Unlocking Health Care Efficiency: CMS Overhauls Prior Authorization in Landmark Interoperability Rule—What Payers Need to Know Now

On February 8, 2024, the Centers for Medicare and Medicaid Services (CMS) published the Interoperability and Prior Authorization final rule to stimulate change for long-standing challenges facing payers and providers, such as delays completing prior authorizations and hurdles exchanging critical patient data. The rule is expected to drive transformative outcomes across the health care ecosystem, reducing inefficiencies and yielding cost savings. It will require payers and providers to work together to implement numerous changes.

The rule will specifically impact Medicare Advantage, State Medicaid, Medicaid Managed Care, Children’s Health Insurance Program (CHIP) Fee-for-Service (FFS), CHIP Managed Care, and Qualified Health Plan (QHP) issuers on the Federally Facilitated Exchanges (FFEs) organizations. These entities need to take steps to ensure their analytics capabilities can support metrics reporting, data exchange technologies can leverage APIs securely, and relevant processes will support data transparency and reduce the burden in prior authorizations. 

Improving Payer and Provider Processes

By January 1, 2026, CMS will require impacted payers—excluding QHP issuers on the FFEs—to send prior authorization decisions for items and services (excluding drugs) in half the time currently required, with greater transparency.¹ The new decision timeframes are 72 hours for expedited requests and 7 calendar days for standard requests. Payers must also provide a specific reason when denying prior authorizations.

Impacted payers will also be required to report annually on certain prior authorization metrics from the previous calendar year by posting results on their public websites. This includes listing all items and services (excluding drugs) that require prior authorization, percentages of prior authorizations that were approved or denied, and the time payers take to respond to providers’ prior authorization requests. 

To drive improvements to prior authorization via FHIR^® APIs, CMS has implemented provider measures to complement payer metrics reporting. Two new provider measures are part of the CMS MIPS Promoting Interoperability incentive program for eligible clinicians and hospitals. The measures evaluate electronic prior authorization APIs from certified electronic health record technology. By having both payers and providers measure and report on these processes, CMS expects to see improvements. 

Integrating automation in the medical review process can help payers meet the new requirements, and by collaborating on making data exchange services mutually effective and efficient, providers and payers can realize net positive improvements and return on investments. 

API Requirements 

Payers are required to enhance some existing required FHIR^® APIs and implement 2 new FHIR^® APIs for data exchange by January 1, 2027, under the final rule. They must make the following available: 

• Enhance the Patient Access API to include information about prior authorization requests and decisions for items and services (excluding drugs), provider documentation used in decision-making, status, and reasons for denial. Information should be available no later than one business day after the payer receives the request, after any status change, and remain accessible for at least one year after the last status change in the prior authorization.
• Implement a new Provider Access API for payers to share data with providers, including claims and encounter data (without payment and cost information), USCDI data, and prior authorization information (excluding drugs). This API will be available to in-network providers with patients with a treatment relationship. Impacted payers must have a process to attribute providers and allow patients to opt out of releasing data to providers via this API. 
• A revised Payer-to-Payer Data Exchange API providing data from services that occurred within five years prior to the exchange request. Impacted payers must establish and maintain a process for beneficiaries to opt into the Payer-to-Payer Data Exchange at enrollment and verify the identity of the enrollee’s previous and concurrent payer(s) to facilitate data exchange. In the event an enrollee has concurrent payers, data will be exchanged on at least a quarterly basis. Payers supplying data in the exchange must respond within one business day. 
• A new Prior Authorization API will contain the list of covered items and services requiring prior authorization, identify documentation requirements, and support a provider’s prior authorization request and a payer’s response. Responses to prior authorization requests are to communicate whether the prior authorization is approved or denied (including a specific reason for the denial) or if additional information is required. 

In addition to the rule, CMS announced that HHS will use enforcement discretion to allow FHIR APIs for prior authorization to become the new compliance requirement while allowing those organizations currently using X12 278 transactions to incorporate required FHIR API capabilities. This is expected to resolve questions about HIPAA-required transactions and provide a way for trading partners to advance to using FHIR APIs. 

Impacted payers will also be required to provide plain language information to patients about the benefits of API data exchange with their providers and payers and their rights to opt in and out of these services. These resources are important to ensure that patients utilize their available services and can be informed participants in their care decisions. 

Payers and providers must work together, adopt standards for these FHIR APIs, and implement process automation to realize the improvements this rule requires. While this will require investment by both providers and payers, both can realize return on these investments applied with process improvements that are measured with the required metrics reporting. Both payers and providers will also benefit from transparency, reduced turnaround times, improved patient care, and patient satisfaction. 

Interoperability for Data Transparency and Reducing Burden of Prior Authorizations

By enhancing collaboration and embracing FHIR APIs and related technologies, providers and payers can equip themselves for advancements in interoperability. The CMS final rule specifies the latest federal requirements for patient-centric and transparent information sharing among patients, payers, and providers. This rule and other policies set the foundation and direction for improving health information sharing and prior authorization processes that will support better health outcomes and reduce inefficiencies and costs in health care.

Reference

1. Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Advancing Interoperability and Improving Prior Authorization Processes for Medicare Advantage Organizations, Medicaid Managed Care Plans, State Medicaid Agencies, Children's Health Insurance Program (CHIP) Agencies and CHIP Managed Care Entities, Issuers of Qualified Health Plans on the Federally-Facilitated Exchanges, Merit-Based Incentive Payment System (MIPS) Eligible Clinicians, and Eligible Hospitals and Critical Access Hospitals in the Medicare Promoting Interoperability Program. CMS-0057-F. CMS, Dept HHS. 

© 2024 HMP Global. All Rights Reserved.

Any views and opinions expressed are those of the author(s) and/or participants and do not necessarily reflect the views, policy, or position of First Report Managed Care or HMP Global, their employees, and affiliates.