By Mark Flores – Executive Vice President and Co-Founder at AVYM Corporation
April 6, 2026
From Hidden QPAs to TPA Failures in Arbitration: self‑insured employer plans are paying for a system they cannot see, and carrying the liability for a system designed to protect insurers, not employers
The No Surprises Act (NSA) was designed to protect patients from unexpected medical bills by establishing a federal payment standard called the Qualified Payment Amount (QPA); and creating the Independent Dispute Resolution (IDR) process to resolve payment disagreements between providers and insurers. For self‑insured employer plans, the law places the financial responsibility for any additional payments squarely on the employer, even though the Third‑Party Administrator (TPA) controls the calculations, negotiations, submissions, and compliance steps.
Against this backdrop, national insurers are now filing lawsuits against providers and the agents who assist with IDR submissions, alleging that providers are pushing “ineligible” claims through the process. Their central evidence: providers win close to 90% of IDR cases. Insurers insist this high win rate proves the system is flawed and that providers are gaming it.
Fuzzy Math
But the high provider win rate reveals a very different systemic failure:
insurer TPAs routinely cannot justify their own reimbursement rates with credible evidence.
In many cases, they don’t even show up to defend the payments they issued on behalf of self‑insured employer plans. This failure has direct financial consequences: when a TPA defaults or refuses to participate, the IDR entity will select the provider’s offer by default, and the plan sponsor, not the TPA, must pay the full amount within 30 days. The “loser pays” rule also means the plan absorbs the IDR fees, which TPAs routinely pass back as claims costs or administrative charges.
Providers typically submit detailed data on acuity, training, and resource intensity. Insurer TPAs, by contrast, lean almost exclusively on the QPA, an opaque, proprietary figure that rarely withstands neutral scrutiny. Although the NSA defines the QPA as the median in‑network rate for a service in a given region, the actual formulas used by TPAs to calculate it are treated as trade secrets. Even after the Transparency in Coverage Rule (TiC) required machine‑readable files of negotiated rates, many TPAs continue to obscure the underlying math, leaving employers, and patients, at a profound disadvantage.
Insurers often calculate the QPA using their own “negotiated” rates, then shield the data from review. Research suggests some carriers even use “ghost rates”, rates for services that were not actually provided, in the QPA calculation, thereby skewing the median rate downward and resulting in lower payments. Additionally, insurers typically exclude provider bonuses and single-case agreements, further suppressing the QPA payment amounts.
Yet insurers still insist that their QPAs represent fair, reasonable, market‑based payment amounts. If that were true, why are employers denied access to the underlying data needed to validate their own claims costs?
How can an employer receive a $2M bill for hospital services when the hospital is only paid $600K?
Insurer TPAs cannot claim the QPA reflects the appropriate market rate while simultaneously charging self‑insured employers multiples of that amount for the same services.
This contradiction exposes the core problem:
the QPA is treated as authoritative when it benefits the insurer in IDR but becomes off‑limits when an employer seeks to verify prudent use of plan assets.
If the QPA were genuinely defensible, TPAs would have no reason to block employer access, or to prevent employers from comparing the QPA to what their plans are actually being charged.
Employers Left Holding the Bag
Employers are absorbing IDR losses they never see coming. Most employers have ZERO visibility into how many of their claims are being adjudicated through the NSA/IDR process, despite being financially responsible for any additional payments. Under the NSA, the plan sponsor is ultimately liable for all additional payments ordered by the IDR entity, even though the TPA controls the negotiation, submission, and compliance steps. If the TPA mishandles the process, or fails to defend the claim, the employer pays the price. And while the employer is legally responsible to the provider, the TPA may be contractually liable under the ASO agreement if their failure constitutes a breach of duty.
This dynamic creates a dangerous misalignment: TPAs control the process, but employers bear the financial and regulatory risk
The opacity doesn’t end there. Employers are frequently billed inflated “estimated” or “negotiated” rates that exceed the provider’s actual billed charges, while providers are paid far less. With the QPA hidden from review, TPAs can bill the plan at an overstated rate, pay the provider a lower amount, and retain the spread as an undisclosed margin, known as the “Spread Risk.” This practice has triggered a surge of employer scrutiny and investigation into alleged overbilling and spread pricing.
A System Built by Insurers For Insurers
The relationship between low QPAs and high IDR volume remains one of the most misunderstood dynamics in the NSA ecosystem. Artificially low, opaque QPAs widen the gap between a plan’s initial payment and a provider’s reasonable expectations. That gap:
- makes arbitration economically logical;
- destabilizes networks, and;
- erodes trust in insurer payments;
These results ultimately drive more IDR filings and increase administrative burdens and patient costs.
Ironically, this dynamic is most visible within the BCBS ecosystem, not merely because the Blues participate heavily in IDR, but because they were among the primary architects and advocates of the very payment infrastructure that the NSA later codified.
For decades, Blues plans shaped local market rates through dominant PPO networks, proprietary methodologies, and fragmented contracting practices. When the NSA adopted the QPA as the central pricing benchmark, it effectively embedded the Blues’ long‑standing rate‑setting architecture into federal law.
The result is predictable: structurally low, opaque QPAs widen the payment gap, driving higher IDR volume in Blues‑heavy regions. With 36+ independent licensees each running their own QPA engines, near‑total opacity, and entrenched market power, the Blues created the conditions that now fuel a self‑reinforcing cycle of disputes. In many ways, the IDR system is operating exactly as designed, because it was built atop the Blues’ opaque pricing framework.
What This Means for Employers
Self‑insured employers can no longer assume their TPAs are managing NSA/IDR obligations prudently. While employers carry the full financial liability for IDR outcomes, the TPA holds all the cards, with zero visibility for employers. This creates a dangerous disconnect where employers are paying for decisions they didn’t make and can’t even see.
Now is the time for employers to:
- Review NSA/IDR claims activity
- Demand access to QPA methodologies and underlying rate data
- Review ASO agreements for indemnification and performance obligations
- Investigate potential spread pricing or overbilling patterns
The NSA was built on insurer math. Employers are the ones paying for it. It’s time to look under the hood.
