As most compliance professionals can attest, compliance with federal or state mental health parity laws is one of the most challenging, multidisciplinary efforts. As regulators step up enforcement, provider network issues—including so-called “ghost” or “phantom” networks—are brought to the forefront. It is important for compliance professionals to understand how these enforcement areas relate to one another and be prepared to devote more attention to provider directory verification and mental health and substance use disorder treatment access.
Brief overview of MHPAEA
The Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008 (MHPAEA) requires parity between mental health or substance use disorder benefits and medical/surgical benefits with respect to financial requirements and treatment limitations under group health plans and group and individual health insurance coverage. The financial requirements and quantitative treatment limits that apply to mental health or substance use disorder (MH/SUD) benefits must be no more restrictive than the predominant financial requirements applied to substantially all medical/surgical (physical health) benefits covered by the plan.
In addition, nonquantitative treatment limitations (NQTLs) affect the scope or duration of benefits under the plan and are not expressed numerically. Specifically, any processes, strategies, evidentiary standards or other factors used in applying an NQTL to MH/SUD benefits must be comparable to and applied no more stringently than the processes, strategies, evidentiary standards or other factors used in applying the limitation with respect to medical/surgical (M/S) benefits. Approximately 270 unique NQTLs were identified since February2021 by the U.S. Department of Labor (DOL), according to its 2023 MHPAEA Report to Congress. Importantly, provider network NQTLs are well-recognized and comprise two of six areas of focus for DOL’s NQTL enforcement priorities; specifically, standards for provider admission to participate in a network, including reimbursement rates, and adequacy standards for MH/SUD provider networks.
How network issues affect parity
Given the complex nature of the analysis needed to apply the MHPAEA requirements, NQTLs have posed the biggest challenge. For example, DOL has stated that a network with far fewer MH/SUD providers is a “red flag” that could signal an impermissible NQTL. Yet, a disparity in numbers alone is not determinative of compliance under current regulations. Rather, what matters is how plans develop admission standards and maintain providers in its network—both on paper and in operation—that is, the process, strategy, evidentiary standards, or other factors for building and maintaining the network. Similarly, a difference in provider reimbursement rates is not determinative of compliance. Instead, what matters is how the health plan determines rates and, particularly, the incentives used to increase network participation.
To understand how network issues can trigger MHPAEA investigations, the following excerpt from the 2022 MHPAEA Report to Congress illustrates this point:
[DOL’s] Boston Regional Office received a complaint from a group health plan participant who was having difficulty finding an in-network mental health provider. The participant stated that the list of participating providers offered by the insurer was inaccurate; when she called the providers on the list, she discovered that many of them were no longer participating providers or they had moved out of the area. The benefits advisor referred the complaint for investigation.
How parity issues impact networks
Conversely, the sheer breadth and interconnectedness of a typical audit or market conduct exam involving MHPAEA inevitably expose a plan’s network to additional scrutiny of both provider directory accuracy and network adequacy, which, as described below, are increasingly regulated in their own rights. Under the federal MHPAEA law, the primary enforcement remedy to date is the re-adjudication of relevant claims and a corrective action plan to prevent improper conduct in the future. Yet, below the surface, this remedy can impact a health plan’s networking strategy writ large. When a parity violation exists across many plans or TPA businesses, providers may change their networking strategies across the board, positively or negatively for a plan. For example, if a provider receives increased reimbursement from one payer, it might close its panel or refuse to contract with another payer with lower rates. On the other hand, a plan might lower its barriers to credentialing (e.g., remove an experience level or training criterion), thereby making it easier for a provider to join or continue to participate in the network.
To give another real-world example of how parity issues impact provider networks, the Rhode Island insurance department conducted a market conduct exam in 2022 for a health insurer’s fully insured individual and group insurance markets. The state found the insurer failed to provide oversight, training, or auditing over its behavioral health delegated vendor regarding directory updates, nor did it maintain sufficient network data oversight to identify inadequacies as required. The examiner found 31 demographic changes during the examination period, and 141 address and tax identification number changes during the examination period were completed after the seven-business-day period required by state law. Moreover, without citing a specific black letter law violation, the state expressed “concern” that the insurer’s time and distance standards for MH/SUD benefits were less favorable than for primary care, OB/GYN and specialty providers. The state also cited the insurer for a violation of the state’s access standards for MH/SUD urgent care and emergency services that were less favorable than for M/S urgent care and emergency services, in violation of state law.
A window into MHPAEA enforcement
State agencies and the U.S. Departments of Labor, Treasury, and Health and Human Services (collectively referred to as the Agencies) share responsibility for overseeing compliance with mental health parity requirements.
