The No Surprises Act, Good Faith Estimates, and What They Mean for PPO Plans
Mark B
7/4/20266 min read
Surprise medical bills used to be one of the most common ways patients got blindsided by the healthcare system. A person could do everything right—choose an in-network hospital, follow their doctor's referral—and still end up owing thousands of dollars because the anesthesiologist or radiologist who treated them happened to be out-of-network. The No Surprises Act (NSA), which took effect January 1, 2022, was designed to close that gap. It changed how out-of-network billing works, created a new estimate-and-dispute system for uninsured and self-pay patients, and reshaped how insurers, including private PPO plans, calculate and defend what they pay.
For anyone in benefits administration, HR, or health plan design, understanding how these three pieces fit together—surprise billing protections, Good Faith Estimates, and PPO plan mechanics—is now a basic part of the job.
What the No Surprises Act Actually Does
Before the NSA, PPO and POS plans occupied an odd middle ground. They're built around the idea of choice: members can see out-of-network providers and still get some coverage, unlike an HMO. But that flexibility came with a catch. If a member went out-of-network, or was unknowingly treated by an out-of-network provider while at an in-network facility, that provider could bill the patient for the difference between their charge and whatever the insurer paid. This is called balance billing, and it could turn a routine surgery into a five-figure bill.
The NSA didn't eliminate balance billing everywhere, but it banned it in the situations where patients have little or no ability to choose their provider. Specifically, it protects patients in three scenarios: emergency services, regardless of which facility or provider delivers them; non-emergency services performed by out-of-network providers at in-network facilities (think anesthesiologists, assistant surgeons, or hospital-based radiologists); and air ambulance transport. In each of these cases, the patient can only be charged the same cost-sharing amount—copay, coinsurance, or deductible—that they'd owe if the provider were in-network. The health plan and provider then have to sort out the rest of the payment between themselves, without involving the patient.
That "sorting out" piece is where the qualifying payment amount (QPA) and the federal independent dispute resolution (IDR) process come in. The QPA is generally the median rate a plan pays in-network providers for a given service in that geographic market, indexed forward from a 2019 baseline. When a plan and an out-of-network provider can't agree on payment after an initial 30-business-day open negotiation period, either side can escalate to IDR, where a certified arbiter picks one of the two final offers. Early rules directed arbiters to treat the QPA as the default, presumptively correct number, which providers argued undervalued their services. That presumption has since been removed through subsequent rulemaking, giving arbiters more discretion to weigh contracted history, market share, and case complexity alongside the QPA rather than defaulting to it. In May 2026, regulators went further, finalizing updates to the IDR process aimed at streamlining communication between payers, providers, and IDR entities and clarifying timelines that had been a source of backlogs and complaints since the law's rollout.
Good Faith Estimates: The Other Half of the Law
While the balance-billing protections apply to insured patients in specific out-of-network situations, the Good Faith Estimate (GFE) requirement targets a different population: people who are uninsured or who choose to pay for care out of pocket rather than use their insurance ("self-pay" patients).
Under the NSA, providers and facilities must give these patients a written estimate of expected charges before a scheduled service. The timing is specific: if care is scheduled at least three business days out, the provider has one business day to deliver the estimate; if it's scheduled ten or more business days out, they have three business days. The estimate has to include the expected costs of the primary service along with any reasonably anticipated related items, such as anesthesia, lab work, or imaging, and it must state clearly that the GFE is not a contract and doesn't obligate the patient to use that provider or facility.
The estimate also has to disclose something most patients wouldn't otherwise know exists: the patient-provider dispute resolution (PPDR) process. If a patient's final bill comes in at least $400 above the good faith estimate for any line item, they can dispute the charge through HHS rather than simply paying it or fighting the provider directly. The process requires a modest administrative fee and a formal submission, but it gives self-pay patients a real backstop against estimate creep—the kind of scope drift that used to be almost impossible to challenge after the fact.
