that such a facility is available and will accept the transfer, and that the transfer will not cause the patient other unreasonable burdens. The NSA also requires patients must receive written notice and give written consent to be transferred.6 The federal government estimates each year 4.1 million emergency department visits result in a hospital admission, and that 16% (or about 660,000) of these admissions will involve at least one out-of-network claim.

Non-emergency services provided at in-network facilities – Finally, the NSA covers non-emergency services provided by out-of-network providers at in-network hospitals and other facilities. Often, the doctors who work in hospitals don’t work for the hospital; instead they bill independently and do not necessarily participate in the same health plan networks.  The federal government estimates that 16% of 11.1 million (or about 1.8 million) in-network non-emergency facility stays for privately insured patients each year involve at least one out-of-network claim.

The regulation broadly defines covered non-emergency services to include treatment, equipment and devices, telemedicine services, imaging and lab services, and preoperative and postoperative services, regardless of whether those services are provided within the facility itself.

The interim final regulation defines “facility” to include hospitals, hospital outpatient departments, and ambulatory surgery centers. It requests public comment on whether additional types of facilities should be added to this definition. Meanwhile, consumers do not have federal protections against surprise bills for non-emergency services provided in other facilities such as birthing centers, clinics, hospice, addiction treatment facilities, nursing homes, or urgent care centers.  Patients seeking care at such facilities may want to ask whether doctors bill independently and whether they are in network.

Doctors and hospitals must not bill patients more than the in-network cost sharing amount for surprise bills

For services covered by the NSA, providers are prohibited from billing patients more than the applicable in-network cost sharing amount; a penalty of up to $10,000 for each violation can apply.

Today, many out-of-network doctors and hospitals bill patients directly for their full, undiscounted fee, leaving to patients to submit the out-of-network claim to their insurance and collect what reimbursement they can. That common billing practice will change starting next year. Providers will need to first find out the patient’s insurance status and then submit the surprise out-of-network bill directly to the health plan. Providers are “encouraged” to include information about whether NSA protections apply on the claim itself (including, whether the patient has consented to waiver her balance billing protections, described below.)  Health plans must respond within 30 days, advising the provider of the applicable in-network cost sharing amount for that claim; cost-sharing generally will be based on the median in-network rate the plan pays for the service.7 The health plan will send an initial payment to the provider and send the consumer a notice (called an explanation of benefits, or EOB) that it has processed the claim and indicating the in-network cost sharing amount the patient owes the out-of-network provider. Only at this point is the out-of-network provider allowed to send the patient a bill for no more than the in-network cost sharing amount.

How will consumers know if a bill or claim constitutes a surprise medical bill? – It is up to both providers and health plans to identify bills that are protected under the NSA. The regulations also request public comment on whether changes to federal rules governing electronic claims (so-called HIPAA standard claims transactions) are needed to indicate claims for which surprise billing protections apply.8

Providers and plans also must notify consumers of their surprise medical bill protections. Providers and facilities must post a one-page disclosure notice summarizing NSA surprise billing protections on a public website and give this disclosure to each patient for whom they provide NSA-covered services.  (Appendix 1) This notice must be provided no later than the date when payment is requested, though the regulation specifies it is not required to be included with the bill, itself. Health plans are also required to provide consumers the disclosure notice with every EOB that includes a claim for surprise medical bills.

If a health plan or provider (or both) fail to properly identify a surprise bill, it will be up to the patient to recognize that NSA protections should apply and seek relief.

Some providers can ask consumers to waive rights

An exception to federal surprise billing protections is allowed if patients give prior written consent to waive their rights under the NSA and be billed more by out-of-network providers.  Providers are never allowed to ask patients to waive their rights for emergency services or for certain other non-emergency services or situations described above. Consent must be given voluntarily and cannot be coerced, although providers can refuse care if consent is denied.