Federal MHPAEA enforcement
The 2022 and 2023 MHPAEA Reports to Congress underscore the recent emphasis on greater MHPAEA enforcement. These reports discuss the significant resources dedicated to supporting these efforts, describe steps to implement Consolidated Appropriations Act 2021, and outline specific enforcement and oversight actions the agencies have taken to identify and correct MHPAEA noncompliance and minimize the likelihood of future violations. Among the key findings are that several of the most common NQTLs for which the DOL’s Employee Benefits Security Administration requested a comparative analysis between April 2021 and July 2022 included those related to provider networks, including network provider admission standards (third most common), provider requirements (fifth most common), and out-of-network reimbursement rates.
Notably, as the MHPAEA enforcement report shows, the Agencies’ oversight and enforcement activities address MHPAEA compliance as it relates to networks—even though self-funded plans are not subject to network adequacy requirements. Self-funded plans may nevertheless adopt network standards as a best practice. For example, for an NQTL related to provider network admission standards, demonstration of comparability might include the role of network adequacy metrics. This is because network adequacy—when adopted as a network strategy—is a plan standard that must be applied in a manner compliant with the MHPAEA regulations.
State MHPAEA enforcement
Since states are the primary regulators of insurance and are primarily responsible for the operation of their Medicaid programs, state agencies are often at the forefront of MHPAEA enforcement. Selected examples of state enforcement activities in Massachusetts, New Hampshire, and Maryland.
In February 2020, the Massachusetts Office of the Attorney General settled with five health insurers for MHPAEA violations and violations of the Commonwealth’s own parity law, including:
“using methods to determine provider reimbursement rates that resulted in lower payments for outpatient behavioral health services than for comparable physical health services.”
“impos[ing] unlawful barriers, including prior authorization requirements, for behavioral health services that were not required for comparable physical health services . . .”
Failing to properly manage behavioral health provider directories
The companies agreed to change “how they determine reimbursement rates for outpatient behavioral health services . . . to limit prior authorization for certain behavioral health care . . .” and “to make extensive changes to their provider directories.” They also agreed to pay “a combined total of nearly $1 million to a fund that will be used by the AG’s Office to promote [behavioral health] initiatives.”
Notably, this action demonstrates how states use MHPAEA reviews to look for issues that might not have otherwise been discovered, like provider directory accuracy.
In February 2020, the New Hampshire Insurance Department identified several potential parity issues associated with the offering and reimbursement for MH/SUD treatment for two health insurers. Among the key issues, the plans reimbursed providers for MH/SUD services at lower rates than other treatments.
No MHPAEA violation was found; however, the insurers were required to demonstrate comparable provider reimbursement practices as written and in operation.
This action illustrates first how states might use market conduct exams to review for MHPAEA compliance and second, how a state can exercise enforcement authority without determining that an identified issue rises to the level of an MHPAEA violation.
Through Maryland’s 2022 Medicaid Parity Analysis (required under MHPAEA), CMS identified a parity issue in how the state’s Medicaid managed care organizations (MCOs) were waiving copays for certain medical and surgical drugs and not for drugs used to treat mental health conditions or substance use disorder.
In response, the state worked with its MCOs to eliminate the option for MCOs to voluntarily waive copays for medical and surgical drugs and bring their practices back into compliance with MHPAEA.
Given that MHPAEA necessitates a deep inquiry into providers’ availability and network admission, concern about insufficient network access to mental health providers and substance use disorder treatment facilities are factors driving policymakers at both the state and federal levels to propose new provider directory data accuracy laws. Such proposals are still in flux but would majorly impact payers if finalized.
In 2022, Senators Ron Wyden, D–OR, and Tina Smith, D–MN, introduced the Behavioral Health Network and Directory Improvement Act, intended to “crack down on inaccurate health care provider listings or ‘ghost networks,’ and create stronger enforcement standards to protect those seeking mental health care.” The legislation defines ghost networks as a health plan provider directory that does not include accurate information, includes providers who are not accepting new patients, includes providers that are not part of the network, or omits providers that are part of the network. Further, the bill requires group and individual health insurance issuers and group health plans to engage with an independent entity to conduct an audit of the provider directory and make the results available to federal regulatory agencies upon request.
In the current Congress, no legislation has been introduced as of this writing. However, Senators Wyden and Mike Crapo, R–ID, have continued to signal the bipartisan interest in ghost networks through additional hearings devoted to the matter and a “secret shopper” study that Senator Wyden’s staff conducted.
While Congress develops its proposals at the executive agency level and across all lines of business, CMS is taking regulatory action to address the accuracy of provider directories.
In a final rule that impacts Medicare Advantage that was published in April 2023, CMS, in response to calls for it to step up enforcement of provider directory accuracy requirements, stated that it understands the importance of oversight and strong monitoring of provider directory accuracy, and it intends to continue its enforcement and monitoring activities to ensure health plans are complying with current requirements.
CMS proposes strengthened provider data accuracy oversight requirements in a recently proposed rule impacting state Managed Medicaid programs. The proposal would require state Medicaid programs to hire an independent entity to verify the accuracy of four pieces of data in MCO provider directories, which are the active network status with the MCO, the street address of the provider, the telephone number of the provider, and whether the provider is accepting new enrollees.
