Are You in Compliance? What Health Plans Need To Know About The No Surprises Act - Veda Skip to content

Are You in Compliance? What Health Plans Need To Know About The No Surprises Act

min read


min read

Are You in Compliance? What Health Plans Need To Know About The No Surprises Act

The No Surprises Act (NSA), which is a part of the Consolidated Appropriations Act of 2021 (Public Law 116-260), went into effect at the beginning of this year, on January 1, 2022. The goal of this law is to protect consumers from unexpected medical bills arising from circumstances beyond their control. In an effort to ensure a patient knows what providers are available within their health plan network, one of the provisions of the NSA requires health plans to update their provider directories more frequently (you can review the law in full here).

Three months into the year, we’re now at a point where it’s important for any health plans to ensure that they are updating their provider directories in 48 hours or less, as the law mandates, or be working towards a solution that can meet these critical timing requirements.


The “No Surprises Act” will require all provider directory updates to be processed quickly. This is a pivot from the manual processing and attestation that health plans have traditionally incurred

  • Update databases and new directory information: All provider directory updates will need to be processed within 2 business days of receipt of changes
  • Quarterly database quality audits: Validate provider data in databases and directories at least every 90 days


There are mechanisms for enforcement in place at both the state and federal levels. In Q1 2022, CMS began to levy fines for “coverage determination appeals and grievances” (42 C.F.R. § 422.105(a)) and an uptick in fines for non-compliance is likely down the road. Now is the time to assess if you’re in compliance with the new mandates and understand the potential risk they have for your business.


Assessing your situation today: To understand what changes your health plan may still need to make, we recommend that you ask and answer the following questions:

  • What are your goals for processing provider data? Obviously meeting the 48-hour requirement should be the topline goal, but some plans may have variations on this goal based on the number of covered lives under their purview and the geographies they cover (some may want for example, to make updates within a 24-hour window).
  • What process(es) do you have in place for updating provider info? How does your plan deal with messy data coming from provider organizations? Are these processes documented, or is the organization reliant on employees with historical knowledge?
  • What process(es) do you have in place for verifying the accuracy of provider info? Are there documented procedures for communicating with providers, and are these mechanisms effective? What’s in place to manage providers who are submitting “bad” data?
  • What are the data points that you currently verify? Thinking beyond basic data such as first name, last name, and specialty… you will want to make sure your plan is also able to track individual and group NPIs, organizational tax identification numbers, whether providers are accepting new patients, and more.
  • How quickly are you currently able to make provider directory updates? If the answer is weeks, which is often the case for large, national plans, it’s important that new processes be put in place as soon as possible.
  • What process(es) do you have in place for helping members that are having difficulty navigating your provider directory? The entire purpose of the NSA is to shield consumers from “bad” bills, and to overall improve their experience with the healthcare system. A system that your plan is part of.
  • How often are you cleaning your provider data in aggregate? In addition to processing regular data updates, what processes are in place to keep your database clean as a whole, and to ensure that “old” data is verified at regular intervals?


Most plans have historically used manual processes—human hands on keyboards—to update provider directories. But with the NSA’s 48-hour requirement in effect, manual processes are unlikely to remain effective, and automation truly is needed. Before bringing in an automation solution, however, you should get educated about their capabilities.

  • Understand what automation can and cannot do. Automation cannot completely solve the global interoperability problem. What some of the more sophisticated platforms can do, however, is sit between disparate systems and act as a translator.
  • Assess the situation and set realistic goals. Under current manual processes, how long does it take to make provider updates, on average? What percentage of the updates are accurate? What types of issues does your plan most commonly experience with the data you receive (is it missing column headers and or containing blank fields in Excel files, providers listed at the wrong practice locations, or something else entirely)? The answers to these questions will vary from plan to plan, as will the goals for improvement.
  • Understand the range of automation solutions available. Not all automation solutions are created equal. Some require a “rip and replace” approach that health plans may find disruptive to existing IT infrastructure, but other solutions can co-exist with current systems. Solutions also vary in terms of the type of data they can automate—your plan should seek out those that are sophisticated enough to deal with the inherent messiness of human-generated data. Finally, you should look for an automation partner that provides human support in addition to technology.


Veda is the only solution on the market today that makes it possible for plans to fully comply with the provider directory provision of the NSA. And we can do it in 24 hours. Our smart automation platform offers the fastest provider roster & delegated network processing available, with guaranteed accuracy thresholds. 

Our platform performs multiple functions that increase efficiency and accuracy for provider data processing. Key features include:

  • Intake: automate manual workflows
  • Validate: stop bad data from entering your system
  • Enhance: simplify audits with cleaner data
  • Compare: integrate to quickly update your database

Learn more about Veda’s automation solutions and why six of the top 10 health plans trust Veda with their automation. 



We're the authority on health plan data. See how Veda's Smart Automation platform can work for your health plan. Improve data accuracy, reduce workloads, and enhance the member experience. But first, start with a free demo.