No Surprises Act – New Final Rule and FAQs Released

By Erica Honig, J.D., Compliance Director, Employee Benefits

No Surprises Act – New Final Rule and FAQs Released

On August 19, 2022, the Department of Health and Human Services (HHS), together with the Department of Labor (DOL) and the Department of the Treasury (collectively, the “federal agencies”), released a new Final Rule and corresponding FAQs document with respect to the No Surprises Act (NSA). Specifically, the Final Rule and FAQs implement critical components of the NSA’s independent dispute resolution (IDR) process. This article will primarily discuss the FAQs and their key provisions applicable to group health plans sponsored by employers.

NSA Background

The NSA, part of the Consolidated Appropriations Act of 2021, protects participants covered under group[1] and individual health plans from receiving surprise medical bills (also known as “balance billing”) when they obtain most emergency services, non-emergency services from out-of-network providers received at in-network facilities, as well as services from out-of-network air ambulance providers. Click here for a previous Risk Strategies’ article for a refresher on the NSA.

NSA Final Rule Brief Summary

This NSA Final Rule was issued in response to recent court challenges that invalidated certain portions of the IDR process under the NSA and to promote transparency, consistency, and predictability in the IDR process. The Final Rule provides prescribed guidance and instructions for the neutral third-party IDR entities, who adjudicate reimbursement disputes between health care providers and health plan insurers, on how to make payment determinations. The new guidance, in a change from prior interim rules, requires IDR entities to use the qualifying payment amount (QPA)[2] as just one factor to weigh in the decision. Further, these IDR entities are required to provide additional information and rationale in their written reimbursement decisions.

The NSA Final Rule will become effective on or around October 25, 2022, or 60 days from the date of publication in the Federal Register.


The FAQs, released together with the Final Rule, covers a range of NSA topics, some very technical and operational in nature, particularly in connection with the IDR process and timeframes. Those FAQs primarily impact health plan insurance carriers, third-party administrators (TPAs) acting on behalf of group health plans, as well as health care providers and facilities, who are all the applicable parties to the IDR process itself, rather than employers and insured individuals. For this reason, those FAQs will not be discussed in this article. You can always reach out to your Risk Strategies account team with any further questions regarding these technical FAQs.

However, the FAQs most relevant to employers (as group health plan sponsors) are summarized below:

Reference-Based Pricing Plans

The NSA protections against balance billing apply to out-of-network emergency and out-of-network air ambulance services for individuals covered under group health plans that do not utilize a provider network (such as reference-based pricing or RBP plans).This is because all emergency and air ambulance services in these RBP plans are per se out-of-network.

However, the NSA protections against balance billing do not apply to non-emergency services from an out-of-network provider at an in-network facility since in-network facilities do not exist in an RBP plan.

For coverage of out-of-network emergency services or out-of-network air ambulance services in RBP plans, the payment should be calculated using the All-Payment Model Agreement or specific state law, as applicable. If either do not apply to the RBP plan, the payment should be calculated by applying the lesser of the billed charge or the QPA using an eligible database.

Confirming previous federal agency guidance, RBP plans must also have reasonable parameters in place to ensure that the plans’ ACA-compliant out-of-pocket maximums are not undermined.

Closed-Network Plans

The NSA protections against balance billing apply to plans that do not provide out-of-network coverage (closed-network plans such as EPO and HMO plans). As such, closed-network plans generally are still required to cover the following services, subject to the applicable in-network participant cost-sharing limits:

  • out-of-network emergency services;

  • non-emergency services provided by an out-of-network provider received at an in-network facility; and

  • out-of-network air ambulance services.

Air Ambulance Services

If a plan provides coverage for emergency air ambulance services only, then it is not required to provide coverage for out-of-network non-emergency air ambulance services. Further, the NSA protections against balance billing apply to out-of-network air ambulance services in instances where the point of pick-up is outside of the United States. Additional guidance is detailed in the FAQs on how to determine the QPA in these situations by using the rate that corresponds to the geographic region based on the United States border point of entry following patient pick-up.[3]

Behavioral Health Crisis Facility

The NSA protections against balance billing apply to emergency services received in a behavioral health crisis facility as long as the services meet the applicable NSA definition of “emergency services,” and are provided in connection with a visit to a facility meeting the NSA definition of an “emergency department of a hospital” or an “independent freestanding emergency department.”