The Agencies intend to issue rulemaking and provide guidance for Section 116 of the No Surprises Act (NSA), which, starting in 2022, has required health insurance issuers in the group and individual market and group health plans to establish a provider directory verification process and a procedure for removing providers or facilities with unverifiable information. In the interim, health plans are expected to comply with Section 116 with little regulatory implementation information available. In one guidance document, the Agencies stated that until rulemaking to fully implement Section 116 “is finalized and effective, plans and issuers are expected to implement the requirements using a good faith, reasonable interpretation of the statute.”
Finally, in July 2023, the Agencies released a much-anticipated proposed rule updating the 2013 final MHPAEA rules to clarify several compliance issues for individual and group plans, including those related to NQTLs and the intersection between network issues and parity. Notably, if finalized, the rule would clarify that (except in the case of standards for fraud, waste, and abuse or when consistent with generally recognized independent professional medical or clinical standards), an NQTL is prohibited under MHPAEA unless it meets three criteria–the most novel of which is that the plan or issuer collects, evaluates, and considers the impact of relevant data on access to MH/SUD benefits relative to access to M/S benefits; and subsequently takes reasonable action as necessary to address any material differences in access shown in the data.
This criterion reflects the Agencies’ previous guidance that disparate results (e.g., a far greater number of physical health providers than MH/SUD providers) are a red flag that a plan or issuer may be imposing an impermissible NQTL. Here, a special rule for network composition (participation standards, network adequacy procedures, and reimbursement rates) would dictate that if network data reveal material differences in access to MH/SUD benefits as compared to M/S benefits, the plan or issuer would violate MHPAEA. A companion document to the proposed rule “solicits feedback on how to define certain thresholds for required data and a potential enforcement safe harbor to be specified in future guidance that, if satisfied, would demonstrate to the Departments that a plan or coverage provides comparable access to in-network of providers for [MH/SUD] benefits as compared to [M/S] benefits.”
As with other federal laws applicable to health insurance issues and group health plans, enforcing Section 116 of the NSA involves both federal and state regulators. Generally, the NSA defers to states to enforce Section 116 for state-regulated, fully insured health insurance issuers. The NSA defers to DOL to enforce Section 116 against Employee Retirement Income Security Act-covered group health plans.
Every state has indicated how it intends to interact with Section 116 in a CMS enforcement survey conducted in 2021. The survey results showed that 12 states will defer to CMS to enforce Section 116 in their state, 23 states will enforce Section 116 on their own, and 15 states will enter into a collaborative enforcement agreement (CEA) with CMS to enforce Section 116. These tallies will change. Initially, Illinois deferred enforcement to CMS but in 2022, amended its regulations to align with the new federal mandate. Even prior to this, Illinois market conduct activities revealed active enforcement of a state requirement for insurers to contact any network provider that has not submitted a claim to the plan or otherwise communicated [their] “intent to stay in the network.”
In 2023, more states have passed legislation addressing ghost networks and provider directory data accuracy. This includes North Dakota and Oklahoma. The finalized North Dakota legislation requires health plans to audit their provider directories for accuracy and make the results of the audits available to their state departments of insurance. The finalized Oklahoma legislation requires such plans to update provider directory information every 60 days and similarly conduct an annual audit which must include mental health providers. California lawmakers introduced, but ultimately did not pass, legislation that would place new provider data requirements on health plans by requiring a health plan to remove a provider from the directory if the plan cannot verify that the information is accurate or if the provider had not filed five claims within the previous year.
How payers can address parity issues and demonstrate compliance
The interplays between ghost networks, provider directory accuracy, and MHPAEA compliance are inescapable. To proactively respond to this growing regulatory risk area, health plans should demonstrate to regulators that they have a provider data review workflow that consists of three parts. The first part is a documented process of including providers in the provider directory who have verified that their information is consistent with the applicable requirements. The second part involves a documented process to deal with providers who have verified their data; however, the data is questionable for some reason, e.g., the provider verifies that they practice at 53 locations. In that case, did the health plan employ a process to flag that questionable information for review and independently verify its accuracy before placing the provider in the directory? The third part involves a documented process to deal with providers who have not verified their data in 90 days. In that case, did the health plan conduct outreach to determine if the provider is active and work with the provider to verify their information?
Ghost providers in health plan networks disrupt access to patient care and have a negative impact on your business.
Regulators, mental health parity stakeholders, payers, and providers will continue to focus on data accuracy, public availability of accurate information, and access to care.
Now is the time to gain a deeper understanding of each provider in the health plan’s network, their status, and how they impact the business.
New regulatory requirements and consumer expectations are changing how plans should access and analyze provider information.
As we go forward, we come to expect more requirements and higher expectations regarding the accuracy of provider data, mental health access, and other key indicators of provider participation.