Quick Facts

  • On August 19, 2022, the Departments of Labor (DOL), Health and Human Services (HHS) and the Treasury released updated guidance on the prohibition against balance billing under the No Surprises Act (NSA) and the machine-readable files requirements under the Transparency in Coverage (TiC) rules.
  • Under the NSA Final Rule, effective January 1, 2022, health plans (which include employer-sponsored health plans) and carriers must not balance bill patients for certain services including emergency care, non-emergency services provided at an in-network facility from an out-of-network provider, and air ambulance charges.
  • Under the TiC Final Rule, effective July 1, 2022, health plans (which include employer-sponsored health plans) and carriers must publicly post pricing data known as “machine-readable files.”


On August 19, 2022, a set of frequently asked questions (FAQs) was jointly released by the Department of Labor, Department of Health and Human Services, and the Treasury Department (collectively, the Departments) to provide updated guidance on several issues surrounding the NSA prohibition against balance billing, and clarified the employer’s responsibility regarding the posting of machine-readable health plan cost data files (MRF).

Prohibition Against Balance Billing

Closed-Network Plans

The first question in the FAQs addresses how the prohibition against balance billing applies to a plan that does not have a network, such as a plan that uses reference-based pricing. The guidance clarifies that the prohibitions against balance billing for emergency services and air ambulance apply regardless of the provider network, and the provisions that limit cost sharing for non-emergency services provided by nonparticipating providers “would never be triggered if a plan or coverage does not have a network of participating facilities.”

Question three of the FAQs describes how to calculate cost-sharing for out-of-network services when a plan does not have a network. The guidance states, “cost sharing is calculated as if the total amount that would have been charged for the services by a participating emergency facility or participating provider were equal to the recognized amount for the services.” Question four addresses how to determine the out-of-network rate for plans with no network and states, “a plan or coverage that utilizes a reference-based pricing structure (or a similar network design) and does not have a network of providers may be required to make a total payment that is different than the plan’s or issuer’s reference-based amount for items and services that are subject to the surprise billing provisions of the No Surprises Act.”

Further, the guidance states that even if a plan does not otherwise provide coverage for out-of-network items and services, under the NSA, protections for emergency services, non-emergency services provided at an in-network facility by an out-of-network provider and emergency air ambulance service still apply.

Air Ambulance Services

The guidance clarifies that if a plan does not cover non-emergent air ambulance services that the NSA and its regulations do not require coverage for such services. Further, the FAQs state that the prohibition on balance billing applies to air ambulance services even if the pickup point for such service is outside of the United States.

Balance Billing Disclosure Requirements

Starting January 1, 2022, plans must make available via a publicly accessible website and include on each explanation of benefits (EOB) information on the NSA prohibition against surprise billing. The Departments provided a model notice for this purpose. Question 11 of the FAQ clarifies that plans that do not have their own publicly accessible website may enter into a written agreement to rely on their health insurance carrier or third-party administrator (TPA) to satisfy the posting requirement. However, the group health plan remains liable should the TPA or carrier fail to post the notice.

State-specific balance billing required model notice language is only required to be provided when plan participants are enrolled in a state that has state-specific rules, and only to self-funded plans that opt in to state rules.

The guidance goes on to provide an updated Notice and Consent form for providers and an updated Model Notice for health plans.

span style=”color: #003f5e;”>Calculating the Qualifying Payment Amount

Questions 14 and 15 discuss calculating the qualifying payment amount (QPA). Specifically addressing how a self-funded plan should determine the QPA when it has multiple group health plans. The guidance states, “if a single self-insured group health plan offers multiple benefit package options administered by different TPAs, the plan may allow each TPA acting on behalf of the plan to calculate a median contracted rate separately for those benefit package options administered by the TPA.”

Independent Dispute Resolution Process 

The FAQs provide several questions about the independent dispute resolution (IDR) process. Questions 16 and 17 address the timeline for IDR, clarifying that the NSA requires plans and issuers to send initial payment within 30 calendar days, and such 30-day period begins on the date the plan or issuer receives the information necessary to decide a claim. The guidance further states that providers and facilities have 30 business days from the time they receive the initial payment or denial of payment before they can begin open negotiations. The negotiation period may start before the end of the 30-business day window.