It's worth noting what the GFE requirement doesn't yet fully cover. The law also envisioned an "Advanced Explanation of Benefits" (AEOB), which would have required health plans to send insured patients a similar estimate combining provider charges with plan-specific cost-sharing information before a scheduled service. That piece has faced repeated delays in implementation because it depends on providers transmitting standardized data to plans, and plans building the infrastructure to turn that into a real-time, member-specific estimate. Regulators have taken what they've described as a cautious, phased approach here, which means most insured PPO members today are not yet receiving an AEOB, even though uninsured patients at the same facility are entitled to a GFE.
Where PPO Plans Fit Into All of This
This is the part that tends to create the most day-to-day work for plan sponsors and administrators, because PPO design and NSA compliance intersect at several points rather than one.
The first is cost-sharing calculation. When a PPO member receives NSA-protected out-of-network care, the plan has to calculate what the member's in-network cost-sharing would have been and apply that, then absorb or negotiate the rest with the provider directly. That means claims systems need to reliably distinguish between "protected" out-of-network claims (emergency care, ancillary providers at in-network facilities, air ambulance) and ordinary out-of-network claims where the old PPO rules—and potential balance billing—still apply. Getting this distinction wrong is one of the most common sources of member complaints and claim reprocessing.
The second is the QPA itself. Because PPOs are built around network contracting, they already have the median in-network rate data the QPA calculation depends on. But that also means PPO plans are directly exposed to the IDR process whenever a dispute goes to arbitration; the plan, not just the provider, is a party to that negotiation and bears the administrative cost and outcome risk. Plans that self-fund through a PPO network, in particular, need to know how their third-party administrator handles IDR case management, because a high volume of arbitration losses translates directly into higher claims spend.
The third is transparency. The NSA layered its estimate-and-dispute requirements on top of earlier Transparency in Coverage rules, which already required plans to post machine-readable files of negotiated rates and to offer members a self-service cost-comparison tool. A PPO member shopping between an in-network and out-of-network provider should, in theory, be able to see estimated costs for both before choosing. In practice, adoption and accuracy of these tools varies a lot by carrier, and it's an area where plan sponsors evaluating vendors should be asking pointed questions rather than assuming compliance equals usability.
Finally, there's the network adequacy angle. Because the NSA removed much of the financial leverage providers used to have over patients in emergency and ancillary-provider situations, some worry it could also remove pressure on providers to join networks at all, since they can still pursue full payment through IDR rather than accepting a lower contracted rate. Whether this shows up as a real trend in network breadth is still being studied, but it's a reason PPO plan sponsors should watch network participation rates for high-leverage specialties like emergency medicine, anesthesiology, and radiology rather than assuming the NSA has permanently solved the incentive problem.
Practical Takeaways for Plan Sponsors and HR Teams
For anyone administering a PPO plan, three things are worth prioritizing. First, confirm with your carrier or TPA exactly how NSA-protected claims are flagged and processed differently from standard out-of-network claims, and ask to see real examples, not just a policy summary. Second, understand your plan's IDR exposure and win/loss history if you're self-funded; this is a real cost driver, not just a compliance footnote. Third, keep an eye on member communications. Even where the law doesn't require you to send an Advanced EOB yet, proactively explaining these protections in open enrollment materials reduces confused calls to HR when a member gets an unexpected bill and doesn't know whether it's legal.
The No Surprises Act didn't simplify healthcare billing, but it did rebalance who bears the risk when patients have no real choice in who treats them. Good Faith Estimates extend a version of that protection to the uninsured and self-pay population, giving them a documented number to hold providers to. For PPO plans specifically, the law adds real administrative complexity around claims classification, QPA calculation, and dispute resolution, but it also removes one of the ugliest failure modes of the traditional PPO model: a member doing everything right and still getting a bill they never agreed to. Staying ahead of it is less about a one-time compliance project and more about an ongoing operational habit, since the underlying rules are still being refined through new rulemaking years after the law's initial rollout.
