Ghost networks may provide a scare for plans and their participants if not properly addressed. Recent litigation, regulatory scrutiny, and empirical testing are increasingly exposing a troubling phenomenon in health benefits. Ghost networks are provider directories that include providers who are not reachable, not accepting new patients, are effectively out-of-network despite being listed as in-network, or no longer practicing. For self-funded group health plans, this isn’t just a glitch in the directory. Ghost networks implicate Employee Retirement Income Security Act (ERISA) fiduciary duties, Mental Health Parity and Addiction Equity Act (MHPAEA) parity, and also obligations under the No Surprises Act (NSA). The 2025 decision in Hecht v. Cigna and the 2024 MHPAEA Report to Congress confirm that regulators and courts alike are increasingly treating ghost networks as a compliance fissure.
Legal flashpoint of Hecht v. Cigna
In Hecht, plan participants alleged that Cigna maintained a ghost network by advertising hundreds of in-network behavioral health providers who were either unreachable, not accepting new patients, or no longer contracted to be part of the network. Participants claimed this misrepresentation violated both ERISA’s fiduciary duty and disclosure provisions in addition to state consumer-protection laws. This was a clever reframing of the alleged harm because the participants were not just complaining about denied claims, but that the plan itself was misleading by promising a list of accessible providers who did not exist in practice.
The District Court declined to dismiss several of the ERISA counts, finding that the plaintiffs plausibly alleged a material misrepresentation about plan benefits — a potential breach of fiduciary duty. The court held that if a plan sponsor represents a network in a certain way, but knows or should know, that large portions of it are inaccessible, this may violate ERISA duties of loyalty and prudence owed to plan participants.
Hecht is the most recent example of a new type of ERISA litigation — one that looks at network adequacy through the lens of a fiduciary issue rather than a simple contractual one. Plaintiffs no longer need to show that a specific claim was improperly denied; they can allege that the entire network design misled participants. For self-funded plans, which rely heavily on third-party administrators (TPAs) and leased networks, this shift creates potential co-fiduciary exposure if they fail to monitor the accuracy of vendor-maintained directories.
ERISA fiduciary duties
Under ERISA, plan fiduciaries must act prudently and solely in the interest of plan participants. Plan communications must also be truthful and complete. Courts have long treated inaccurate plan descriptions or misleading marketing as potential breaches of these fiduciary duties. Directory misrepresentations fit within this framework. Allowing an outdated network to remain in place and visible to plan participants can signal lack of adequate oversight of the TPA and/or network vendor. Because directories distributed as part of plan materials or incorporated by reference within the plan document/summary plan description are plan communications, it’s important that they be accurate to avoid allegations of misleading plan participants. Outdated directories may also give rise to allegations that plans are prioritizing cost, convenience, and fee arrangements over accuracy.
If courts or regulators view an inaccurate directory as a fiduciary misrepresentation, self-funded plans may have financial exposure via equitable relief, mandatory claims reprocessing, and more. Liability can also extend to the plan sponsor if oversight of the TPA or network vendor is deemed insufficient.
Network adequacy under the MHPAEA
The MHPAEA requires parity in non-quantitative treatment limitations (NQTLs) between mental health/substance use disorder (MH/SUD) benefits and medical/surgical (M/S) benefits. Network adequacy — how easily plan participants can access an in-network provider or facility — is one such NQTL.
A ghost network creates a de facto treatment limitation because participants theoretically have MH/SUD coverage but cannot access a comparable number of in-network clinicians. In other instances, participants may have to travel farther, or for longer, to find in-network clinicians due to an inaccurate network directory. These are barriers to care. If the M/S side of the network is accurate, but the MH/SUD portion is riddled with errors or inaccuracies, it is likely that such a design will constitute a parity violation.
Recent Department of Labor (DOL) audits include examples of network adequacy reviews that were triggered by NQTL comparative analysis findings. The DOL asks plans to demonstrate that provider availability, credentialing, and reimbursement rates are comparable across benefit classifications. A defective network directory exposes plans to such parity violations and corrective action demands by the regulators. This can include reprocessing of claims at in-network rates and required parity improvements, and oversight of provider credentialing/recredentialing.
