Michael Adelberg (firstname.lastname@example.org) is Principal in the Washington, DC, office of Faegre Drinker, and John P. Weis (email@example.com) is President and Cofounder of Quest Analytics in Overland Park, KS.
The No Surprises Act was signed into law in December 2020 as part of the massive Consolidated Appropriations Act of 2021. It is the end result of several prior bills that sought to address the national “surprise bill” problem. In recent years, millions of commercial health plan members have received services at in-network facilities but then received large out-of-network bills afterward because a particular provider at the facility (most commonly emergency physicians, pathologists, radiologists, behavioral health providers, and anesthesiologists) was out of network. Other surprise billing scenarios (e.g., those involving air ambulance services) are also common. Beyond this, the No Surprises Act also includes several provisions that create new protections for health plan members and provider’s patients. These protections create new requirements and risks for health plans and providers. This article focuses on one particularly weighty section of the No Surprises Act, section 116, which establishes a set of new requirements for health plans and providers that will be effective on January 1, 2022.
Section 116 of the No Surprises Act, “Protecting patients and improving the accuracy of provider directory information,” takes on long-simmering problems regarding the accuracy of network provider information in health plan directories and related materials. We summarized these problems in a prior Compliance Today article, so we will not belabor the point here. Suffice it to say that it is well documented that the information in provider directories is widely understood to be rife with errors. While sincere efforts are underway to improve this information, there is little evidence to suggest that these efforts have tangibly improved directory accuracy across health insurance markets. There are good reasons why it is hard to improve provider directory accuracy, and there are steps that health plans, providers, and regulators can all take to improve the situation.
Inaccurate provider information can cause real consumer harm. Plan members show up at incorrect addresses for appointments or cannot make appointments because of outdated information—a problem exacerbated by the trend toward large group practices with practitioners seeing patients in multiple offices but not being listed across those offices. Lawsuits have been filed by plan members who joined a plan based on a directory suggesting a particular doctor was in-network when that was not the case, leading the consumer to contend they were deceived into selecting the plan. Most germane to the No Surprises Act, there are cases when a plan member has seen a provider who was listed incorrectly as in-network, leading to a surprise bill afterward. Health plans may choose to hold their member harmless when surprise bills happen, but those decisions may occur after a surprise bill has already upset the member, and not all health plans have this policy.
For the commercial market, at least, the No Surprises Act seeks to address these problems.
Provider directory challenges
Keeping provider directories up to date and accurate is difficult due to several complicating factors. The most obvious is the need to obtain timely updates from providers on a regular cadence. Discrepancies often occur when group practices list providers at every location to facilitate claims payments and, when delegated, are relied on as the source of truth to provide the correct information. Other challenges include varying compliance requirements across different lines of business and within each state; difficulties knowing what’s right, wrong, and missing in the provider data; and organizational silos that prevent the sharing of data within organizations.
An often-overlooked consequence of inaccurate provider directories are the spillover effects of inaccurate provider data on network adequacy. When the underlying provider data are inaccurate and then used to measure the number of available providers in a network, it could result in an inflated network. Regulators reviewing plan networks to ensure access to care assume the providers are available to see patients at those locations. The inflated breadth of the network can mislead consumers. To date, most regulators have not made an explicit connection between directory accuracy and network adequacy, but given the technological advances (such as machine-readable directories) discussed in our previous article and the added attention forced by the No Surprises Act, this is only a matter of time.
It is well understood that provider directories are consistently inaccurate. Studies by the Centers for Medicare & Medicaid Services, the state of California, and independent research published in The American Journal of Management Care all document this. And this results in real consumer harm. Studies have generally found that more than 40% of network providers have incorrect directory information. And there is a new regulatory focus on fixing the problem to reduce consumer harm and improve overall access to care.
