Fake No Surprises Act IDR (Independent Dispute Resolution) balance-billing open-negotiation lure — "Out-of-network bill — open negotiation period expires in 30 days, action required via patient portal" targeting both patients and providers caught in NSA balance-billing disputes. NSA IDR backlog 2025-26 + CMS portal updates make the deadline-expiring framing credible. Real IDR submissions go through cms.hhs.gov / nsa-idr.cms.gov / portal-iv.cms.gov, never via third-party portal. Source: GC1 R8 multiagent council top-5 (S2 healthcare specialist).
no-surprises-act-balance-billing-idr-arbitration-lure
What this tier means
High-confidence threat indicator — phishing, impersonation, BEC, or scam pattern. Strong contributor to the trash decision.
How Gorganizer detects this
Fake No Surprises Act IDR (Independent Dispute Resolution) balance-billing open-negotiation lure targeting both patients and providers caught in NSA balance-billing disputes. The phish narrative arrives as: "No Surprises Act IDR open negotiation period for your out-of-network balance billing claim expires in 30 days — action required via patient portal," or "Out of network independent dispute resolution deadline expiring — submit through NSA IDR portal." The NSA IDR backlog 2025-26 (CMS reported 100,000+ disputes pending decision Q4 2025) plus ongoing CMS portal updates make the deadline-expiring framing credible enough that even patients with active legitimate disputes can't pattern-match the phish. Lookalike portals harvest insurance member-ID, DOB, billing-zip, claim-number, and provider NPI — sufficient data for downstream insurance-claim fraud and synthetic-identity creation. Real NSA IDR submissions go through cms.hhs.gov / nsa-idr.cms.gov / portal-iv.cms.gov; CMS never demands portal re-authentication via inbound email link, and the open-negotiation period under NSA Section 9817 has fixed regulatory timelines (30 business days from the QPA notice) that legitimate notices reference precisely, not vaguely. Compromised victims face illegitimate balance-billing settlements credited to attacker-controlled accounts plus PHI exposure. Distinct from generic-medical-bill-collection lures — this signal is specifically the No Surprises Act / IDR / open-negotiation regulatory framing. Fires when body references No Surprises Act / NSA / balance billing / out-of-network / independent dispute / IDR / open negotiation AND contains deadline / expires / action-required / portal / submit / negotiation-period urgency. Excludes cms.hhs.gov, cms.gov, nsa-idr.cms.gov, hhs.gov, and the broader .gov umbrella. Auto-classified as danger via the `-lure` suffix. Source: GC1 R8 multi-agent council top-5 (S2 healthcare specialist).
False-positive guard
Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a threat-tier signal — it adds a strong contribution to the trash score. The full pipeline still requires convergence across multiple modules + a margin over the safety floor before deletion happens, and Gmail's trash (30-day recovery) is always used — never permanent delete.
About the scoring engine
Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.
Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.
Ready to clean your inbox?
Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.
Get started