The No Surprises Act
The No Surprises Act (NSA), effective 2022, adds yet another layer or regulation to network directory accuracy. 29 U.S. Code §1185i(a)(2)(A) states that group health plans and issuers need to verify directory data at least every 90 days. It also requires prompt updating — within two business days after learning of a change. Plans must also respond to participant inquiries about a provider’s network status within one business day. Lastly, plans need to process claims as in-network when a participant reasonably relies on an inaccurate directory listing. This means the burden shifts more onto the plan or TPA.
For self-funded plans subject to ERISA, this can cascade into increased fiduciary exposure and higher risk of being targeted by regulators for an audit.
Mitigation strategies
The overlap of ERISA, MHPAEA, and NSA is notable. They converge on the same core concept: that plan participants must have real, not theoretical, access to care. Operational failure to maintain an accurate provider directory can trigger an increased risk of regulatory non-compliance.
Self-funded plans should treat their provider directories as living compliance documents, rather than static tools. Plans should develop formal directory programs that are designed to work alongside their network vendors to have some form of directory verification program in place. Plans should also ensure there are prompt and ongoing update cycles for the network and should insist on two-day update logs for NSA purposes. Ensuring there is a dedicated email and phone line available for the one-day inquiries from participants will mitigate much of the risk of non-compliance from failure to respond in a timely manner. Lastly, plans should ensure they have protocols in place to take prompt corrective action on a claim due to incorrect directory listings, including updating the listing to prevent a recurring issue for other participants.
Plans should begin working with their TPAs to incorporate service-level standards into the administrative services agreement, which requires NSA-compliant verification, data integrity checks, and 90-day attestation reports. Plans may also consider including quarterly compliance attestations signed by the vendor and creating a fiduciary committee that shows it reviews active monitoring of network metrics. For plans that directly lease access from a network vendor, they should try to place similar assurances in their network agreements.
Network adequacy is a major NQTL reviewed during an NQTL comparative analysis. Since these analyses are required by law, plans should begin integrating annual NQTL testing into their ongoing compliance evaluations. As a part of this process, plans will need to ask their network vendor about average appointment wait times, time and distance ratios, and provider-to-participant ratios. If there are deficiencies identified with network adequacy (including the directory), plans should actively engage in discussions with the network to resolve those matters and document the efforts undertaken to do so.
Enforcement
Regulators and legislators alike are taking note of the issues that result from ghost networks. The Senate Finance Committee released a study in 2023 that noted “more than 80% of listings for mental health providers were inaccurate or unavailable” for Medicare Advantage plans. The Employee Benefits Security Administration (EBSA), a division of the DOL, noted in the 2024 MHPAEA Report to Congress that network adequacy is a focal point during parity review for plans. It too conducted a “secret shopper” approach to assess network adequacy across nine different surveys and found an “alarming proportion of providers were unresponsive or unreachable.” It is expected that ghost networks will remain at the forefront of legislative and regulatory efforts for health care.
Beyond compliance: Equity of access to care
Legal compliance remains critical for self-funded plans, but ghost networks also undermine an employer’s other fundamental objectives of ensuring productivity and the wellbeing of their work force. Employees who run into barriers to access to care experience delayed treatment, prolonged absenteeism, and increased emergency room utilization, all of which drive up the costs borne by the self-funded plan. Ghost networks also compound these problems in rural and low-income areas which already have a dearth of providers available to begin with.
Ghost network problems expose the fault lines where regulation, administration, and patient experiences intersect. Hecht shows that courts are willing to treat inaccurate directories as fiduciary misrepresentations under ERISA. Meanwhile the MHPAEA treats these same issues as parity violations, and the NSA requires more direct oversight of network directories by plans. Combined, it is clear that illusory access is non-compliance.
For self-funded plans, the path forward should be one that is proactive, rather than reactive. By enforcing NSA standards, conducting parity testing, and working with their vendors to ensure adequate oversight of the network directory, plan sponsors can convert this compliance risk into an advantage by providing real, equitable access to care for plan participants. After all, a network’s value rests in the appointments and care its providers can deliver.
Bryan M. Dunton is a lawyer and a health benefit plan consultant with The Phia Group.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.