Published November 2, 2021

No Surprises Act Implementation Guide: Notice Requirements

No Surprises Act Implementation Guide

This is the first installment of PYA’s No Surprises Act Implementation Guide. Subsequent installments will address good faith estimate requirements, medical staff communications, and claims submission.

Among its many mandates, the No Surprises Act (NSA) requires those healthcare facilities and providers subject to the new law to notify patients regarding the NSA’s protections against surprise billing (the “NSA Notice”). Compliance with these notice requirements—which include posting the NSA Notice at the provider’s physical locations, posting a link to the notice on the searchable homepage of the provider’s website, and delivering the notice to certain patients—is required by January 1, 2022.

Providers Subject to Notice Requirements

The NSA concerns billing for emergency services furnished at out-of-network facilities (including hospitals, critical access hospitals, freestanding emergency departments, and ambulatory surgery centers) and non-emergency services furnished by out-of-network providers to patients at in-network facilities. The notice requirements, therefore, apply to all facilities and those providers that furnish services in facilities or in connection with facility visits (e.g., physicians, entities providing diagnostic services). 

Content of the Notice

The NSA Notice must include: (1) a plain-language summary of the consumer protections afforded by the NSA; (2) a plain-language summary of any applicable state balance billing law; and (3) appropriate contact information for state and federal agencies that an individual may contact if the individual believes the facility or provider has violated a requirement specified in the notice.

Here’s the good news:  The Department of Health and Human Services (HHS) has published a model NSA Notice with instructions on its proper use. While facilities and providers are not required to use the model document, HHS considers its use in a manner consistent with the instructions to constitute good faith compliance with the relevant regulatory provision, 45 CFR 149.430. The instructions include a reminder to facilities and providers that, in delivering the NSA Notice, they must comply with federal requirements regarding appropriate communications with individuals with disabilities and limited English proficiency.

Posting at Physical Locations

The implementing regulations require the NSA Notice be “on a sign posted prominently at the location of the provider or facility.” (A provider that does not have a publicly accessible location [e.g., clinical laboratory] is not required to post any signage.) An easy solution to this requirement is to post the NSA Notice signage next to your HIPAA Notice of Privacy Practices. 

Posting on Website

Facilities and providers subject to the notice requirement must post a link to the NSA Notice on the searchable home page of their websites. Those without websites are not required to stand up websites for purposes of posting the NSA Notice.

Delivery to Patients

A facility must deliver the NSA Notice to all insured patients (except Medicare and Medicaid beneficiaries), regardless of network status.[1] A provider must deliver the notice to those insured patients for whom the provider furnishes services in a facility or in connection with a facility visit. 

Facilities and providers must furnish the NSA Notice in person or through mail or e-mail (as selected by the patient) no later than the date on which the provider or facility requests payment from the individual or, if the facility or provider does not request payment from the patient, the date on which the facility or provider submits a claim to the plan or issuer.

Although the regulations do not specifically address the issue, it appears the NSA Notice must be furnished for each episode of care (as compared to the one-and-done HIPAA Notice of Privacy Practices). The regulations do not require a facility or provider to secure the patient’s written acknowledgment of receipt nor otherwise specify how a facility or provider should document the delivery of the notice. A facility or provider, therefore, should follow the same procedures it employs for other required notices to demonstrate compliance.

Limited Exception      

HHS has crafted a limited exception to the notice requirement for providers furnishing services in facilities or in connection with a facility visit to avoid having patients receive multiple versions of the same document. Specifically, a provider is not required to deliver the NSA Notice to an insured patient receiving services at a facility if—and only if—the provider has a written agreement with that facility under which the facility assumes responsibility for delivering the NSA Notice on the provider’s behalf. The regulations do not otherwise specify the terms of the written agreement.     


Facilities and providers should waste no time in developing their plans to fully implement the procedures and processes necessary to meet the NSA Notice requirements by January 1, 2022. Additionally, facilities and providers should adapt their revenue cycle processes to comply with the NSA’s requirements for out-of-network billing by the new law’s effective date. An overview of those requirements is available here.

For assistance with NSA compliance, contact a PYA executive below at (800) 270-9629.

[1] Per the regulations, this includes individuals who are participants, beneficiaries, or enrollees of a group health plan or group or individual health insurance coverage offered by a health insurance issuer.

Executive Contacts

Interested in Learning More?

Sign Up for Our Latest Thought Leadership!

    Select Your Subscriptions