During a National Stakeholder Call on January 18, 2022, Ellen Montz—Deputy Administrator and Director of the Center for Consumer Information and Insurance Oversight (CCIIO) at the Centers for Medicare and Medicaid Services (CMS)—announced that CMS had begun publishing state-specific letters (the “Enforcement Letters”) detailing anticipated Federal and state responsibilities with respect to enforcement of the No Surprises Act (NSA) on the CCIIO website. Although CCIIO has yet to publish Enforcement Letters for a minority of states,[1] the Enforcement Letters that have been published provide critical details regarding how the NSA intersects with existing state laws and CMS’s expectations regarding NSA enforcement in each state.

Among other guidance, the Enforcement Letters indicate:

  • which NSA requirements will be enforced by specific states, and which requirements will be directly enforced by CMS;
  • whether CMS expects specific states to enter into a collaborative enforcement agreement with CMS, pursuant to which the state agrees to perform compliance functions (e.g., policy form review, investigations, market conduct examinations, and consumer assistance) and refer specific cases to CMS for enforcement if the state is unable to obtain voluntary compliance; and
  • whether the state has an all-payer model agreement or an existing specified state law or dispute resolution process that controls for determining out-of-network and/or uninsured (or self-pay) rates for services subject to the NSA.

The diversity of pre-NSA state laws addressing surprise and balance billing—which range from comprehensive to piecemeal—has presented significant challenges for stakeholders attempting to comply in good faith with the NSA in addition to state requirements, particularly in areas where state and Federal law do not align perfectly. Additionally, the NSA’s division of enforcement—with states as primary enforcers for most NSA provisions and CMS either enforcing or collaborating to enforce NSA provisions where states lack enforcement authority—added another layer of uncertainty regarding the approach different states might take to enforce the NSA.

Looking Forward

While the Enforcement Letters provide some clarity for stakeholders trying to navigate and comply with the NSA and related state surprise billing laws through tailored state-specific Federal guidance, the intersection between the NSA and state law remains a complicated area. Many questions remain regarding how stakeholders should approach the more nuanced provisions of state laws that do not align perfectly with the NSA, and states continue to promulgate regulations and issue guidance regarding the relationship between state laws and the NSA (as an example, the New York Department of Financial Services recently published several detailed letters addressing the relationship between the NSA and New York law). As stakeholders patiently wait for CMS to issue the NSA enforcement final rule,[2] they should expect the issuance of new guidance, rulemaking, and—on the state level—possibly legislation attempting to reconcile at least some of the NSA’s many provisions with state law. However, as the current landscape remains ripe with risk as the industry continues to grapple with overlapping—and sometimes incompatible—regulatory regimes, continued consciousness of state-level considerations remains paramount for stakeholders working to implement NSA compliance initiatives.

[1] As of February 11, 2022, CMS has not published Enforcement Letters for Alaska, Arizona, Illinois, Nevada, New York, Ohio, or Tennessee.

[2] The Administration issued a proposed rule addressing enforcement of the NSA on September 16, 2021. The comment period for the proposed rule that, in part, addressed enforcement of the NSA closed on October 18, 2021. See Requirements Related to Air Ambulance Services, Agent and Broker Disclosures, and Provider Enforcement, 86 Fed. Reg. 51730 (Sept. 16, 2021).

Back to Health Law Advisor Blog

Search This Blog

Blog Editors


Related Services



Jump to Page


Sign up to receive an email notification when new Health Law Advisor posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.