Insurance Circular Letter No. 12 (2021)

December 29, 2021

STATUTORY AND REGULATORY REFERENCES: N.Y. Insurance Law §§ 3217-a(a)(17) and 4324(a)(17); Public Health Law § 4408(1)(r); No Surprises Act (Pub. L. No. 116-260, 134 Stat. 1182, Division BB § 109); 42 U.S.C. §§ 300gg-111(e), 300gg-115(a) and (b), and 300gg-139; 11 NYCRR 52 (Insurance Regulation 62)

I. Purpose

The purpose of this circular letter is to provide guidance to insurers authorized to write accident and health insurance in New York State, Article 43 corporations, health maintenance organizations, student health plans certified pursuant to Insurance Law § 1124, municipal cooperative health benefit plans, and prepaid health services plans (collectively, “issuers”) and health care providers and facilities (collectively, “providers”) regarding requirements for provider directories and health insurance identification cards under the federal No Surprises Act (“NSA”) and state law with respect to comprehensive health insurance coverage.

II. Background

The NSA was signed into law as part of the Consolidated Appropriations Act of 2021 (Public Law 116-260; Division BB § 109) on December 27, 2020 and takes effect on January 1, 2022. Section 116 of the NSA amended 42 U.S.C. § 300gg-115 and § 300gg-139 to include requirements for issuers and providers regarding provider directory information. Section 107 of the NSA amended 42 U.S.C. § 300gg-111(e) to require certain information to be included on physical or electronic health insurance identification cards that are issued to insureds. The NSA amendments apply to plan years beginning on or after January 1, 2022.

Insurance Law §§ 3217-a(a)(17) and 4324(a)(17) and Public Health Law § 4408(1)(r) include requirements for provider directories, and § 52.69 of 11 NYCRR 52 (Insurance Regulation 62) includes requirements for health insurance identification cards. While some NSA requirements are similar to New York requirements, there are other NSA requirements that are not addressed in New York law or regulations promulgated thereunder that will expand the New York protections in certain circumstances as described below.

III. Discussion

1. Provider Directory Requirements for Providers

   NSA § 116 added 42 U.S.C. § 300gg-139(a), which requires providers to submit provider directory information to issuers when: (1) the provider begins a network agreement with an issuer; (2) the provider terminates a network agreement with an issuer; (3) there are material changes to the content of provider directory information; and (4) at any other time (including upon the request of the issuer) determined appropriate by the provider or the U.S. Department of Health and Human Services (“HHS”). 42 U.S.C. § 300gg-139(d) defines “provider directory information” to mean “the names, addresses, specialty, telephone numbers, and digital contact information of individual health care providers, and the names, addresses, telephone numbers, and digital contact information of each medical group, clinic, or facility contracted to participate in any of the networks of the group health plan or health insurance coverage involved.”

   Further, under 42 U.S.C. § 300gg-139(b), when an insured pays a bill that exceeds the in-network cost-sharing for a treatment or service and the protections from provider directory misinformation as set forth in 42 U.S.C. § 300gg-115(b) apply (see paragraph C below), providers must reimburse the insured for the full amount paid by the insured in excess of the insured’s in-network cost-sharing amount for the treatment or service. However, the NSA does not prohibit a provider from requiring in the terms of a contract with an issuer, or as part of contract termination with an issuer, that the issuer remove the provider from the issuer’s directory at the time of termination and that the issuer bear financial responsibility for providing inaccurate network status information to an insured.

   The NSA states that these requirements shall not be construed to preempt any provision of state law relating to health care provider directories. However, there are currently no state law requirements obligating providers to submit provider directory information to issuers, so the requirements set forth in the NSA apply. Issuers should also incorporate the NSA requirements for providers to submit provider directory information to issuers into their contracts with participating providers.

2. Provider Directory Requirements for Issuers

   Insurance Law §§ 3217-a(a)(17) and 4324(a)(17) and Public Health Law § 4408(1)(r) require issuer provider directories to include a listing, by specialty (if applicable), of the name, address, and telephone number of all participating providers, as well as whether a provider is accepting new patients. For physicians, the directories must also include board certification, languages spoken, and any affiliations with participating hospitals. For mental health and substance use disorder services providers, the directories must include any affiliations with participating facilities certified or authorized by the Office of Mental Health or the Office of Addiction Services and Supports and any restrictions regarding the availability of the individual provider’s services. For example, the directory may indicate whether an individual provider does not serve adults or children, or individuals with particular mental health conditions, whether the individual provider is an employee of or affiliated with a facility, or whether the individual provider provides services in a specific facility location. These sections of the Insurance Law and Public Health Law require a document with this provider directory information to be updated annually. In addition, an issuer must post the provider directory on its website and update its website within 15 days of the addition or termination of a provider from the issuer’s network or a change in the physician’s hospital affiliation.