Notice and Consent Waiver Not Permitted for:

  • Emergency services
  • Unforeseen urgent medical needs arising when non-emergent care is furnished
  • Ancillary services, including items and services related to emergency medicine, anesthesiology, pathology, radiology, and neonatology
  • Items and services provided by assistant surgeons, hospitalists, and intensivists
  • Diagnostic services including radiology and lab services
  • Items and services provided by an out-of-network provider if there is not another in-network provider who can provide that service in that facility

Federal regulations provide for a standard waiver consent form, improbably titled the “Surprise Billing Protection Form,” (Appendix 2) that must include key information, including

  • a statement that the patient is not required to waive protections, and can try to find an in-network provider/facility instead (for post stabilization care, the notice must indicate the name of available in-network providers)
  • a statement that the out-of-network provider/facility can refuse to treat if the patient refuses to waive surprise billing protections
  • a statement that waiving protections could cost the patient more money in out-of-network charges
  • a description of the out-of-network services to be provided, along with billing codes and a good faith (nonbinding) estimate of costs the patient may owe

The law requires that consent must be given at least 72-hours in advance or, if the patient schedules a service less than 72-hours in advance, no later than the day the appointment is made. For same-day scheduled services, regulations permit consent to be given at least 3 hours in advance. It is possible, for example, that an out-of-network doctor could ask an already-hospitalized patient in the morning to waive her NSA protections for a service the doctor schedules to be given later that afternoon.

Providers should not seek consent to waive protections from patients who are impaired or otherwise limited in their ability to make informed decisions.  The waiver form must also be provided in the 15 most common languages in the geographic region where consent is sought; and if the patient’s own language is not among those, qualified interpreter services must be provided. The patient’s signature is required to give consent; no provider signature is required. Consent can be revoked prior to services being provided. The out-of-network provider or facility is required to notify the health plan that patient consent to waive balance billing protections for the claim(s) was appropriately given.

The Departments express the view that consent to waive NSA protections should be obtained only in limited circumstances – where the patient knowingly and purposefully seeks care from an out-of-network provider – and not to circumvent the law’s consumer protections. Even so, the regulation estimates that consumers will give consent to waive NSA protections in 50% of post-stabilization claims and for 95% of non-emergency services provided at in-network facilities. The regulations do not require any data reporting to regulators on the number of consent waivers given or for what services or providers. Agencies asked for comment on whether further limits on the notice-and-consent waivers are advisable.

Some state laws either do not allow waiver of protections or requiring greater advanced notice.

How will enforcement work?

For consumers to be protected, both the health plan and the surprise billing provider will need to comply with the law. If problems arise, consumers might need to seek help from more than one enforcing agency. And, though the NSA is a federal law, states will also have a role in enforcement.

Enforcement against health plans and insurers – The federal government has exclusive enforcement responsibility for most private health plans, though different federal agencies may be involved. States will lead enforcement for state-regulated plans.

  • Most Americans under age 65 are covered by private employer-sponsored health plans, with nearly 2/3 of covered workers in self-insured plans that states are preempted from regulating. Enforcement authority over private self-insured employer-sponsored group plans rests with the U.S. Department of Labor (DOL) and Department of Treasury. Fully-insured group plans will be primarily regulated by states
  • For fully insured group health plans and individual health insurance, states have primary enforcement authority, with federal fallback enforcement by HHS triggered when states do not substantially enforce. Any information (e.g., complaints, news stories) can serve as the basis for HHS investigating state enforcement.
  • For self-insured plans sponsored by non-federal public employers, the U.S. Department of Health and Human Services (HHS) has primary enforcement authority. Agencies estimate 3 million people are enrolled in these plans.
  • For the Federal Employees Health Benefits Program (FEHBP), enforcement authority rests with the U.S. Office of Personnel Management (OPM). The FEHBP is the largest employer-sponsored group health plan, coving nearly 9 million federal employees, annuitants and family members.