Consumer pain points include wrong phone numbers, providers not in-network or accepting new patients, providers not at the location listed, or unknowingly scheduling an appointment with a provider incorrectly listed as being in-network. Because of these consumer challenges and the possibility of out-of-network bills, Congress, per section 116 of the No Surprises Act, now requires oversight of provider directories for commercial health plan practices.
New requirements for commercial plans
Section 116 creates new requirements for self-insured group health plans and health insurance issuers that offer fully insured group and individual plans. Fully insured plans are generally regulated by the state insurance departments, including health maintenance organizations, preferred provider organizations, exclusive provider organizations, and Affordable Care Act exchange and off-exchange plans (however, it generally does not include stand-alone dental plans). Because the new law also applies to most employer-sponsored coverage, plans that act as a third-party administrator (TPA) for these plans must also determine compliance responsibilities. TPAs are commonly responsible for the provider network administration and the provider directory. Therefore, the provider directory requirements may pass through the employer to the TPA via the administrative services contract language and potentially increase administration fees for self-funded employer plans.
It’s also important to note, the new legislation does not preempt any existing state laws and, unfortunately, continues the patchwork of varying state regulations.
Four new compliance tasks
Beginning January 1, 2022, plans must establish a public-facing provider database and must have a process to ensure that their directory database is up to date and accurate. They must also establish a process and timeline to remove providers from the directory who have not verified their information.
Plans must have a process in place to verify the provider directory database at least once every 90 days.
Plans have two business days to update the provider directory upon receiving a provider notification that their information has changed. For example, a provider terminates their contract. The health insurer must update their database within two business days to ensure a consumer does not schedule an appointment with that provider. Suppose that the same consumer makes an appointment with a provider who appears to be contracted with the plan due to the provider directory information. In that case, the plan will be responsible for paying the out-of-network provider costs.
Plans must indicate whether a provider or facility is in-network to consumers who inquire about that provider or facility’s network status within one business day. This information is binding. Plans that get it wrong are responsible for any out-of-network charges that result to the consumer.
The role of the providers
Keeping directories up to date and accurate is not a one-way street. It is a shared responsibility between providers and plans to protect consumers. That is why the new law requires providers and facilities to also have processes and procedures in place to submit provider directory information to plans. At a minimum, they must submit information:
When they join a network
When they terminate a network agreement,
When there are material changes to their information, and
At any other time (including anytime a plan requests an update from the provider).
Implications of the Act on the adequacy of commercial networks
Although the new statutory requirements center around provider directories, they are likely to affect network adequacy substantially. Plans will be required to have a process to remove providers from their directory who have not verified their information. The law does not specify the frequency with which the removal must occur, but regulation might. Under present industry norms, the impact of required removals could be very concerning. For example, suppose we remove providers who have not verified their information over the last 12 months from the directory. In that case, consumers will have significantly fewer choices and, as the provided example illustrates (see Figure 1), a much more difficult time finding access to care.
The data presented in Figure 1 illustrate what might happen across the nation if (1) the government sets, via regulation, a one-year maximum for providers updating their information; and (2) health plans and providers do not collaborate to implement mutually agreeable directory update procedures. The results could be nothing less than calamitous: average travel time to a network primary care provider (PCP) would grow from 4 to 34 miles. Because PCP network participation would drop roughly 90%, there is reason to think that remaining network PCPs would not be able to see all potential patients.
Best practices and strategies for achieving compliance
The overall goal of the No Surprises Act is to protect consumers from receiving an out-of-network bill. However, for compliance professionals and all affected organizations, including payers and consultants serving as TPAs serving self-funded plans, it is also about protecting the organization from paying out-of-network providers due to outdated and inaccurate data, reducing costly provider–payer arbitration disputes, and ensuring your organization is compliant with the requirements of the Act. Therefore, to be best prepared, here are four steps health plans and providers can take right now to meet the January 1, 2022, compliance deadline.
