There are inadequate consumer protections from harmful medical billing practices that result in unavoidable, unexpected, and often financially devastating medical bills. The problem stems from the increasing costs shifting to patients in American health care and the inordinate complexity that makes health care transactions nearly impossible for consumers to navigate. A particularly outrageous example is the phenomenon of surprise medical bills, which refers to unanticipated and involuntary out-of-network bills in emergencies or from out-of-network providers at in-network facilities. Other damaging medical billing practices include the opaque and à la carte nature of medical bills, epitomized by added “facility fees,” as well as harsh medical debt collection and credit reporting practices. The impetus of this article was driven by the simple questions: Are these harmful health care billing practices legal? And if so, what can be done to protect patients as consumers? The questions are simple but the answers are not. This article canvasses a growing body of financial protections under federal and state law for health care consumers and concludes that, notwithstanding these significant efforts, consumer financial protections are inadequate for most health care consumers in the United States. This article sets forth a model set of policy reforms that build upon state reforms to protect health care consumers. The biggest gaps in protection, however, are structural—the federal Employee Retirement Income Security Act of 1974 (ERISA) preempts many state efforts to protect the large and growing number of health care consumers who are insured by self-funded employer health plans. Despite salutary state innovation in the area of patient financial protection, ERISA’s growing preemptive sweep means a federal solution is necessary to protect all health care consumers from medical-billing abuses.