Advancing Interoperability and Improving Prior Authorization Processes

The final rule aims to advance interoperability by requiring health plans to implement application programming interfaces (APIs) that allow patients to access their medical records electronically. This means patients will have easier access to their health information.

The rule also introduces a new prior authorization process that will help reduce delays and improve patient care. The new process requires health plans to respond to prior authorization requests within a specific timeframe, reducing the average response time from 15 days to 3-5 days.

Under the new rule, health plans must provide a clear explanation for denying a prior authorization request, including the specific reason for the denial and any additional information required to complete the request. This increased transparency will help reduce administrative burdens and improve patient outcomes.

Patients will also have more control over their health information, as the rule requires health plans to provide patients with electronic copies of their medical records within 3 business days of a request.

Explore further: Prior Authorization Process Flow

Healthcare providers will be impacted by FHIR API reporting obligations, particularly concerning FHIR API prior authorization obligations.

Clinicians and hospitals will have to adapt to these new requirements, which could bring about changes in their workflow and operations.

The Provider Directory API is a policy that requires Medicare Advantage, Medicaid, and CHIP plans to make provider directory information available through a standards-based API.

This API enables beneficiaries to find and select healthcare providers based on location, specialty, and other criteria, making it easier for them to choose the right care.

A fresh viewpoint: United Healthcare Wegovy Prior Authorization

As a healthcare provider, it's essential to be aware of the new rules regarding prior authorization decisions. Beginning in 2026, Impacted Payers must provide a specific reason for denied prior authorization decisions.

Providers should also be aware that Impacted Payers must send prior authorization decisions within 72 hours for expedited requests and seven calendar days for standard requests. This is a significant change that will impact the way you interact with payers.

You'll also need to keep track of the new reporting requirements. Impacted Payers must publicly report specific prior authorization metrics annually, with the first set of metrics due by March 31, 2026.

The Provider Directory is a valuable resource for finding healthcare providers. It's a policy that requires Medicare Advantage, Medicaid, and CHIP plans to make provider directory information available.

The Provider Directory API enables beneficiaries to find and select healthcare providers based on location, specialty, and other criteria. This makes it easier for people to get the care they need.

Medicare Advantage, Medicaid, and CHIP plans are required to make provider directory information available. This ensures that people have access to accurate and up-to-date information about healthcare providers.

The Provider Directory API is a standards-based API, which means it uses a common set of rules and protocols to ensure seamless integration and access to provider directory information.

Recommended read: Bcbs Medicare Advantage Prior Authorization List

Healthcare providers will be impacted by FHIR API reporting obligations, particularly concerning FHIR API prior authorization obligations.

Clinicians and hospitals will need to adapt to the new requirements, which will likely involve changes to their electronic health record (EHR) systems. The Provider Access API requires payers to build and maintain a Provider Access API to share patient data with in-network providers with whom the patient has a treatment relationship.

Here's an interesting read: What Is a Exclusive Provider Organization

This means that providers will have access to patient data within one business day of the provider's request, thanks to the Provider Access API. Impacted Payers must provide this information within one business day of the provider's request.

The Provider Directory API is a policy that requires Medicare Advantage, Medicaid, and CHIP plans to make provider directory information available through a standards-based API. This will enable beneficiaries to find and select healthcare providers based on location, specialty, and other criteria.

The new requirements must be implemented by Jan. 1, 2027, for Medicare Advantage organizations, state Medicaid and CHIP fee-for-service programs, Medicaid managed care plans other than nonemergency medical transportation, prepaid ambulatory health plans, CHIP managed care entities, and QHP issuers on the FFEs.

Expand your knowledge: Bcbs Medicare Prior Authorization

The Patient Access API is a game-changer for patients, allowing them to access their health information with ease. This API is a requirement for Medicare Advantage, Medicaid, and CHIP plans, which must provide beneficiaries with access to their claims and encounter data through a standards-based API.

Impacted Payers must implement this API to provide patients with access to their health information. This includes prior authorization information, which is a crucial component of a patient's data set. Prior authorization status, date of approval or denial, and items and services approved are just a few examples of the information that must be made available.

In cases of a prior authorization denial, Impacted Payers must provide a specific rationale for this determination. This requirement applies to all Impacted Payers, except for those covering drugs.

Here's a breakdown of the prior authorization information that must be shared via the Patient Access API:

This information must be made available no later than one business day after the Impacted Payer receives a prior authorization request, and updated no later than one business day after any status change.

To better understand how patients access data made available through the Patient Access API, Impacted Payers must post certain prior authorization metrics on their websites or through publicly accessible hyperlinks annually. These metrics include:

The first set of metrics is required to be publicly reported by March 31, 2026. Going forward, all Impacted Payers must report the previous calendar year's metrics to CMS by March 31 following any year that they offered that type of plan.

Broaden your view: Prior Year Accruals

The Interoperability aspect of the Final Rule is a significant step forward in making electronic health information more accessible. The rule requires health plans to exchange certain types of health information, such as claims data and encounter data, with other health plans and with patients through APIs. This will facilitate care coordination and continuity of care for beneficiaries who switch health plans.

Impacted Payers must implement and maintain a Payer-to-Payer API to make available claims and encounter data, data classes and data elements in the USCDI, and information about certain prior authorizations. Payers are only required to share patient data with a date of service within five years of the request for data.

Here are some key dates for the Payer-to-Payer API requirements:

The Payer-to-Payer API will help patients access their health information more easily, and Impacted Payers must provide plain-language educational resources to patients explaining the benefits of the data exchange and their ability to opt in.

