What’s missing from your compliance strategy? Avoid surprises from a renewed regulatory focus on provider data

The Ribbon Team
December 11, 2023

Is your provider directory compliant?

Provider directories are notoriously hard to manage and keep up to date, with ~30% of provider information churning every year. On top of that, new regulations require health plans to continually update their directories and ensure data is accurate and up to date. This isn’t an easy task - research shows that 81% of provider data entries in the top 5 national health plans have inconsistencies. Health plans feel these painful implications, from member experience to operational challenges and high costs.  

Ribbon Health General Counsel Josh Macfarlane weighs in on the compliance risks that inaccurate provider data raises and the increased regulatory focus on this area.

The following does not constitute legal advice and readers should consult their own counsel before making decisions with respect to the insight provided.


Josh, what regulation trends are you seeing around provider directories?

So on both the federal and state levels, there are laws designed to improve the accuracy of health plans’ provider directories. The thinking being: we should make it as easy as possible for people to find healthcare when they need it. On the federal level, there is the No Surprises Act - a comprehensive piece of legislation that is designed to protect consumers from surprise medical bills and allow them to better understand the cost of healthcare services before receiving them. This law includes Section 116, which really speaks to provider directories, specifically by including requirements for health plans to maintain up-to-date directories (e.g., requirements around how frequently they refresh their data and update their directories when they become aware of inaccuracies).

In terms of enforcement on the federal level, we’ve seen the Center for Medicare and Medicaid Services (CMS) focus on provider directories in their annual audits of MA plans, particularly between 2016-2018, when it was their primary focus.  That’s not to say that they haven’t continued to monitor provider directory compliance since 2018 - there’s been a spate of enforcement action this year alone - and there’s reason to believe that the CMS may return to provider directories in upcoming annual audits. 

At the state level, we’ve seen some recent enforcement action coming out of Illinois where a regional plan was fined upwards of $230,000 for violating Illinois’ Network Adequacy and Transparency Act (in addition to fines already levied), which requires healthcare insurers to keep provider directory information up to date. This regional plan in particular has been fined more than $1M over the past couple of years. This is another example of how state and federal regulators are cracking down on enforcing laws already on the books. 

We're also seeing new legislative action. Earlier this fall, a bipartisan group of senators introduced a Bill to Improve Health Care Access, called the Requiring Enhanced & Accurate Lists of (REAL) Health Providers Act which aims to crack down on “ghost networks” (which are essentially providers listed in-network that are not actually available to provide care).

What is the focus of these regulations as they relate to health plans?

I'll focus on the provider directory angle, just given the breadth of these laws. While each piece of legislation has its nuances and requirements, first and foremost, they are trying to ensure that people looking for care via a health plan’s directory can find that care. When we think about blockers that would prevent a member from doing that, inaccurate data is a big problem. Let’s say you call Dr. Smith at the number listed for her, as she’s supposed to practice at a location that’s convenient for you. But, it turns out the number doesn’t work, or Dr. Smith has moved addresses or is no longer practicing. This is an incredibly frustrating experience for members, particularly when happening at scale. These pieces of legislation are trying to address this by getting health plans to be proactive in ensuring that their provider directories are up to date with accurate information. 

Let’s take, for example, the Illinois law that we just touched on. The Network Adequacy and Transparency Act requires covered health plans to update their provider directory within 10 business days with new information or status updates. The No Surprises Act is even more robust, requiring updates to be made within 2 business days

All of these requirements afford protections to members who reasonably deserve to have current information to find the best care options for themselves and their dependents. The ultimate aim is to improve the overall experience for individuals looking for care through their health plan and to protect them from paying for out-of-network costs as a result of data errors. That notion of cost gets back to the overarching theme of the NSA which is to help people better understand and avoid unexpected costs when seeking healthcare.

How do these regulations, like the NSA, impact health plans and how should they think about compliance?

Health plans should gauge their compliance obligations carefully and think about having systems in place to ensure they can meet all of these requirements. With respect to provider directories, health plans will likely want to have robust and comprehensive processes and frameworks to (1) regularly refresh their provider directory data and (2) update their directories with new data (e.g., within the statutory 2 business days) and remove inaccuracies, all in accordance with the various requirements and timelines. Ideally, these processes will allow them to flag information that might have been verified by the provider but seems questionable. For example, if a provider has 27 phone numbers, that’s probably worth a closer inspection. 

There’s also a degree of flexibility that’s helpful, such that health plans can comply with existing and new laws by adapting their framework based on changing requirements. Having a proper process in place should also help demonstrate that a health plan is undertaking its compliance obligations seriously (which could come in handy in the event of an audit).

When we think of these laws, it’s easy to think that they’re penalizing health plans. But they can also have a positive impact. They ensure that members are directed to the right provider, improving the member experience and ultimately reducing costs for health plans. 

What are the risks of non-compliance?

Health plans could be subject to enforcement action, resulting in sizable financial penalties, as well as non-financial penalties like corrective action. There's a whole host of risks associated with non-compliance which health plans should be aware of and assess. So compliance is ultimately the name of the game. 

Where have you seen these strategies be successful?

One national health plan that Ribbon works with comes to mind. By working with Ribbon and implementing some of these data management processes, they reduced their number of support tickets by 26%, which is huge - more than a quarter - in large part due to more accurate in-network provider options and fewer instances of surprise billing. I’d say anything that creates more efficiency internally for their business and engenders goodwill from their members is a win. 


Assure complete compliance and automate data processes with Ribbon Health Provider Data Management 

Ribbon’s flexible, API-first data management platform centralizes your provider data sources and workflows into one comprehensive platform. Our proprietary machine-learning technology guarantees that data received is updated in less than 24 hours, ensuring you comply with mandates from the No Surprises Act and beyond. 

Unlock business value with key features: 

  • Manage: Aggregate and maintain all provider data sources in real-time with infrastructure that fits into your existing systems
  • Transform: Proprietary tools and data processing technology to clean, update, and manipulate data at scale
  • Assess: Accuracy scoring models to understand relative data quality and inform how to lift data accuracy and completeness
  • Enrich: Access to Ribbon’s data assets and manual validation capabilities to fill data gaps, replace low-quality data, and add new, powerful context on providers

Learn more about Ribbon Provider Data Management and our work with leading national health plans.

Get in touch

Read more about our company and culture

Ribbon Health Named 2023 MedTech Breakthrough Award Winner

Fierce Healthcare names Ribbon Health as one of its 2023 “Fierce 15” companies

At Ribbon, our mission is to simplify healthcare