NSA Notice Posting

Group health plans and health insurance issuers are required to provide insured individuals with a notice detailing their rights and protections against surprise medical bills under the NSA. HHS issued a model notice that can be used by a group health plan sponsor as a good faith compliance effort of this disclosure requirement. This notice must be posted on the group plan sponsor and/or health insurance issuer’s public website where information is typically made available to plan participants and also included in Explanation of Benefits (EOB) statements.

If a group health plan does not have its own public website, it can satisfy this posting requirement by entering into a written agreement with a health plan insurance carrier or TPA to post the notice on the carrier’s or TPA’s public website on behalf of the plan. The group health plan still remains liable if the carrier or TPA fails to satisfy this posting requirement. This clarifying guidance applies even where the employer sponsoring the group health plan has its own public website.

The notice must contain state-specific balance billing protection language, if any, and only for those applicable states in which plan participants are actually enrolled.This requirement does not apply to participants enrolled in self-funded plans since they are not subject to state-specific balance billing laws.

Transparency in Coverage Provisions

Tucked at the end of the lengthy FAQs, the federal agencies include helpful guidance for group health plans in connection with certain provisions of the Transparency in Coverage (TiC) Final Rules, which were finalized in November 2020.

The first TiC provision discussed in the FAQs involves the public website posting requirements of Machine-Readable Files (MRFs). Click here for a detailed prior Risk Strategies article on MRF requirements.

As a reminder, TiC required non-grandfathered group health plans to publish on a public website two separate MRFs by July 1, 2022.[4] The MRFs must be publicly available on a group health’s plan’s public website, free of charge, without requiring anyone, including plan participants and the general public, to log-in with user account credentials, including a password.

Similar to the NSA model notice guidance discussed above, this particular FAQ (#22) clarified that a group health plan that does not have its own public website can satisfy the MRF posting requirements by entering into a written agreement with a service provider (such as a carrier or TPA) to post the MRFs on its public website on behalf of the plan.

In welcome relief for employers, this FAQ differentiates between the employer as plan sponsor of a group health plan and the group health plan itself. While the employer might maintain a public website, the group health plan sponsored by the employer might not. So, a group health plan that does not have its own public website (even if the employer does) can contract with a service provider to post the MRFs on the plan’s behalf and the employer is not required to post the MRFs on its own employer public website. However, a group health plan still remains liable if the service provider fails to satisfy the posting requirement.

The second TiC provision discussed in the FAQs involves the upcoming requirement for non-grandfathered group health plans to provide a searchable, internet-based self-service tool that reflects accurate cost-sharing and rate information for plan participants. This self-service tool requirement will be implemented in two phases, the first phase requiring a list of codes for 500 items and services to be accessible to plan participants by January 1, 2023. The remaining covered items and services under the TiC rules must be available through this self-service tool for plan years beginning on or after January 1, 2024.

For phase one of the TiC self-service tool requirements, the list of the 500 items and services can be accessed here. This webpage will be updated quarterly by the federal agencies to reflect any items or services that are no longer valid. Plans will be granted a reasonable amount of time to update their self-service tools to reflect current codes.

As with the MRFs, plans will need to rely on their carrier and/or TPA to comply with the TiC online self-service tool requirements (typically via a written agreement).

Next Steps for Employers

These FAQs serve as important and timely clarifications of key provisions of the NSA and even the Transparency in Coverage requirements (as noted above).

Employers are advised take note of the NSA Final Rule and FAQs details outlined above. On a practical level, employers as group health plan sponsors must rely on their carriers and TPAs for full compliance with the technical and operational aspects of this most recent NSA guidance. Employers are advised to connect with their group health plan carriers and/or TPAs as soon as possible and receive written confirmation of compliance with the NSA and its implementing regulations.

Finally, as the January 1, 2023 compliance deadline approaches for the TiC self-service tool, plans are advised to reach out to their carriers and/or TPAs now to ensure compliance with this upcoming requirement.

Risk Strategies is committed to keeping employers informed and up-to-date. Contact us at

[1] The NSA applies to both grandfathered and non-grandfathered group health plans.

[2] The QPA is essentially a group health plan’s median contracted rate for an item or service in a specific geographic region.

[3] In these FAQs, the federal agencies acknowledged the lack of clarity with respect to the calculating the QPA for geographic regions outside the U.S. and intend to address this issue in future rules and guidance.

[4] One file must reflect in-network rates, including negotiated rates for all covered services and items between the plan/carrier and in-network providers. The other file must reflect out-of-network allowed amounts paid to, and billed charges from, out-of-network providers for all covered services and items within a 90-day period.

The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.