CMS Proposed Rule on Advancing Interoperability and Improving Prior Authorization

The Centers for Medicare & Medicaid Services (CMS) (@CMSGov) is continuing to advance our interoperability goals and tackle process challenges related to prior authorization to increase efficiencies in health care. The proposals would place new requirements on Medicare Advantage (MA) organizations, state Medicaid and CHIP Fee-for-Service (FFS) programs, Medicaid managed care plans and Children’s Health Insurance Program (CHIP) managed care entities, and Qualified Health Plan (QHP) issuers on the Federally Facilitated Exchanges (FFEs), (collectively “impacted payers”), to improve the electronic exchange of health care data and streamline processes related to prior authorization. To encourage providers to adopt the electronic prior authorization processes, this proposed rule would also add a new measure for eligible hospitals and critical access hospitals (CAHs), under the Medicare Promoting Interoperability Program, and for Merit-based Incentive Payment System (MIPS) eligible clinicians, under the Promoting Interoperability performance category of MIPS.

Building on the technology foundation that was established in the May 2020 CMS Interoperability and Patient Access final rule (85 FR 25510), in concert, these policies would play a key role in increasing efficiency, reducing overall payer and provider burden, and improving patient access to health information.

This rule formally withdraws the December 2020 CMS Interoperability and Prior Authorization proposed rule (85 FR 82586), but incorporates the feedback we received from public commenters.

This proposed rule includes five key provisions and five Requests for Information:

Proposals

Patient Access Application Programming Interface (API)

In the Interoperability and Patient Access final rule (85 FR 25510), we finalized a policy to require certain impacted payers to implement a Health Level 7® (HL7®) Fast Healthcare Interoperability Resources® (FHIR®) Patient Access API. In this rule, starting January 1, 2026, via the already-established Patient Access API, we propose to require the regulated payers to include information about patients’ prior authorization decisions to help patients better understand their payer’s prior authorization process and its impact on their care.

This proposed rule would also require impacted payers to report annual metrics to CMS about patient use of the Patient Access API.

Provider Access API

In order to better facilitate coordination of care, and support movement toward value-based payment models, we are proposing to require impacted payers to build and maintain a Provider Access API to share patient data with in-network providers with whom the patient has a treatment relationship. We are proposing that they make patient claims and encounter data (excluding cost information), data elements identified in the United States Core Data for Interoperability (USCDI) version 1, and prior authorization requests and decisions available to in-network providers beginning January 1, 2026.

As this data would be shared upon the provider’s request, we are also proposing to require payers to provide a mechanism for patients to opt out of making their data available to providers through this API.

Payer-to-Payer Data Exchange on FHIR®

In the Interoperability and Patient Access final rule (85 FR 25510), we required that, at a patient’s request, certain impacted payers must exchange certain patient health information, and maintain that information, thus creating a longitudinal health record for the patient that is maintained with their current payer. While we encouraged payers to use an FHIR API for this data exchange, we did not require it. In December 2021, CMS announced enforcement discretion for this policy until identified implementation challenges could be addressed in future rulemaking; we seek to address those challenges in this proposed rule.

In an effort to ensure a patient’s data can follow them throughout their health care journey, we are proposing to require that payers would exchange patient data when a patient changes health plans with the patient’s permission. Those data would include claims and encounter data (excluding cost information), data elements identified in the USCDI version 1, and prior authorization requests and decisions. For all impacted payers, we are considering a proposal that would require this exchange only if the patient opts in to data sharing.

Finally, we are proposing that if an enrollee has concurrent coverage with two or more payers, these impacted payers must make the enrollee’s data available to the concurrent payer at least quarterly.

Improving Prior Authorization Processes

Prior authorization is an administrative process used in health care for providers to request approval from payers to provide items or services. The prior authorization request is made before those medical items or services are rendered. While prior authorization has a role in health care, in that it can ensure that covered items and services are medically necessary and covered by the payer, patients, providers, and payers alike have experienced burden from the process. It has also been identified as a major source of provider burnout, and can become a health risk for patients if inefficiencies in the process cause care to be delayed. Providers expend resources on staff to identify prior authorization requirements that vary across payers and navigate the submission and approval processes, which could otherwise be directed to clinical care. Patients may unnecessarily pay out-of-pocket or abandon treatment altogether when prior authorization is delayed. In an attempt to alleviate some of the burden of prior authorization processes and to improve the patient experience, we are proposing a number of policies to help make the prior authorization process more efficient and transparent.

Prior Authorization Requirements, Documentation and Decision (PARDD) API: We are proposing to require impacted payers to build and maintain a FHIR API (PARDD API) that would automate the process for providers to determine whether a prior authorization is required, identify prior authorization information and documentation requirements, as well as facilitate the exchange of prior authorization requests and decisions from their electronic health records (EHRs) or practice management system. We note that under HIPAA, covered entities are required to use the current adopted standard for prior authorization transactions, which is the X12 278 version 5010. This proposed rule does not propose to modify the HIPAA rules in any way, nor would they hinder the use of that standard.