   NSA § 116 added 42 U.S.C. § 300gg-115(a), which includes requirements for issuers regarding the content of provider directories and requires issuers to update directories on their websites within two business days of the receipt of information from a provider (see paragraph A above). The NSA also requires an issuer to, at least once every 90 days, verify and update the provider directory information on its website for each provider. As part of that verification process, an issuer must establish a procedure for the removal of a provider if the issuer has been unable to verify the information during a period specified by the issuer. However, the NSA does not preempt any provision of state law relating to health care provider directories. Insurance Law §§ 3217-a(a)(17) and 4324(a)(17) and Public Health Law § 4408(1)(r) require an issuer to annually update its provider directory, with certain updates to the provider directory on the issuer’s website completed within 15 days as described above. The Insurance Law and Public Health Law requirements for provider directory content and updates within 15 days continue to apply at this time. DFS will evaluate whether further guidance is necessary once CMS issues guidance on the provider directory verification and update process.

3. Provider Directory Misinformation

   NSA § 116 adds 42 U.S.C. § 300gg-115(b) to prohibit issuers from imposing on an insured a cost-sharing amount that is greater than the cost-sharing amount that would apply had the item or service been furnished by a participating provider, when the insured receives a bill for out-of-network services resulting from the issuer providing inaccurate network status information to the insured. In such cases, the issuer must also apply the deductible or out-of-pocket maximum, if any, that would have applied had the services been received from a participating provider. Under 42 U.S.C. § 300gg-115(a), an issuer must provide network status information to an insured in writing within one business day of the insured’s request for the information by telephone. An issuer also must include in its hard copy provider directory a notification that the information contained in the directory was accurate as of the date of publication of such directory and that an insured should consult the provider directory posted on the issuer’s website to obtain the most current provider directory information.

   Pursuant to 42 U.S.C. § 300gg-115(b), an issuer provides inaccurate network status information, and is therefore prohibited from imposing on an insured a cost-sharing amount that is greater than the cost-sharing amount that would apply had the item or service been furnished by a participating provider, if the insured receives a bill for out-of-network services, when: (1) the issuer represents in the provider directory posted on its website that a non-participating provider is participating in the issuer’s network; (2) the issuer provides information, upon an insured’s request made by telephone, that a non-participating provider is participating in the issuer’s network; (3) the issuer fails to provide information in writing regarding a specific provider’s participating status within one business day of a request from an insured made by telephone; or (4) the issuer represents in the hard copy provider directory that a provider is participating in the issuer’s network and the provider is non-participating as of the date of publication of the hard copy provider directory.

   There are currently no state law requirements prohibiting issuers from imposing on an insured a cost-sharing amount that is greater than the cost-sharing amount that would apply had the item or service been furnished by a participating provider when the issuer provides inaccurate network status information to the insured, so the requirements set forth in the NSA apply.

4. Health Insurance Identification Cards

   Section 52.69 of 11 NYCRR sets forth requirements for disclosure of certain information on health insurance identification cards. In part, 11 NYCRR § 52.69 requires health insurance identification cards issued to insureds and dependents to include the copayment or coinsurance information applicable to participating providers for: (1) primary care office visits; (2) specialist office visits; (3) urgent care; (4) emergency room visits; and (5) prescription drugs for a 30-day supply at a retail pharmacy, if applicable. Health insurance identification cards must also include the phone number or numbers at which the insured and health care provider may readily obtain member services assistance, confirmation of eligibility or verification of benefits, and prior authorization for health care services.

   NSA § 107 amends 42 U.S.C. § 300gg-111(e) to require an issuer to include additional information on physical or electronic health insurance identification cards that are issued to insureds. Health insurance identification cards must include: (1) any applicable annual deductible; (2) any annual maximum out-of-pocket amount; and (3) the telephone number and internet website address through which insureds may seek consumer assistance information, such as information related to hospitals and urgent care facilities.

   In order to comply with the NSA requirements, issuers must add any applicable annual deductible and any annual maximum out-of-pocket amount to their identification cards. DFS will be amending 11 NYCRR § 52.69 to include this requirement.

IV. Conclusion

Providers and issuers are advised that the NSA requirements regarding provider directories described in this circular letter, and the requirement to refund to the insured any money paid for a bill that exceeds the in-network cost-sharing for a treatment or service where the insured received provider directory misinformation, apply to plan years beginning on and after January 1, 2022. Issuers are advised that they must continue to comply with Insurance Law and Public Health Law requirements regarding provider directory updates. DFS will be promulgating a regulation to integrate the NSA provider directory protections with state requirements.

Issuers are advised that they must comply with the health insurance identification card requirements as set forth in 42 U.S.C. § 300gg-111(e) for plan years beginning on or after January 1, 2022. DFS will be amending 11 NYCRR § 52.69 for consistency with the NSA requirements on health insurance identification cards described in this circular letter.

Please direct any questions regarding this circular letter by email to [email protected].

Very truly yours,

Lisette Johnson
Chief, Health Bureau