Health information exchange is a crucial aspect of interoperability, and the CMS Interoperability and Prior Authorization Final Rule has made significant strides in this area. The rule requires health plans to exchange certain types of health information, such as claims data and encounter data, with other health plans and with patients through APIs.

This exchange of health information is designed to promote care coordination and continuity of care for beneficiaries who switch health plans. The rule also requires Medicare Advantage, Medicaid, and CHIP plans to exchange certain types of health information, such as claims and encounter data, with other health plans upon beneficiary request.

The Payer-to-Payer Data Exchange policy requires Medicare Advantage, Medicaid, and CHIP plans to exchange claims and encounter data with other health plans upon beneficiary request. This policy aims to promote care coordination and continuity of care for beneficiaries who switch health plans.

Here are some key details about the Payer-to-Payer Data Exchange policy:

The rule also establishes a new Electronic Prior Authorization attestation measure as part of the Merit-Based Incentive Payment System (MIPS) and the Medicare Promoting Interoperability Program. This measure requires eligible clinicians, hospitals, and critical access hospitals (CAHs) to attest to submitting an electronic prior authorization request for medical items or services (excluding drugs) at least once per year beginning in 2027.

A fresh viewpoint: Electronic Medical Billing

CMS is finalizing a new measure, "Electronic Prior Authorization", to the Health Information Exchange objective for the MIPS Promoting Interoperability performance category.

This measure will encourage utilization of Prior Authorization APIs, which can help streamline the prior authorization process and reduce administrative burdens.

MIPS-eligible clinicians will report the Electronic Prior Authorization measure starting with the Calendar Year (CY) 2027 performance period/CY 2029 MIPS payment year.

Eligible hospitals and critical access hospitals will begin reporting with the 2027 EHR reporting period.

The measure will be an attestation measure, where MIPS-eligible clinicians report a yes/no response or claim an applicable exclusion rather than a numerator/denominator.

You might enjoy: Does Medical Debt Go on Your Credit Report

The final rule impacts a range of payers, including Medicare Advantage, Medicaid, and Qualified Health Plan issuers.

Medicare Advantage and Medicare Advantage/Part D plans, as well as state Medicaid and Children's Health Insurance Program (CHIP) fee-for-service programs, are subject to the rule.

Medicaid managed care plans and CHIP managed care entities, and Qualified Health Plan (QHP) issuers on the Federally Facilitated Exchanges (FFEs) are also impacted.

You might enjoy: Medicaid Managed Care Organization

The rule requires impacted payers to provide a specific reason for denied prior authorization decisions starting in 2026.

Impacted payers must publicly report certain prior authorization metrics on their website by March 31, 2026.

The rule introduces new timeframes for prior authorization decisions, but some stakeholders had called for quicker turnaround times.

CMS finalized proposals to require impacted payers to implement and maintain APIs to improve patient access to data, to facilitate care coordination among providers and to support care continuity.

The requirements for the Patient Access, Provider Access, Payer-to-Payer and Prior Authorization APIs must be met by January 1, 2027.

State Medicaid and CHIP FFS programs may apply for certain extensions or exemptions to the Provider Access, Payer-to-Payer and/or Prior Authorization API requirements.

An exception process is also available to issuers applying for QHP certification that cannot satisfy the requirements for the Provider Access, Payer-to-Payer and Prior Authorization APIs.

The rule's API requirements will take effect on January 1, 2027, which is a one-year implementation delay from what was proposed.

Prior authorization process changes and timeframe requirements begin in 2026.

Impacted payers must report required prior authorization metrics by March 31, 2026.

CMS estimates that this rule will result in at least $16 billion in savings, primarily for providers, over 10 years.

The requirements in the rule explicitly exclude prescription drugs and do not apply to employer-sponsored insurance plans or Medicare FFS.

Here are the impacted payers that must comply with the new rule:

The CMS-0057-F Rule has several important interoperability impacts. One of them is the requirement for health plans to provide a standard, machine-readable file to the public, which will help with price transparency.

This file will contain detailed information about in-network providers, including their rates and any cost-sharing requirements. The goal is to give patients more control over their healthcare costs.

Another important impact is the prohibition on gag clauses, which prevent providers from discussing the cost of care with patients. This will help patients make informed decisions about their care.

Gag clauses have been a major obstacle to price transparency, and their prohibition is a significant step forward.

A different take: Help with Medical Bills Colorado

With the new interoperability and prior authorization final rule, patients will have greater access to their health information. This is a major shift towards putting patients at the center of their own care.

Patients will be able to access their claims and encounter data through a standards-based API, known as the Patient Access API. This API will enable patients to share their health information with third-party applications of their choice.

Impacted Payers must provide prior authorization information through the Patient Access API, including prior authorization status, date of approval or denial, and items and services approved. This information must be made available no later than one business day after the prior authorization request is received.

The Patient Access API will also allow patients to access data made available through the API, including the total number of unique patients whose data is transferred via the API to a health app designated by the patient.

See what others are reading: Anthem Medical Data Breach

To make it easier for patients to access their data, Impacted Payers must post certain prior authorization metrics on their websites or through publicly accessible hyperlinks annually. These metrics will include the total number of unique patients whose data is transferred via the API to a health app designated by the patient.

Here are the metrics that Impacted Payers must report annually:

Providers will also have greater access to patient data through the Provider Access API. This API will allow providers to access individual claims and encounter data, as well as prior authorization information.

Impacted Payers must provide this information within one business day of the provider's request.