Question 20 explains that if a plan or issuer fails to disclose the required information when making an initial payment or denial of payment, then a provider or facility may begin open negotiations or request an extension of the IDR process. Question 21 describes the process to submit the information necessary to initiate the IDR process, particularly when using electronic methods to initiate IDR proceedings. The guidance goes on to state that the initiating party may begin the open negotiation period by sending an open negotiation notice to the other party electronically if the following conditions are satisfied:

  1. the initiating party has a good faith belief that the electronic method is readily accessible by the other party; and
  2. the notice is provided in paper form free of charge upon request.

Machine-Readable Files

The guidance clarifies that as long as there is a written agreement in place, an employer is not required to post a link on their own organization’s public website to files that are made public by the carrier or employer’s plan administrator.

Under the TiC Rule, effective July 1, 2022, health plans (which include employer-sponsored health plans) and carriers must publicly post pricing data known as the “machine-readable files” or “MRFs.”  The intent is that insurance companies and self-funded health plans publicize what they pay providers for medical services.

The applicable files should have been available July 1, 2022, for any plan years beginning January 1, 2022, through July 1, 2022. For plan years beginning after July 1, 2022, the files should be made available during the first month of the plan year.

Posting Requirements

Carriers and plans are required to publicly disclose in a machine-readable file the following data:

  • In-network provider rates for covered items and services; and
  • Out-of-network allowed amounts for covered items and services.

The TiC Final Rule requires the machine-readable files to be accessible free of charge, without having to establish a user account, password, or other credentials, and without having to submit any personally identifying information such as a name or email address. The machine-readable files must be updated monthly and must be available in a form and manner specified in any guidance issued by applicable regulatory agencies.

Compliance Responsibility

The requirements state that the data must be posted on a publicly available website. Carriers and administrators have interpreted this requirement differently, creating some confusion among employers.

In the FAQs released on August 19, 2022, the Departments clarified employers are not required to post a link to the data files on their organization’s website if there is a written agreement in place that ensures that the carrier or administrator will make the relevant files publicly available in compliance with the requirements.

span style=”color: #003f5e;”>Fully Insured Plans

Employers sponsoring fully insured medical plan options can rely on the carrier to satisfy this requirement. The TiC Final Rule specifically states that if the employer has a “written agreement” with the carrier indicating that the carrier is posting the information, then the employer does not need to take further action. In this case, CMS clarifies that the carrier is liable if the files are not made available according to the requirements.

Self-Funded Plans

The Departments also make it clear that self-funded employers can also rely on their administrator to make the necessary files publicly available, again if there is a written agreement in place; however, in the case of a self-funded plan, if the employer’s vendor does not post the files in accordance with the regulations the employer/plan sponsor is liable.

Written Agreement

There is currently no specific guidance on what constitutes a valid written agreement between the employer and their carrier or TPA. Employers may be able to meet this requirement in a variety of ways:

  • Include specific machine-readable file language in the group contract or administrative service agreement. Note that employers may not be able to get carriers or administrators to agree to contractual language changes.
  • Request confirmation of the vendor’s commitment to make the files available as required and receive a response specific to that employer’s plans.
  • Many carriers and administrators have already sent something in writing (email, letter, etc.) from carrier or TPA stating they will make relevant files publicly available. It is not clear whether this constitutes a valid written agreement. Guidance on this from the Departments would be appreciated.

Many group insurance contracts and administrative services agreements already have more general language regarding carrier or vendor compliance with applicable laws and regulations. Departments’ guidance as to whether this is sufficient would be appreciated.


It is welcome news that employers do not have to worry about posting a link to the data files on their own organization’s public website. Employers should make sure they have something in writing in place with their carrier or administrator ensuring that the files will be posted in compliance with the applicable rules.


EPIC Employee Benefits Compliance Services

For further information on this or any other topics, please contact your EPIC consulting team.

Learn About Our Employee Benefits Compliance Services

EPIC offers this material for general information only. EPIC does not intend this material to be, nor may any person receiving this information construe or rely on this material as, tax or legal advice. The matters addressed in this document and any related discussions or correspondence should be reviewed and discussed with legal counsel prior to acting or relying on these materials.



Sign up for our Compliance Matters Newsletter

With this subscription, you’ll receive our monthly Compliance Matters newsletter, as well as special Compliance Alerts and invitations to our Compliance Webinars.