NSA Compliance Methodology

Statutory Basis

The No Surprises Act (NSA), enacted as Division BB of the Consolidated Appropriations Act of 2021 (Pub. L. 116-260), prohibits surprise billing effective January 1, 2022. The Act is implemented through three sets of federal regulations:

• 29 CFR §2590.716 — Department of Labor (DOL): group health plans and health insurance issuers in the group market
• 45 CFR §149.140 — Department of Health and Human Services (HHS): health insurance issuers in the individual and group markets
• 26 CFR §54.9816 — Department of the Treasury / IRS: self-insured group health plans

CMS enforces the NSA's Independent Dispute Resolution (IDR) process and the machine-readable file (MRF) transparency mandate. Both enforcement data streams are published as federal public domain (US-Government-Works) via data.cms.gov.

Provider-Side: IDR Filing Rate Score

Methodology version: nsa-idr/v1

CMS publishes quarterly IDR data aggregated by initiating party NPI. The IDR filing rate per 1,000 claims is a proxy for the frequency of billing disputes initiated by or against a provider.

• Ceiling: 50 IDR filings per 1,000 claims → score = 0 (maximum dispute frequency)
• 0 IDR filings per 1,000 claims → score = 1.0 (no disputes in period)
• Entities with fewer than 50 NPIs: insufficient sample — score reported as null
• CMS suppression sentinels ("*", "DS") treated as null, excluded from rate average

Source: CMS IDR data, data.cms.gov/provider-data. Federal public domain.

Payer-Side: MRF Compliance Score

Methodology version: nsa-mrf/v1

Under NSA §2799B-6 and 45 CFR §149.140, health insurance issuers must publish machine-readable files (MRFs) containing in-network rates and out-of-network allowed amounts. CMS publishes a quarterly non-compliant issuer list identifying issuers that have failed to meet MRF publication requirements.

• Score = 1.0: all tracked issuers in compliance
• Score = 0.0: all tracked issuers non-compliant
• Issuers with unknown compliance status (null) excluded from denominator

Source: CMS MRF non-compliant issuer list (quarterly PDF → structured). Federal public domain.

Composite Score

Methodology version: nsa-compliance/v1

• Provider entities: composite = idr_rate_score (MRF not applicable)
• Payer entities: composite = mrf_compliance_score (IDR rate not applicable)
• Mixed entities (both available): composite = simple average of both scores

Grades: A (≥90%) · B (≥75%) · C (≥60%) · D (≥45%) · F (<45%) · insufficient sample

Limitations

• IDR filing data is aggregate at the NPI level and does not reflect individual dispute outcomes or clinical appropriateness.
• Absence from the CMS non-compliant issuer list does not guarantee full MRF compliance — CMS audit coverage is periodic, not continuous.
• State-level breakdowns reflect the NPI billing state or issuer domicile, not necessarily the patient encounter state.
• This index is a research and transparency tool. It is not a legal determination of NSA compliance status.
• Data freshness: quarterly. Current issuance reflects the most recent CMS publication available at the time of the last cron run.

Data Access

• Download CSV — latest issuance, all entities. SHA-256 in response header.
• Leaderboard dashboard

Fonteum · https://fonteum.com · License: CC-BY-4.0 · Source data: US-Government-Works