The NSA requires DOL to conduct audits of claims data from up to 25 group health plans annually to monitor employer-sponsored plan compliance with the NSA and to report to Congress annually on audit findings. HHS also will conduct up to 9 audits annually of compliance by state and local government employer plans and other issuers in states that are not substantially enforcing the NSA. These annual audits will focus primarily on whether plans are following the methodology for calculating QPAs.9

Enforcement against providers – States have a primary role in enforcing NSA rules against health providers, with federal enforcement as back up. This is true even when the consumer is covered by a federally-regulated health plan. It is yet to be determined which agency(ies) in each state will enforce NSA provider requirements, for example, the attorney general, department of health, hospital commission, or medical licensing boards. In addition, to “proactively identify and address issues of noncompliance,” HHS has proposed that it will conduct on average 200 random or targeted investigations per month into potential violations of NSA requirements by providers, starting in 2022.

Federal vs. state enforcement – This fall, the federal government surveyed states to learn about their authority and intention to enforce each of the major provisions under the NSA. The survey asked states if they will elect or decline to assume enforcement authority on a provision-by-provision basis. States can also enter into a collaborative enforcement agreement with the federal government, under which the state would seek voluntary compliance from health plans or providers and, when it cannot obtain that, refer cases to the federal government for enforcement action. Many states have already enacted some surprise billing protections for consumers in state-regulated plans. Depending on limits of their laws and authority, it is possible some states might decline to enforce NSA protections for certain services (e.g., post-stabilization) or for certain types of health plans (e.g., PPOs vs. HMOs), or with respect to certain providers (e.g., air ambulance). In addition, state laws may be more protective than the NSA in certain respects (for example, a state law might apply to ground ambulance services) in which case a state would enforce its own stronger protections, at least with respect to state-regulated health plans.

It is expected that HHS will make survey results public or otherwise publish a directory of applicable state and federal enforcement agencies. Health plans and providers must give consumers a disclosure notice summarizing protections under the NSA and state laws, and this must include the name and contact information for applicable enforcement agencies. (Appendix 1)

If problems do arise, it is conceivable that a patient might need the help of multiple agencies – federal, state, or both. For example:

  • If a US DOL-regulated group health plan incorrectly denies a claim for an out-of-network service to which the NSA applies, and as a result, if the provider then incorrectly bills the patient for the entire charge, the consumer might need to rely on US DOL to enforce against the group health plan and on a state agency to enforce against the provider.
  • If a patient requires post-stabilization care following an emergency visit and her state surprise billing law covers emergency services only, she might need to rely on the state to enforce protections for the emergency claims and on the federal government for claims involving the post-stabilization care.
  • If a patient receives an out-of-network emergency surprise bill while traveling in another state, he might need to request help from the federal government if his home state, which would otherwise enforce NSA rules on providers, declines to enforce against out-of-state providers.

What can consumers do in case of problems?

Health plans, providers and facilities will most likely work in good faith to comply with NSA requirements. Even if compliance rates are high, with 10 million surprise medical bills annually, hundreds of thousands of problems could nonetheless arise. In such cases, it could fall to the consumer to recognize when surprise billing protections should apply and to seek help.

Consumers can appeal health plan denials – NSA gives consumers the right to appeal health plan decisions to incorrectly deny or apply out-of-network cost sharing to surprise medical bills, first to the health plan, and then, if the plan upholds its decision, to an independent external reviewer. NSA interim final regulations added surprise bills to the scope of claims eligible for external appeal, which is otherwise limited to only denials based on medical necessity. NSA regulations made no other changes to current federal standards and processes that can limit consumer access to external appeal, including those that:

  • require the health plan to determine which claims are eligible for external appeal
  • require employer-sponsored health plans to contract with the external reviewer
  • limit access to denial notices in another language for consumers with limited English proficiency

Federal appeals standards apply to most private health plans sponsored by employers, although in some states appeal rights are stronger for consumers in state-regulated health insurance.

Beyond these limitations, appeal rights may not help in many cases because consumers rarely appeal adverse determinations by their health plans. Data reported by qualified health plans sold on show less than 2/10 of 1% of denied claims are appealed internally to the health plan, and less than 3% of those appeals make it to external review. There is no reporting requirement specific to surprise medical bill claims and appeals for QHPs, and at present, federal law requirements on employer-sponsored health plans to report data on denied claims have never been implemented.

