By using the No Surprises Help Desk (NSHD) Complaint Form (the Form), you agree to the collection and use of information in accordance with this Privacy Notice and Terms of Use, which includes a Privacy Act Statement required under the Privacy Act of 1974.

You must read and agree to the Privacy Notice and Terms of Use below.

The Centers for Medicare and Medicaid Services (CMS) ("us", "we", or "our") operates the surprise billing ("No Surprises") complaints process and help desk, including provider complaints form available online (via the Salesforce platform) or by calling the help desk (collectively the "NSHD site" or "Complaints site").

Users will use the Complaints site to submit the Form electronically to CMS, or call the help desk for assistance filing a complaint over the phone.

The information on this page tells you about our policies regarding the collection, use and disclosure of Personal Information we receive from users of the form. It also includes specifics about Personal Information and other information that may be collected about you when you use the Complaints site.

A separate Billing Complaints website Privacy Policy for consumers provides more information about CMS website privacy information for the Complaints site, which you should also read and be aware of how information is collected and used when on the Complaints site.

Separate notices and policies are maintained for providers. This Privacy Notice and Terms of Use cover consumer activities as a part of the billing complaints and help desk program.

The Centers for Medicare and Medicaid Services (CMS) ("us," "we," or "our") is committed to ensuring the security of the American public by protecting their information from unwarranted disclosure.

This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.

For additional details, see the policy at: https://www.cms.gov/vulnerability-disclosure-policy.

Here's a quick summary of CMS.gov Privacy Policy:

CMS.gov doesn’t collect your personal information through these websites unless you choose to provide it. CMS.gov collects other, non-personally identifiable information automatically from visitors to our site so we can understand how the website is being used and how we can make it more helpful. We don’t sell any information you provide when you visit CMS.gov.

Types of information we collect

System and connectivity information from your device, the date and time of your visit as well as the pages you visited, your browser language, geographic location, the time you spent on each page, and what you do on CMS.gov (like clicking a button).

Information you may provide

When you request information, we collect information, including your email address to complete the subscription process and provide you with information. You can opt out of these communications at any time.

How CMS uses information collected on CMS.gov

We use the email address you provide us to send emails related to CMS. We use online surveys to collect feedback to improve the CMS website. We use a variety of third-party web tools to collect basic information about visits to CMS.gov to maintain the website.

How CMS uses cookies and other technologies on CMS.gov

Cookies make some parts of the website easier to use, but the information you provide isn’t associated with cookies on CMS.gov.

CMS uses cookies, web beacons, and website log files on CMS.gov for digital advertising with the purpose of outreach and education. These tools are enabled by default, but you have control over what tracking and data collection takes place during your visit.

How CMS protects your personal information

You don’t have to give us personal information when you visit CMS.gov. If you choose to give us personal identifying information, we’ll only keep it long enough to respond to your question or complete the purpose of the communication.

Children and privacy on CMS.gov

CMS.gov isn’t intended to solicit information of any kind from children under age 13.

Links to other sites

CMS.gov may link to other HHS websites (like health care providers) for your convenience and education. When you follow a link to an external site, you’re leaving CMS.gov and the external site’s privacy and security policies will apply.

For additional details, see the policy at: https://www.cms.gov/privacy.

We are authorized to collect the information on this form and any supporting documentation under section 2799B-4(b)(3), 2799B-1, 2799B-2, 2799B-3, and 2799B-5 of the Public Health Service Act, as added by section 102 and 104 of the No Surprises Act, title I of Division BB of the Consolidated Appropriations Act, 2021 (Pub. L. 116-260).

This law directs the Departments of Labor, Health and Human Services (HHS), and the Department of Treasury (collectively, "the Departments") to establish a process to receive complaints regarding violations of the application of qualifying payment amount requirements by group health plans and health insurance issuers offering group or individual health coverage.

The law also directs HHS to establish a process to receive consumer complaints regarding violations by health care providers, facilities, and providers of air ambulance services regarding balance billing requirements and to respond to such complaints within 60 days.

CMS, an agency under HHS, is operating the complaints intake process on behalf of the Departments. We need the information provided about you and the other individuals or entities you identify to process your complaint and to otherwise support resolution of your complaint and our oversight and enforcement of health insurance issuers or plans, providers, and facilities.

The information will be used to determine the validity of your complaint, or refer your complaint to another federal or state regulatory agency. We may also refer or coordinate with another federal or state regulatory agency where more than one regulatory agency has jurisdiction over the complaint. The contact information you provided will be used to contact you if we need more information or documentation about your complaint, and to notify you of the resolution of your complaint. We will also use the information you provide as necessary to enable us to fulfill a requirement of a Federal statute or regulation.

Providing the requested information is voluntary. But failing to provide it may delay or prevent processing of your complaint. If you don’t provide correct information on this form or knowingly and willfully provide false or fraudulent information, you may be subject to a penalty and other law enforcement action.

In order to process your complaint, we will need to share with persons or entities outside of CMS selected information you provide, including to:

1. Other CMS and HHS contractors engaged to perform a function related to or in support of the No Surprises Help Desk.

2. All parties to your complaint and their authorized representatives, including providers and facilities you identify as relevant to your complaint.

3. If you were covered under a group health plan provided by an employer during the dates of service relevant to your complaint – your employer or the insurance company that provides the coverage under your employer’s health plan, as well as their employees, agents, authorized representatives, and contractors, such as a third-party administrator that processes claims under your plan.

4. If you were covered under a health plan in the individual market during the dates of service relevant to your complaint – the insurance company that provides the coverage under your employer’s health plan, as well as its employees, agents, authorized representatives, and contractors.

5. Other Federal agencies that are responsible for implementing and overseeing the No Surprises Help Desk, including the Departments.

6. Anyone else as required by law or allowed under the Privacy Act System of Records Notice associated with this collection entitled, "Complaints Against Health Insurance Issuers and Health Plans (CAHII)," System No. 09-70-9005, 66 FR 9858 (Feb. 12, 2001), as amended, 83 FR 6591 (Feb. 14, 2018).

This statement provides the notice required by the Privacy Act of 1974 (5 U.S.C. § 552a(e)(3)). You can learn more about how we handle your information at: https://www.cms.gov/nosurprises/privacy.

This Privacy Notice and Terms of Use is effective as of January 1, 2022 and will remain in effect except with respect to any changes in its provisions in the future, which will be effective immediately upon posting on this page.

We reserve the right to update or change this Privacy Notice at any time, and you should check this page periodically for updates. Your continued use of the Complaints Site after we post any modifications to the Privacy Notice on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Notice.

If we make any material changes to this Privacy Notice, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

OMB Control Number: 0938-1406

This form expires on August 31, 2025

According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number.

The valid OMB control number for this information collection is 0938-1406. The expiration date is August 31, 2025. This is required to retain a benefit.

The time required to complete this information collection is estimated to average 30 minutes per response, including the time to review instructions, search existing data resources, gather the data needed, and complete and review the information collection. If you have comments concerning the accuracy of the time estimate(s) or suggestions for improving this form, please write to: CMS, 7500 Security Boulevard, Attn: PRA Reports Clearance Officer, Mail Stop C4-26-05, Baltimore, Maryland 21244-1850.