symplr Roundtable Explores Health Plan Challenges With No Surprises Act

The No Surprises Act (NSA), which aims to avoid holding patients responsible for the cost of unanticipated out-of-network medical bills, took effect January 1, 2022. Representatives from various health plans shared their challenges in meeting the NSA requirements during a recent symplr payer roundtable.   

The takeaway from the discussion: For payers, NSA compliance will require collaboration with provider organizations, novel workflows, and the right provider data management technology.

NSA challenge 1: Maintaining accurate provider directories 

During the symplr roundtable, co-moderator Lynne Rinehimer, Esq., GRC Solution Engineer for symplr Compliance, walked participants through various payer requirements under the NSA, one of which pertains to provider directories.  

Rinehimer explained that health plans must establish a verification process to ensure accurate provider directory information. This includes being able to verify and update directory information no fewer than every 90 days or within two days of receiving notice of a change. And health plans must also be able to remove providers from their directories when those providers are no longer in-network.  

“My organization has been struggling with the whole verification process every 90 days,” one participant said, adding that provider changes are more difficult to manage than terminations. “We continue to evolve our process. We’re trying to work with our contracting team to ensure providers are educated and that they understand they need to comply. Otherwise, we’ll continue to have inaccuracies in our directories.”  

Ensuring an accurate provider directory also means health plans must be able to receive large volumes of data from provider organizations via email, fax, web forms, and other methods. 

“The challenge for us is around the ways provider information comes in,” said one participant. “This is where we’re running into [problems] with the two-day turnaround time.” 

Jim Gifford, solutions engineer at symplr and co-moderator of the roundtable, echoed that symplr is hearing similar concerns from other payer organization customers. He said that using rosters to obtain and make updates helps expedite changes in order to comply with the NSA and with other regulators such as CMS. However, any advantage is lost if the data at any point must be manually entered into provider data management systems. “[Manual entry] makes for a time-consuming process that wastes precious staff resources,” he said.  

Another payer representative participant said delegated provider enrollment adds a layer of complexity. “We have to take whatever [delegated provider groups] give us. This is a separate process that we need to incorporate into our system.”  

Delegated credentialing reduces the time it takes for payers to determine whether it will accept the provider on its panel and provide an effective date for membership. However, health plans must ensure that the credentials verification organization that the work is delegated to has the appropriate expertise and NCQA accreditation.   

Provider outreach, in general, is difficult, said one participant. “We don’t have email addresses or fax numbers for a lot of our provider groups,” they added. “Some of it [entails] phone calls to try and get this information so we can add it into the system.” 

NSA challenge 2: Staying atop regulatory changes 

Even in the brief time the NSA has been in effect, regulatory changes and clarifications have occurred. For example, CMS recently published a provider FAQ, and Rinehimer suspects the agency may soon publish a payer FAQ as well. Health plans must be able to react to these and other changes quickly, she added.  

In addition, the Texas Federal District Court recently ruled on a lawsuit filed by the Texas Medical Association. The ruling vacated the qualifying payment amount (QPA) presumption that independent dispute resolution (IDR) entities must use when resolving billing disputes. 

Rinehimer explained the ruling’s implication: Now, IDR entities must consider the QPA as well as several other factors when resolving a billing dispute. These other factors include: 

  • The provider’s level of training, experience, and quality and outcomes measurements of the provider/facility 
  • The regional market share held by the provider/facility or the plan 
  • The acuity of the participant, beneficiary, or enrollee receiving the item/service or the complexity of the service 
  • The teaching status, case mix, and scope of services offered by the facility/provider 
  • The demonstration of good faith efforts (or lack thereof) made by the provider/facility or the plan to enter into network agreements with each other and, if applicable, contracted rates between the provider/facility and the plan during the previous four plan years 

Staying abreast of these types of changes can be challenging for health plans, one participant said. “We’ve had a project team in place for many months, and we’ve broken up into sub work groups that include compliance, legal, operations, IT, provider relations, and medical management,” they added. “We rely on CMS for information, and our legal team also keeps an eye out for any new regulations that are passed.”  

The participant said they are currently interested in whether CMS might impose a one-year no enforcement on the provider directory provision, including the 90-day verification process and two-day turnaround time. 

NSA challenge 3: Avoiding penalties 

Health plans that fail to comply with NSA requirements may face a maximum penalty of $100 per day per violation, adjusted annually, said Rinehimer. However, CMS will consider mitigating and aggravating factors when determining whether a financial penalty is warranted. This includes the facts and circumstances surrounding the potential violation, the potential number of impacted consumers, the history of substantiated complaints, effect of the alleged violation on consumers, and more, she added.  

Rinehimer’s best advice? Focus on compliance, developing and implementing policies and procedures, conducting education, and performing risk assessments. This starts with understanding all health plan requirements. For example, in addition to maintaining accurate provider directories and following the IDR process, health plans must also understand and apply coverage nuances related to the NSA.  

In certain instances, health plans must cover emergency services without prior authorization and regardless of whether the provider or facility is in-network, Rinehimer explained. If an out-of-network provider renders the emergency service, health plans must cover it as if the provider were in-network. In certain instances, they must also cover emergency services regardless of any other terms or conditions of the plan.  

For non-emergency services performed by out-of-network providers at in-network facilities, Rinehimer said health plans must assess patient cost-sharing as if the provider were in-network and compensate the provider accordingly, unless that provider has obtained consent from the patient consistent with notice and consent requirements.  

There are many other health plan requirements as well. For example, health plans must: 

  • Comply with gag clause restrictions 
  • Ensure patients receive timely notification of changes in the network status of providers/facilities 
  • Send an advanced explanation of benefits prior to scheduled care or upon request by individuals looking for more information prior to scheduling 

Looking ahead, health plans will also be required to issue online price comparison tools that allow individuals to compare expected out-of-pocket costs for items or services across multiple providers. They must also be able to provide this information by phone. They’ll have until January 1, 2023, to provide this information for the 500 most common emergency items and services. However, by January 1, 2024, they’ll need to do it for every item or service.  

“Issues are going to happen,” says Rinehimer. “When they occur, you’ll need to demonstrate that you’ve got your policies in order, you’ve done your education and monitoring, and you’re communicating with providers. These are the types of mitigating factors CMS will consider.”  

CMS resources 

Editor’s note: symplr can help your health plan comply with NSA requirements.

Learn More

Request a Demo