Consumers can contact “the applicable enforcement entity” when providers incorrectly bill – Providers are required to give consumers written notice describing their federal protections each time they provide a service protected under the NSA. The notice must include contact information for the applicable federal and state enforcement entities; although a provider that inappropriately balance bills for a service subject to the NSA might also fail to provide the required disclosure notice.

A national consumer complaints system will be established – The NSA requires HHS to establish a national complaints system for surprise medical bills, which is currently under development and scheduled to go live on January 1, 2022.

The toll free number for the “No Surprises Help Desk” will be 1-800-985-3059.

A central, no-wrong-door system is contemplated where consumers can register complaints regarding suspected violations by providers and facilities. The HHS system will also accept complaints related to suspected violations by health plans.  It will coordinate with complaints systems operated by US DOL for group health plans and by OPM for the federal employee health plan and with state insurance regulators. Federal agencies are contemplating requirements to include contact information for the national Help Desk on other key documents, such as health plan EOBs, provider bills, or consent waiver forms.

The interim final regulations say HHS will respond to filed complaints within 12 weeks (60 business days), though agency staff have indicated that consumers will receive real-time confirmation when a complaint is filed.  Agency staff also indicate plans to conduct preliminary review of complaints within 3 to 5 days of receipt to determine any additional information that may be needed to process the complaint. Once processed, HHS will refer the consumer to another Federal or State regulatory agency to investigate or, if applicable, inform the complainant of action HHS has taken to resolve the problem or refer the matter for enforcement. It is still to be determined whether HHS will track the outcome of complaints it refers to other agencies, or whether or how HHS will use the complaint system to track compliance by plans and providers or enforcement activities of states. HHS estimates the system will receive 3,600 provider-related complaints annually; it will cost an estimated $16 million to build the online complaints system and ongoing operating costs of $10 million annually.

Consumers can contact their state Consumer Assistance Program (CAP) – The Affordable Care Act (ACA) provided for the establishment of state ombudsman programs or CAPs to educate privately insured consumers about their health coverage and rights and to help consumers resolve problems with health plans, including filing appeals. Forty CAPs were established in 2010, though no federal CAP funding has since been appropriated. Most remain in operation today, at least at reduced levels, and help patients with medical bill problems, including surprise medical bills.  Other legislation pending in Congress – the Build Back Better Act and the FY 2022 Labor-HHS appropriations bill – together could provide $75 million in new funding for CAPs in 2022, enabling states to establish new or expand existing programs. In addition to helping individual consumers resolve problems, CAPs are required to report to HHS on the kinds of problems consumers encounter. This data can inform oversight, as well as policy changes that can prevent problems from happening again.  CMS staff indicate that the national surprise medical bill complaints system will also be able to refer complainants to the CAP in their state for local assistance.10

How will payments for surprise bills be determined?

The amount paid for surprise out-of-network surprise bills will likely end up close to the median rate that plans pay in-network providers in a geographic area, also known as the qualifying payment amount, or QPA.11  Under the law, the patient’s cost sharing for a surprise medical bill must be based on the QPA.  Health plans and providers can negotiate privately over the amount to be paid for the surprise bill, and if they can’t agree, either party can ask for an Independent Dispute Resolution (IDR) process to decide the payment amount. However, there are strong incentives for both plans and providers to either rely on the QPA or on private negotiations.

The federal IDR process will be conducted by certified entities chosen by HHS and will resemble so-called baseball-style arbitration.12,13 The plan and provider will each submit their best offer for the out-of-network payment amount for a claim.  The IDR entity begins with the presumption that the QPA is the correct amount but can consider other factors, including patient acuity, the level of training and expertise of the treating provider, the market shares of both parties, and past good faith efforts of both parties to reach a network agreement. The IDR entity then chooses the offer it determines to be most appropriate, which becomes the out-of-network payment for that bill. The IDR will charge a fee for each arbitration and the losing party must pay that fee. (IDR fees can range from $200 to $500 for a single case, and $268 to $670 for multiple or “batch” determinations.)14

