Recap: What Does the No Surprises Act Cover?
Since we are halfway through 2025, the No Surprises Act (NSA) is now being strictly enforced. Last year, the focus was on training and adjusting to the new rules, but this year it is all about enforcing everyone to follow them. The U.S. Department of Health and Human Services (HHS), the Centers for Medicare & Medicaid Services (CMS), and other government agencies have made it unmistakably clear: compliance with the rules is mandatory, not optional.
The mid-year point is a time when healthcare professionals, revenue cycle executives, billers, and insurance administrators need to look at their internal processes once more, review their documentation practices, and prepare for potential enforcement strategies. At Human Medical Billing, we’ve witnessed directly how these new federal guidelines are impacting provider operations and payer relationships nationwide.
If you are doing catch-up or streamlining your processes, following are the key things you should know today.
The NSA, which took effect in 2022, is designed to shield patients from unexpected out-of-network medical bills. It primarily applies to:
- Emergency services, even when rendered by out-of-network providers
- Non-emergency services at in-network facilities delivered by out-of-network clinicians
- Air ambulance services provided by non-contracted providers
- In all cases, the law caps patient liability at in-network cost-sharing levels and bans balance billing for covered services.
By now, providers should have well-documented procedures in place to handle patient notifications, cost-sharing limitations, and payment dispute resolution. But enforcement efforts have intensified in 2025 – and compliance frameworks must now be audit-ready.
Mid-2025 Regulatory Developments: What’s in Effect Now?
1. Qualifying Payment Amount (QPA) Enforcement Discretion Extended
Although the QPA the median in-network rate for a service-is still the basis for cost-sharing and IDR benchmarks, enforcement flexibility has been extended through August 1, 2025, due to conflicting federal court rulings.
- However, disclosure requirements remain fully in effect, and plans are still expected to:
- Calculate QPAs using reasonable, good-faith interpretations
- Disclose QPA data upon provider request
- Maintain documentation for audits by CMS or other federal entities
What providers must do now:
Ensure your billing partner or internal team is not only applying compliant QPA calculations but also prepared to respond to documentation requests with clear methodology and version history.
At Human Medical Billing, we ensure every QPA data point is mapped to its source contract, versioned, and audit-traceable. Our compliance engine flags anomalies before they become enforcement risks.
2. Independent Dispute Resolution (IDR) Process Enhancements Now Active
As of June 2025, the federal IDR process reforms are in full effect. There are still disputes pending consideration through the federal portal, and payers must now add legal business names, plan sponsor details, and IDR registration numbers to notices.
- Enroll via the federal IDR website.
- Follow stricter rules for grouping disputes and keeping records.
- Fee structure remains the same: $115 administrative fee for each party, with certified entity fees dependent upon case type.
Despite these advancements, most disputes are still denied or delayed due to errors committed by providers in bundling cases or lost documents. In most cases, these can be prevented.
Our strength: Human Medical Billing protects clients from the most common pitfalls—like batching incompatible services, not documenting prior negotiations, or submitting incomplete forms—by handling the entire IDR process.
3. Gag Clause Attestations: Time to Prepare for the Year-End Deadline
The annual gag clause prohibition compliance attestation (GCPCA) for 2025 is due December 31, 2025, covering all contracts active during the calendar year. The federal requirement applies to:
- Group health plans (fully insured and self-funded)
- Health insurance issuers offering coverage in the group and individual markets
- Any service provider or TPA administering network functions
New in 2025:
Attestations must explicitly confirm that downstream contracts (not just direct agreements) do not contain any gag clauses restricting price or quality transparency.
Now is the time to audit all contracting entities including subcontracted networks to ensure you’re not at risk of attestation errors.
4. Good Faith Estimate (GFE) Compliance: Enforcement Is Tightening
The requirement to issue Good Faith Estimates to uninsured or self-pay patients is already in effect and being enforced. CMS has reported that a significant percentage of 2025 complaints involve GFE failures—especially in multi-provider or facility settings.
Current requirements:
- The “convening provider” must include all co-provider and co-facility charges
- GFEs must be provided at least 3 business days in advance of scheduled services
- Patients may file disputes through HHS if bills exceed the estimate by $400 or more
- Version 2 of the NSA consent and disclosure form is now required for all applicable services.
- Enforcement Trends and Audit Risk
As of June 2025:
- CMS and HHS have issued over $4 million in restitution linked to NSA violations
- More than 12,000 complaints were tied directly to No Surprises Act non-compliance
- Federal audits have begun targeting QPA methodology, IDR participation, and GFE failures
Additional scrutiny is expected in:
- Behavioral health practices
- Emergency medicine providers
- Multi-specialty clinics with inconsistent contracting structures
Mid-Year Compliance Checklist: What You Should Prioritize Now
Review QPA Calculation Practices
- Validate median rate sources
- Ensure documentation supports audit trails
- Verify QPA values align with service codes and modifiers
Evaluate IDR Workflows
- Standardize documentation of open negotiation
- Review batching protocols for accuracy
- Track deadlines and IDR entity responses
Audit Contracting Language
- Update all downstream contracts for gag clause compliance
- Prepare documentation for the December 2025 GCPCA attestation
Optimize GFE Generation
- Automate estimate preparation for recurring services
- Train staff to identify the “convening provider”
- Ensure consent forms are version 2 compliant
Monitor Federal Guidance
- Subscribe to CMS updates and maintain SOPs that evolve with changing guidance
- Run quarterly compliance drills or internal audits
If your team is stretched thin or relying on outdated systems, this is the time to partner with a trusted billing and compliance service provider.
Conclusion
The increased compliance demands of the No Surprises Act in 2025 represent a significant milestone in federal health care policy, requiring significant operational alterations from health care providers, health plans, and facilities across the country. At the same time, extending QPA enforcement discretion through August 2025 provides necessary flexibility in resolving ongoing litigation while maintaining essential patient protection requirements that already yielded significant consumer benefits, as evidenced by enforcement activity that recovered over $4 million in restitution.
Healthcare stakeholders need to give top priority to building strong compliance infrastructures that meet the multi-dimensional NSA requirements such as proper QPA calculation and disclosure processes, successful IDR process engagement, strict gag clause prohibition compliance, and good faith estimate preparation and delivery systems.
The shift to 100% enforcement is challenging and presents opportunities to organizations that will invest the necessary funds in the necessary infrastructure, training, and strategic alliances in hopes of successfully navigating the demanding regulatory environment.
In the future, the continued evolution of NSA requirements through court rulings, statute, and enforcement will require ongoing vigilance and responsive compliance measures. Firms that anticipate fulfilling these increased requirements in advance in the patient’s best interest.
Need help preparing for the rest of 2025?
Contact Human Medical Billing to schedule a compliance readiness review or learn more about our end-to-end billing and regulatory support services.