Denial Reason: We are proposing to require impacted payers to include a specific reason when they deny a prior authorization request, regardless of the method used to send the prior authorization decision, to both facilitate better communication and understanding between the provider and payer and, if necessary, a successful resubmission of the prior authorization request.

Prior Authorization Time Frames: We are proposing to require impacted payers (not including QHP issuers on the FFEs) to send prior authorization decisions within 72 hours for expedited (i.e., urgent) requests and seven calendar days for standard (i.e., non-urgent) requests. We are, however, also seeking comment on alternative time frames with shorter turnaround times, for example, 48 hours for expedited requests and five calendar days for standard requests.

Prior Authorization Metrics: We are proposing to require impacted payers to publicly report certain prior authorization metrics by posting them directly on the payer’s website or via publicly accessible hyperlink(s) on an annual basis.

If finalized, these prior authorization policies would take effect January 1, 2026, with the initial set of metrics proposed to be reported by March 31, 2026.

Electronic Prior Authorization Measure for MIPS Eligible Clinicians and Hospitals and Critical Access Hospitals (CAHs)

We are proposing a new electronic prior authorization measure for MIPS eligible clinicians under the Promoting Interoperability performance category of MIPS, as well as for eligible hospitals and critical access hospitals (CAHs) under the Medicare Promoting Interoperability Program. To meet the measure, a prior authorization must be requested electronically from a PARDD API using data from certified EHR technology (CEHRT).

Under this proposal, MIPS eligible clinicians, eligible hospitals, and CAHs would be required to report the number of prior authorizations for medical items and services (excluding drugs) that are requested electronically from a PARDD API using data from CEHRT.

Interoperability Standards for APIs

In the December 2020 CMS Interoperability and Prior Authorization proposed rule (85 FR 82586), we proposed to require the use of certain Implementation Guides (IGs) for the implementation of the APIs in that proposed rule.

After careful consideration of these IGs, their development cycles, and CMS’ role in advancing interoperability and supporting innovation, we believe that while these IGs will continue to play a critical role in supporting interoperability, we are not ready to propose them as a requirement. These IGs will continue to be refined over time as stakeholders have the opportunity to test and implement with their technology. We will continue to monitor and evaluate the development of the IGs and for future rulemaking consideration. Therefore, while we are strongly recommending payers use certain IGs for the Patient Access, Provider Access, Payer-to-Payer, and PARDD APIs, we are not proposing to require their use.

Requests for Information (RFI)

Accelerating the Adoption of Standards Related to Social Risk Factor Data

We are reissuing our request for information on barriers to adopting standards, and opportunities to accelerate adoption of standards, related to social risk data. We recognize that social risk factors (e.g., housing instability, food insecurity) influence patient health and health care utilization. We further understand that providers in value-based payment arrangements rely on comprehensive, high-quality social risk data. Given the importance of these data, we look to understand how to better standardize and liberate these data.

Electronic Exchange of Behavioral Health Information

We are reissuing our request for information to inform potential future rulemaking on how to advance electronic data exchange among behavioral health providers. We seek comment on how CMS might leverage APIs, or other solutions, to facilitate electronic data exchange with behavioral health providers who have lagged behind other provider types in EHR adoption.

Improving the Electronic Exchange of Information in Medicare Fee-for-Service (FFS)

In the Medicare FFS program, the ordering provider or supplier can often be different from the rendering provider or supplier of items or services, which creates unique obstacles to the coordination of patient care and exchange of medical information needed to ensure accurate and timely payment. We seek comment on how Medicare FFS might best support improvements to the exchange of medical documentation between and among providers/suppliers and patients, as well as how we might best inform and support the movement and consistency of health data to providers for their use to inform care and treat patients.

Advancing the Trusted Exchange Framework and Common Agreement (TEFCA)

Earlier this year, the Office of the National Coordinator for Health IT (ONC) announced the release of the Trusted Exchange Framework and Common Agreement (TEFCA) Version 1. We believe that the ability for stakeholders to connect to networks enabling exchange under TEFCA can support and advance the payer requirements that we propose in this rule. We seek comment on how enabling exchange under TEFCA can support these proposals, as well as policies in the CMS Interoperability and Patient Access final rule. We also seek comment on our approach to incentivizing or encouraging payers to enable exchange under TEFCA.

Advancing Interoperability and Improving Prior Authorization Processes for Maternal Health

The Biden-Harris Administration has prioritized addressing the nation’s maternity care crisis, with both the White House and CMS issuing their coordinated approaches to addressing the crisis. We seek comment from the public on evidence-based policies we could pursue that leverage health IT, data sharing, and interoperability to improve maternal health outcomes. We also seek comment on leveraging the USCDI to address maternal health, as well as improving prior authorization policies that can negatively impact maternal health outcomes.

The proposed rule is available to review.

For more information, please visit the CMS website.