Many organizations struggle with No Surprises Act compliance. Learn how internal audit can help identify risks and build a stronger compliance program.
Since it became effective in January 2022, the No Surprises Act has had a significant impact on the way healthcare providers communicate with patients regarding billing. The act is designed to protect patients against surprise medical bills in cases when they unknowingly obtain medical services from providers outside their health insurance network and subsequently are billed for the difference between what an out-of-network provider bills and what the patient’s health insurance plan covers (also known as balance billing).
Although it has been on the healthcare industry’s radar for more than two years, some organizations struggle with understanding this complex regulation and fail to put appropriate compliance procedures in place. Noncompliance, however, can expose organizations to significant risks, making monitoring compliance essential.
What are the risks of noncompliance?
The risks of not complying with No Surprises Act regulations are significant and include:
- Financial penalties. The act allows the U.S. Department of Health and Human Services to impose fines as high as $10,000 per violation.
- Reputational risks. A patient whose bill is higher than expected in-network rates, who did not receive a good faith estimate (GFE), or who received an untimely GFE might file a complaint or dispute, which could trigger a Centers for Medicare & Medicaid Services (CMS) audit. The patient could also air the complaint publicly, such as on social media, potentially jeopardizing an organization’s reputation within the community and resulting in possible lost revenue.
What internal audits reveal
Kodiak’s No Surprises Act compliance audits have revealed several risk gaps within organizations. Some of the most common challenges organizations face regarding No Surprises Act compliance include:
- Undocumented processes. The No Surprises Act requirements don’t specify that an organization’s compliance processes should be documented. But the lack of a requirement doesn’t mean that CMS won’t request documentation. It is a best practice to have processes formally documented, including how the organization trains staff on No Surprises Act rules. In addition, documented processes could facilitate consistent procedures across the multiple departments involved in an organization’s No Surprises Act compliance program.
- GFE issues. Kodiak has identified GFE issues in 80% of audits completed where GFEs do not match publicly posted hospital pricing, organizations struggle to provide patients with timely GFEs, or, worse yet, organizations are found to not be issuing them at all. Additionally, patients who receive a bill of $400 or more above the GFE amount can initiate a dispute, which could be costly and time-consuming for organizations. Healthcare organizations should train staff frequently on GFEs, especially due to high rates of turnover in scheduling and registration departments.
- Improper use of monitoring tools or specific work queues. Some organizations are developing special tools and work queues to help facilitate timelier GFEs. These tools are helpful, but it can be easy for organizations to gain a false sense of security from them, making training in this area vital. Organizations should support employees to make sure they are correctly operating work queues and monitoring tools.
- Lack of compliance monitoring. An absence of monitoring could be an indication that an organization does not have a comprehensive No Surprises Act compliance program in place. Effective compliance programs can help protect against reputational risks or financial penalties. Organizations should continually monitor for No Surprises Act compliance and initiate plans to mitigate risk.
- Lack of interdepartmental communication. Implementing No Surprises Act regulations properly through a well-designed program takes cooperation among stakeholders from multiple organizational departments. However, sometimes departments work in siloes. A multidisciplinary team approach might provide a better plan for an organization’s No Surprises Act program to succeed. Leaders from areas such as revenue cycle, patient experience, access, registration, and compliance can steer this cross-departmental work. In addition, healthcare organizations can involve individuals responsible for the organization’s website management, such as staff from communications or marketing departments, as several regulations are related to posting information about the No Surprises Act on organizational websites.
- Problems with disclosure notices. Kodiak’s No Surprises Act audits also have uncovered a lack of compliance with providing and posting No Surprises Act disclosure notices as well as organizations not documenting standard operating procedures for No Surprises Act compliance.