In light of this process and incentives, HHS estimates the IDR process will be invoked for just over 17,300 surprise medical bill claims per year, and for another roughly 4,900 surprise air ambulance bills per year. The Congressional Budget Office also estimates this process will tend to have a dampening effect on the cost of surprise bills; CBO estimates the NSA will reduce private health plan premiums by 0.5% to 1% on average, and reduce the federal deficit by $17 billion over 10 years.  Studies have found that surprise medical bills otherwise increase overall health insurance costs because the ability to balance bill gives certain providers and facilities leverage to negotiate much higher prices with insurers. To the extent that NSA moderates that dynamic, it can reduce health plan costs overall in addition to reducing out-of-pocket costs for individual patients.

Organizations representing providers and air ambulance companies have objected, however, and filed lawsuits urging that regulations should not have created a ‘rebuttable presumption’ in favor of the QPA. It remains to be seen if these actions may result in delayed implementation of the NSA or in changes to regulatory standards and procedures that could result in greater use of the IDR process or the determination of higher out-of-network payments.

The regulations also require detailed monthly reporting to HHS by IDR entities on the cases they receive. Data required to be sent to HHS includes specific information on the parties involved in each arbitration – including their names, market share, and other characteristic – and on the services involved – including the dollar amounts offered by each party, also expressed as a percentage of the QPA. HHS will compile data into quarterly reports that will be publicly available. These reports could provide an additional degree of transparency around surprise medical bills and the characteristics of plans and providers involved in surprise billing disputes.


The No Surprises Act creates important new federal protections against surprise medical bills – a leading cause of affordability concerns for consumers. That this law passed with strong bipartisan support is an indication of the need for these protections. That federal agencies moved swiftly to implement the new law signals intent to make it work as effectively as possible.

The law is highly complex, however, setting coverage and billing standards for a specific subset of private insurance claims that could number 10 million annually. Providers are permitted to ask consumers to waive their NSA protections in some cases. Oversight and enforcement will be conducted by an array of federal and state agencies, some of which are still to be determined, and more than one of which could be involved in any given case of noncompliance.

Monitoring of the law’s impact, as well as compliance, will be accomplished in various ways.  Data reporting by IDR entities will provide some information about prices for surprise bills and the characteristics of plans and providers using the IDR process. Annual health plan audits conducted by federal agencies can also yield information about prices charged and paid for surprise bills. Other targeted audits and investigations can yield information about compliance generally, as can new federal consumer complaints systems. State systems may also yield important data as to how the law is working, such as state complaints systems and analysis of data from all-payer-claims databases. It remains to be seen how these new systems will work, independently and in coordination.

To a large extent, oversight and enforcement will rely on complaints. In order to complain, though, consumers will need to understand that they should not be overbilled for emergency services or for non-emergency out-of-network services while they are in in-network hospitals and facilities.  How public education will be conducted, and how public understanding of new rights will be monitored is yet to be determined. The responsiveness of new complaints systems and how they coordinate will also be important to watch.

Finally, it remains to be seen if any other tools will be employed to monitor trends in the incidence of surprise medical bills, and how effectively the law may work to protect consumers from surprise bills and reduce their out-of-pocket costs. For example, might the federal government exercise its broad authority under the ACA to require transparency data reporting by private health plans? This authority could be used to monitor the incidence of surprise medical bills over time, as well as differences between the QPA and billed or paid out-of-network charges; it could also be used to monitor how frequently providers use consent waivers. Or, will state consumer assistance programs be employed to play a role in educating the public, reporting to regulators on problems that arise and how they might be prevented in the future?

As implementation proceeds (and as federal courts consider legal challenges to the regulations) it is also possible that NSA standards and procedures will be modified further.


KFF Headquarters: 185 Berry St., Suite 2000, San Francisco, CA 94107 | Phone 650-854-9400
Washington Offices and Barbara Jordan Conference Center: 1330 G Street, NW, Washington, DC 20005 | Phone 202-347-5270 | Email Alerts: | |

The independent source for health policy research, polling, and news, KFF is a nonprofit organization based in San Francisco, California.