Step one: Awareness of the new provider directory compliance requirements
If you’re one of the affected teams, you will want to use this time to understand what is in the legislation and what is at stake. You can share this article as a first step in educating all involved parties, including sharing with any TPAs or consultants working on your organization’s behalf about the new law. You can then use this information to assemble the necessary team members to create an action plan.
Step two: Conduct a compliance risk assessment
Next, you should conduct an internal assessment of your organization’s data accuracy and the verification strategies and processes you currently have in place across your entire organization. This audit should include documenting responses across your internal provider directory teams in each line of business to help identify where consistent processes and procedures are needed.
Conduct a risk assessment to identify what is right, wrong, and missing in your data. In your assessment, ask your team these five key questions to ensure audit readiness.
How are you currently verifying provider data and at what frequency?
How do you ingest updates into your directory and at what frequency?
Are you able to identify the age of your provider data and the last verified date?
What is your current process for removing unverified providers?
Do you know how the removal of unverified providers will affect your network adequacy?
Step three: Create your compliance plan
After the teams have determined your current processes and procedures, create a strategy for bringing together an enterprise-wide solution for provider directory accuracy compliance. As part of the process and verification procedures, you should promote the provider information you know to be true and accurate. Using verified data sources will significantly reduce compliance risks.
Ultimately, fixing what is wrong on a continual basis and noting the impact on the provider database should be a top priority in any directory accuracy process. Also, you may need to review your update procedures closely and ensure that you can comply with the short turnaround times.
Step four: Document and execute your compliance plan
Finally, ensure all internal and external stakeholders document and test your procedures to ensure consumers receive accurate information from your directories. Having a straightforward, transparent process-driven system will help demonstrate your efforts to comply with the new law.
Enforcing section 116 compliance requirements
Prior to the printing of this article, the federal government likely will have published proposed regulations further defining the No Surprises Act, which may further detail section 116’s requirements. The regulations are expected to be “tri-agency”—under the shared jurisdiction of the Departments of Health & Human Services, Labor, and Treasury—which requires close policy coordination across three sets of federal actors. While a mid-summer timeline is understood to be the agencies’ goal to give stakeholders sufficient preparation time if the public comment period runs 60 days and thousands of public comments are submitted and considered, the government might not publish the final rule until fall. Most of the No Surprises Act provisions, including section 116, will be effective January 1, 2022. Even under the best scenario, this leaves little time between the publication of the final requirements and the statutory deadline for compliance. The timeline is exceptionally aggressive.
Further complicating the timeline concern is that states are typically the primary enforcers over health insurance issuers in the group and individual markets to ensure compliance with health insurance market reforms. So, states will be put in the position of enforcing new requirements (on plans, TPAs, and affected providers) on short notice. The federal government might provide temporary enforcement relief to plans and states as enforcement mechanisms and processes are developed. Several Affordable Care Act policies were implemented, for example, with an enforcement approach that delayed taking actions against plans, issuers, and others that were working in good faith to come into compliance with the new law. But there is no assurance that this flexibility will be permitted, nor is there any assurance that all state regulators will choose to exercise leniency even if the federal government exercises discretion.
Against this backdrop, and as discussed above, health plans, TPAs, and providers have no choice but to learn the requirements established by section 116 of the No Surprises Act now—and begin the process of coming into compliance. Whether now or in a few months, health plans, TPAs, and providers will need to make themselves compliant. Importantly, these requirements offer essential protections that will allow us to serve health plan members and provider patients better.
In order to protect consumers and improve the accuracy of provider directories, the No Surprises Act puts important new requirements on health plans and providers.
Inaccurate provider information can mislead consumers and fuel surprise bill scenarios.
The No Surprises Act requires health plans to establish processes for maintaining public databases of accurate provider information, and this includes requiring network providers to supply accurate and timely information.
While important federal regulations are forthcoming, the directory accuracy requirements of the No Surprises Act become effective on January 1, 2022.
Health plans and providers have no choice but to examine their current processes and begin taking the steps to prepare for the new requirements.