CMS Proposed Rule to Require API Implementations for Prior Authorization, Data Sharing

Dec. 11, 2020
The proposed rule builds on the CMS Interoperability and Patient Access final rule released earlier this year

A new proposed rule released by the Centers for Medicare & Medicaid Services (CMS) would require payers in certain federal programs to build application programming interfaces (APIs) to support data exchange and prior authorization.

The rule, if finalized, would require payers in Medicaid, CHIP and QHP programs to build APIs, which federal officials note “allow two systems, or a payer’s system and a third-party app, to communicate and share data electronically.” Payers would be required to implement and maintain these APIs using the Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) standard, according to the proposal. On behalf of HHS, the Office of the National Coordinator for Health IT (ONC) is also proposing to adopt certain standards through an HHS rider on the CMS proposed rule.

The CMS rule proposes significant changes around prior authorization—an administrative process used in healthcare for providers to request approval from payers to provide a medical service, prescription, or supply before a service is rendered—aiming to alleviate some of the administrative burden prior authorization causes healthcare providers, according to officials. “Medicaid, CHIP and QHP payers would be required to build and implement FHIR-enabled APIs that could allow providers to know in advance what documentation would be needed for each different health insurance payer, streamline the documentation process, and enable providers to send prior authorization requests and receive responses electronically, directly from the provider’s EHR or other practice management system,” the proposal outlines.

The proposed rule would also reduce the amount of time providers wait to receive prior authorization decisions from payers—the rule proposes a maximum of 72 hours for payers, with the exception of QHP issuers on the FFEs, to issue decisions on urgent requests and seven calendar days for non-urgent requests. Payers would also be required to provide a specific reason for any denial, which will allow providers some transparency into the process, CMS contends. To promote accountability for plans, the rule also requires them to make public certain metrics that demonstrate how many procedures they are authorizing. 

CMS Administrator Seema Verma said in a statement that “Prior authorization is not only a leading source of burden, it is also a primary source of provider burnout, and takes time away from treating patients. If just a quarter of providers took advantage of the new electronic solutions that this proposal would make available, the proposed rule would save between 1 and 5 billion dollars over the next ten years. With the pandemic placing even greater strain on our healthcare system, the policies in this rule are more vital than ever.”

These policies, taken together, “could lead to fewer prior authorization denials and appeals, while improving communication and understanding between payers, providers, and patients. They are the result of numerous listening sessions with plans and providers aimed at crafting a new process that balances the need for greater efficiency and consistency in prior authorization and its important role in preventing fraud, abuse, and unnecessary expenditures,” according to CMS.

The proposed rule builds on the CMS Interoperability and Patient Access final rule released earlier this year. For example, in that rule CMS finalized its policy to require a select group of CMS-regulated payers to implement a FHIR-based Patient Access API. In this new proposed rule, starting January 1, 2023, CMS would require impacted payers to include, as part of the already established Patient Access API, information about the patient’s pending and active prior authorization decisions. This proposed rule would also require impacted payers to establish, implement, and maintain an attestation process for third-party application developers to attest to certain privacy policy provisions prior to retrieving data via the payer’s Patient Access API. And, this rule would require impacted payers to report metrics quarterly about patient use of the Patient Access API to CMS to assess the impact the API is having on patients, CMS has outlined.

While Medicare Advantage plans are not included in these proposals, CMS said it is considering whether to do so in future rulemaking. In a reactionary statement to the proposal, the Medical Group Management Association’s (MGMA) senior vice president, government affairs, Anders Gilberg, noted that “By excluding Medicare Advantage plans from new prior authorization requirements, CMS fails to ensure widespread adoption of standards that could have a major impact. This issue alone will be at the crux of our comments on today’s proposal.” Premier, Inc. senior leaders had the same opinion regarding the exclusion of Medicare Advantage plans, though the organization’s senior vice president of public affairs Blair Childs, added that “Requiring the use of open FHIR-based APIs and other interoperability standards, as well as increased data sharing between payors and providers, will streamline what is now a manual, burdensome and costly process that can lead to delayed care and patient harm. We urge the Biden Administration to continue and build on this work.”

A fact sheet on the proposed rule can be viewed here.

Sponsored Recommendations

Trailblazing Technologies: Looking at the Top Technologies for the Emerging U.S. Healthcare System

Register for the first session of the Healthcare Innovation Spotlight Series today to learn more about 'Healthcare's New Promise: Generative AI', the latest technology that is...

Data: The Bedrock of Digital Engagement

Join us on March 21st to discover how data serves as the cornerstone of digital engagement in healthcare. Learn from Frederick Health's transformative journey and gain practical...

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...