As part of the Biden administration’s focus on enforcement of the No Surprises Act (NSA), the Consumer Financial Protection Bureau (CFPB) has issued a bulletin (the Bulletin) indicating that it will closely review the practices of those engaged in the collection or reporting of medical debt, will hold debt collectors accountable for failing to comply with the Fair Debt Collection Practices Act (FDCPA) and Regulation F, and will hold consumer reporting agencies (CRAs) and furnishers accountable for failing to comply with the Fair Credit Reporting Act (FCRA) and Regulation V. The Bulletin is accessible here.
The NSA protects consumers from certain “surprise” medical bills for services arising from care provided at out-of-network emergency rooms and for services by out-of-network physicians at in-network hospitals. If the patient is insured, the NSA limits patient cost-sharing to the amount the patient would have been required to pay if the facility or provider had been in-network and limits the amount the insurer must pay to the facility or provider to an agreed amount or the amount decided pursuant to state or federal dispute resolution processes. If the patient is uninsured, the NSA prohibits the facility or provider from charging substantially more than the facility’s or provider’s good-faith estimate for the items or services provided. The NSA prohibits facilities and providers from billing patients for amounts in excess of these limits and imposes certain dispute resolution processes if consumers assert that an amount exceeds NSA limits. (See our recent update on the NSA implementation here, more information on NSA state guidance here, and details on the second interim final rule here and the first NSA regulation here.)
In the Bulletin, the CFPB reminds debt collectors that “a debt collector who represents that a consumer owes a debt arising from out-of-network charges for emergency services may violate the prohibition on misrepresentations if those charges exceed the amount permitted by the” NSA and that collecting an amount in excess of that allowed under the NSA “would violate the prohibition on unfair or unconscionable debt collection practices.” Prior statements by the CFPB concerning debt collection practices suggest that even first-party debt collectors not subject to the FDCPA may also be liable for such activity under the CFPB’s unfair, deceptive, or abusive acts or practices (UDAAP) authority.
In addition, the Bulletin points out that debt collectors and others who furnish information to CRAs and the CRAs to which such information is reported may violate the FCRA and Regulation V if they report inaccurate information, such as medical debts that exceed the amount owed under the NSA, or include such amounts in a consumer report.
The CFPB states that it “will use all appropriate tools to assess whether supervisory, enforcement or other action may be necessary.” As a result, health care providers and facilities and the debt collectors to whom they may refer medical bills covered by the NSA should exercise caution and make certain that they understand the provisions of the NSA. Their policies and procedures should be reviewed and updated to ensure that they do not seek to collect an amount in excess of that owed by the patient under the NSA. CRAs and furnishers should also review their investigatory procedures and ensure that they have appropriate staffing to address what could be an increase in the number and complexity of disputes as consumers become increasingly aware of their rights under the NSA.