Surprise Billing and HIPAA: What Patients Need to Know and How the No Surprises Act Protects You

Overview of the No Surprises Act

The No Surprises Act (NSA) is a federal set of Balance Billing Regulations designed to stop unexpected medical bills when you had no meaningful choice of provider. It limits Out-of-Network Charges and caps your Patient Cost-Sharing at in-network levels in specific situations, shifting payment disputes to your plan and the provider rather than to you.

In plain terms, “surprise billing” happens when you receive care from an out-of-network clinician or facility—often without knowing it—and then get billed the difference between the provider’s charge and your plan’s allowed amount (balance billing). The NSA curbs this practice for emergencies and for many non-emergency services at in-network facilities, and it establishes a negotiation and independent dispute resolution process for providers and plans.

The law complements, not replaces, state Balance Billing Regulations. Where a state law offers stronger protections, those stronger rules can apply. The result is a nationwide floor of Emergency Care Billing Protections with room for states to go further.

Protections for Emergency Services

In a medical emergency, you are protected from balance bills for covered services regardless of the facility’s or clinician’s network status. Your Patient Cost-Sharing (copays, coinsurance, deductibles) is calculated as if the care were in network, and prior authorization cannot be required for emergency stabilization.

These Emergency Care Billing Protections typically extend through post-stabilization until you can safely be moved or you give informed consent to continue out of network. The rules also apply to out-of-network air ambulance services, which were frequent sources of large surprise bills.

What this means for you

• You owe only in-network cost-sharing for covered emergency care at any hospital emergency department or freestanding emergency department.
• You cannot be balance billed for emergency services, including most post-stabilization care unless strict consent and transfer conditions are met.
• Payment disputes occur between the plan and provider; you should not be caught in the middle.

Protections for Non-Emergency Services

Surprise bills also arise when you schedule care at an in-network hospital or surgical center but are unknowingly seen by an out-of-network clinician (for example, an anesthesiologist). In these cases, the NSA limits Out-of-Network Charges and sets your Patient Cost-Sharing at the in-network rate.

Ancillary services that are always protected

Certain “ancillary” services at in-network facilities cannot use notice-and-consent to bill you more than in-network cost-sharing. These typically include:

• Anesthesiology, pathology, radiology, and neonatology
• Hospitalists and intensivists
• Assistant surgeons and certain diagnostic services (e.g., imaging, laboratory work)

Notice-and-consent exception for other services

For some non-emergency, non-ancillary services at an in-network facility, an out-of-network clinician may ask you to knowingly waive NSA protections. This requires advance written notice with a cost estimate and your voluntary consent, typically at least 72 hours before the service (or, for same-day scheduling, within a shorter window). If you do not sign, your protections remain, and you only owe in-network cost-sharing.

Rights of Uninsured and Self-Pay Patients

If you are uninsured or choosing to self-pay, you have Good Faith Estimate Requirements that give you cost transparency before you receive care. When you schedule or request an item or service, providers must give you a written good faith estimate (GFE) describing expected charges, including any reasonably expected related services.

Using the GFE and disputing unexpected charges

Keep your GFE. If a bill from any one listed provider comes in at least $400 higher than that provider’s estimate, you can use the patient–provider dispute resolution process to challenge it within a set timeframe (generally 120 days from the bill). This process is designed to support Medical Billing Compliance and protect you from large, unexpected cost swings.

Limitations of the No Surprises Act

The NSA is powerful but not universal. Ground ambulance services are not covered by federal surprise billing protections, though some states regulate them. Also, if you knowingly choose an out-of-network facility or clinician for non-emergency care and sign required notice-and-consent documents, balance billing may lawfully occur.

The law does not apply to every type of coverage. Some plan types—such as certain excepted benefits or short-term limited duration coverage—may fall outside federal protections. Additionally, services your plan does not cover remain your responsibility, even when NSA rules otherwise limit Out-of-Network Charges.

HIPAA Privacy and Security in Billing

HIPAA works alongside the NSA by safeguarding Health Information Privacy and the security of your billing data. Providers, health plans, and their billing vendors may use and disclose your protected health information for treatment, payment, and health care operations without separate authorization, but they must follow the “minimum necessary” standard and maintain appropriate safeguards.

Under HIPAA’s Privacy Rule, you can access your medical and billing records—typically within 30 days—and request corrections. You may ask for confidential communications (for example, sending bills to a different address). The Security Rule requires technical and administrative protections for electronic billing data, and business associate agreements extend Medical Billing Compliance obligations to vendors handling your information.

State-Specific Balance Billing Protections

States vary widely in their Balance Billing Regulations. Many states add protections for ground ambulances or broaden non-emergency safeguards, especially for fully insured plans regulated by state law. Self-funded employer plans primarily rely on federal rules, though states may help enforce aspects of the NSA for insurers operating in the state.

To understand how federal and state rules interact for your situation, confirm your plan type (fully insured or self-funded), ask whether a provider or facility is in network, and request written estimates in advance. These steps, combined with federal NSA protections, can limit Out-of-Network Charges and keep your Patient Cost-Sharing predictable.

Conclusion

The No Surprises Act establishes strong Emergency Care Billing Protections and curbs surprise bills for many non-emergency scenarios, while HIPAA protects the privacy and security of your billing information. Know your Good Faith Estimate Requirements, ask questions before scheduled care, and use your rights to keep costs transparent and fair.

FAQs.

What is surprise billing and how does the No Surprises Act protect me?

Surprise billing occurs when you receive out-of-network care you did not knowingly choose and are billed the balance above your plan’s allowed amount. The No Surprises Act blocks balance billing for emergencies and many non-emergency services at in-network facilities, caps your Patient Cost-Sharing at in-network levels, and sends payment disputes to your plan and provider—not to you.

How does HIPAA affect my medical billing information?

HIPAA safeguards Health Information Privacy by limiting how providers and plans use and share your billing data, requiring safeguards for electronic information, and granting you rights to access records, request corrections, and ask for confidential communications. These protections support Medical Billing Compliance without restricting needed payment activities.

What rights do uninsured patients have under the No Surprises Act?

If you are uninsured or self-pay, you are entitled to a Good Faith Estimate before care. If your bill from any one listed provider is at least $400 above that provider’s estimate, you can initiate a patient–provider dispute process within the allowed timeframe to challenge the excess charges.

Are all out-of-network charges covered by the No Surprises Act?

No. Ground ambulance bills are not covered by federal protections, and if you knowingly choose an out-of-network clinician or facility for non-emergency care and sign proper notice-and-consent forms, balance billing may occur. Some plan types may also fall outside the NSA, so protections can vary by situation and state rules.