When introducing the No Surprises Act (“NSA”)—signed into law on December 27, 2020, as part of the Consolidated Appropriations Act, 2021—leaders of the responsible committees of the U.S. House of Representatives announced that they had “reached a bipartisan, bicameral deal in principle to protect patients from surprise medical bills and promote fairness in payment disputes between insurers and providers, without increasing premiums for patients or interfering with strong, state-level solutions already on the books.”[1] In other words, Congressional intent was that federal surprise billing protections would not preempt already enacted state-level surprise billing protections. However, state legislative efforts to address surprise billing vary widely, and Congress’s intent to share jurisdiction with states over surprise billing adds an additional layer of complexity, which will ultimately only increase the administrative burden on providers and plans.[2]

Within this Client Alert, we provide an overview of the concurrent jurisdiction Congress created through the NSA and discuss key issues stakeholders should consider as the U.S. Department of Health and Human Services (“HHS”) releases regulations implementing the NSA. An overview of the elements of the NSA can be found in the Epstein Becker Green Client Alert titled “The No Surprises Act: Implications for Health Plans, Health Care Facilities, and Health Care Providers,” published earlier this year.

State-Level Surprise Billing Laws

Congress enacted the NSA to protect consumers against “surprise billing”—billing a patient under commercial coverage above their in-network amount for covered emergency services provided by an out-of-network (“OON”) provider or certain covered nonemergency services provided by an OON provider at an in-network facility. We refer to these herein as “NSA-covered services.”

As of June 2021, approximately 18 states have implemented broad-based surprise billing laws while many other states have laws that address certain issues related to surprise billing.[3] These state laws differ significantly in a variety of ways, including (1) to which types of plans or issuers, items, services, and specialties the laws apply; (2) how the laws determine the applicable OON payment amounts; and (3) the methodology used to resolve payment disputes. Similar to the NSA, states with broad-reaching surprise billing laws typically provide for a process to determine the payment amount owed to the OON provider or facility, by both the plan or issuer and the patient. The process used to determine the payment amount, however, varies by state, with approaches including, but not limited to, benchmarking, negotiation, and independent dispute resolution (“IDR”).

Some state surprise billing laws include a “notice-and-consent exception,” also adopted in the NSA, which permits an OON provider to bill a covered patient above the patient’s in-network cost-sharing amount if the OON provider meets certain notice and disclosure requirements and the patient provides requisite consent. Requirements and applicability of the notice-and-consent exceptions similarly vary by state.

Concurrent Jurisdiction Under the NSA & Carve-Outs for the Payment Determination

Under the Supremacy Clause of the U.S. Constitution, any state law that conflicts with a federal law is preempted. While components of the NSA and certain state legislation overlap, the NSA explicitly defers to state legislation in several important ways. The areas relate to (1) state provisions on the amount an insurer must pay an OON provider or facility for NSA-covered services,[4] i.e., the “Out-of-Network Rate,” which includes however the state solves payment disputes, and (2) the “Recognized Amount,” which is used to determine the applicable cost-sharing amount.[5]

  1. Determination of the Out-of-Network Rate

The NSA requires plans to pay the OON provider or facility for NSA-covered services at the Out-of-Network Rate, less the applicable cost-sharing amount for the services.[6] The Out-of-Network Rate looks to laws of the state in which services are furnished,[7] and where the state has an applicable surprise billing law, the Out-of-Network Rate is set accordingly.[8] If the state has neither an All-Payer Model Agreement—an all-payer rate-setting system implemented pursuant to Section 1115A of the Social Security Act—or an applicable surprise billing law, the Out-of-Network Rate is determined through the processes established under the NSA.[9]

Therefore, despite enactment of the NSA, states’ surprise billing laws will continue to apply to determine the Out-of-Network Rate for NSA-covered services received by enrollees in fully-insured plans. Meanwhile, in these same states, for NSA-services received by enrollees in self-insured plans, the Out-of-Network Rate will be determined under processes described in the NSA.[10] For NSA-covered services received in states without state-level surprise billing laws, the Out-of-Network Rate will be determined according to the processes defined in the NSA.[11]

  1. Determination of the Recognized Amount for Cost Sharing

Where commercial enrollees receive NSA-covered services, the NSA prohibits payors from imposing a cost-sharing amount greater than the cost-sharing requirement that would have applied if the service had been provided in-network.[12] The cost-sharing amount—which includes copayments, coinsurance, and deductibles—must be calculated based upon the “Recognized Amount.” Similar to the process for determining the Out-of-Network Rate, determination of the Recognized Amount depends on the applicable state law and is set at either the amount as determined under the state’s applicable surprise billing law or—if no state law is applicable—the “Qualifying Payment Amount,”[13] a market-based median-contracted rate expected to be further described in forthcoming regulations.[14]

Implications and Further Questions

The NSA’s concurrent jurisdiction framework will impact each state differently due to the high level of variability in how different states address surprise billing. As a result, each state with surprise billing laws will require its own preemption analysis. Of particular note, in anticipation of the enactment of a federal law on surprise billing, some states included provisions in their state surprise billing laws to defer to federal law for establishing payment for certain services, like Washington State’s surprise billing provisions regarding OON emergency services.

The areas likely to be most complex are where the NSA and state law fail to align, which will not only create issues of variability across different states, but differences depending on the type of service and type of plan involved. While the NSA defers to state law for the OON payment amounts and dispute processes, there are noticeable gaps in alignment among other provisions. The treatment of OON laboratory services is one example that demonstrates the challenges that may result from misalignment between state laws and the NSA. The NSA and certain state laws have different versions of a notice-and-consent exception, allowing OON providers to balance bill despite the surprise billing protections. For example, Texas law permits OON laboratory providers to bill for OON laboratory services under the notice-and-consent exception, while the NSA’s notice-and-consent exception provisions do not apply to ancillary services, which include laboratory services.[15] The NSA does not expressly defer to state notice-and-consent exceptions, leaving ambiguity as to whether OON laboratory providers in Texas will still be permitted to balance bill patients with the patient’s consent or whether this would be prevented under the NSA. Notably, the NSA authorizes the HHS Secretary to establish and update a list of advanced diagnostic laboratory tests that would not be considered “ancillary services” and, as such, would not be excluded from the notice-and-consent exception.

Upcoming Fast-Paced Changes Ahead

Stakeholders should expect significant federal activity on surprise billing as the NSA’s regulatory deadlines approach. The Biden administration’s implementation of the NSA will have significant impacts across payors, providers, facilities, and enrollees. Members of Congress and stakeholder groups have already sent commentary to HHS in anticipation of the regulations. HHS sent the first round of NSA regulations, due for release on July 1,2021, to the White House Office of Management on June 8, 2021. The regulation, titled “Requirements Related to Surprise Billing; Part I (CMS-9909),” will be released as an interim final rule and is expected to address the methodology for determining the “Qualifying Payment Amount” and other related issues. HHS must also issue guidance on the notice-and-consent provisions by July 1, 2021. The NSA imposes additional near-term deadlines covering various aspects of the NSA, such as establishing the IDR process (due by December 27, 2021) and a patient-provider dispute resolution process (due by January 1, 2022).

The sweeping overhauls set forth by the NSA stand to impose significant impacts and, likely, complex burdens—on providers, facilities, and health plans. Epstein Becker Green is closely tracking the NSA and will release Client Alerts discussing each of the forthcoming significant releases.

* * *

This Client Alert was authored by Alexis Boaz, Helaine I. Fingold, and Jonah D. Retzinger. For additional information about the issues discussed in this Client Alert, please contact one of the authors or the Epstein Becker Green attorney who regularly handles your legal matters.


[1] Press Release, Committee Leaders Announce Surprise Billing Agreement (Dec. 11, 2020), https://www.help.senate.gov/chair/newsroom/press/congressional-committee-leaders-announce-surprise-billing-agreement (emphasis added).

[2] In this Client Alert, we use the term “health plan(s)” or “plan(s)” to refer to (1) any group health plan or health insurance issuer offering group or individual health insurance coverage under the Public Health Service Act, (2) any group health plan or health insurance issuer offering group health insurance coverage under the Employee Retirement Income Security Act of 1974 (“ERISA”), and (3) group health plans under the Internal Revenue Code of 1986. We use the term “in-network” to cover the terms “participating,” “contracted,” and similar terms, while we use the term “out-of-network” to cover the terms “nonparticipating,” “non-contracted,” and other similar terms.

[3] See Commonwealth Fund, State Balance-Billing Protects (Feb. 5, 2021), https://www.commonwealthfund.org/publications/maps-and-interactives/2021/feb/state-balance-billing-protections.

[4] See 29 U.S.C. § 1185e (ERISA), 26 U.S.C. § 9816 (Internal Revenue Code), and 42 U.S.C. § 300gg-111 (Public Health Service Act).

[5] Id.

[6] Id.

[7] Id.

[8] The NSA defers to the state for the Out-of-Network Rate where the state has an All-Payer Model Agreement or an applicable surprise billing law. At present, only three states have All-Payer Model Agreements: Maryland, Pennsylvania, and Vermont.

[9] Id. Under the NSA, the Out-of-Network Rate wouldbe either the agreed-upon amount or the amount determined through IDR.

[10] Id.

[11] Id.

[12] Id.

[13] The NSA provides that the Secretary of HHS, in consultation with the Secretaries of the U.S. Department of Labor and U.S. Department of Treasury, must establish a process to determine the qualifying payment amount. 29 U.S.C. § 1185e(a)(2).

[14] See § 1185e(a)(3)(H).

[15] See 42 U.S.C. § 300gg-132 (“[the prohibition on surprise billing] shall not apply with respect to items or services (other than ancillary services … if the provider satisfies the notice and consent criteria ….”).

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.