CMS recently issued a final rule to require health care payers to improve communications between the payers, providers and patients and to improve the prior authorization processes (“Final Rule”). The Final Rule aims to improve electronic exchange of health care data with a particular focus on improving the prior authorization process through the implementation of new requirements for a variety of payers related to Application Program Interfaces (“API”). The Final Rule also imposes additional reporting requirements under the Medicare Promoting Interoperability Program for eligible hospitals and critical access hospitals and for eligible clinicians reporting under the Promoting Interoperability performance category of the Merit-Based Incentive Payment System.
The improved information requirements apply to the following payers, including:
- Medicare Advantage plans;
- Medicaid and Children’s Health Insurance Program (“CHIP”) managed care plans;
- State Medicaid and CHIP fee-for-service payers; and
- Qualified Health Plans only in the Federally Facilitated Exchanges.
Medicare fee for service payers are not included in this regulation, nor are payers in the private health insurance or managed care market (such as employer-sponsored health plans or other health insurance sold in the private market).
Below is a more detailed discussion of each API established under the Final Rule and related requirements, including implementation deadlines.
Prior Authorization API and Other Prior Authorization Requirements
A lack of transparency between payers and providers is a significant cause of prior authorization denials. This process can lead to delays in necessary care, as well as immense frustration among providers and patients. The Final Rule requires payers to establish a Prior Authorization API to streamline the prior authorization process for payers, providers and patients.
Specifically, the Final Rule requires payers to send providers notice of prior authorization determinations and the specific reason for denial if such authorization is denied. Additionally, payers are required to respond to Prior Authorization requests within designated timeframes. These process-related requirements will have an implementation deadline of January 1, 2026.
In addition, providers will be able to use this Prior Authorization API to:
- Identify whether that payer requires prior authorization for an item or service.
- Allow providers to request the necessary documentation requirements for that item or service which will be automatically compiled for the provider by the API.
- Allow providers to populate these prior authorization requests directly from its practice management system.
The implementation deadline for this API is January 1, 2027.
Patient Access API
The Final Rule requires payers to establish and maintain a Patient Access API to facilitate and allow for patients to easily access their health data, including claim information, clinical data, test results, patient cost-sharing information and decisions regarding prior authorization requests. This Patient Access API must be established by January 1, 2027.
Provider Access API
In an effort to improve coordination of care, and a push toward value-based care, the Final Rule requires payers to also implement a Provider Access API. This API will allow providers to access current patient data from payers, such as claim adjudications, encounter data and information regarding prior authorizations. This API must be implemented by January 1, 2027.
Payer-to-Payer Exchange API
The Final Rule will also require payers to establish and maintain a Payer-to-Payer API to support a patient’s continued access to his or her health data when that patient changes insurance carriers. Similar to the other APIs, this Payer-to-Payer Exchange API allows access to information regarding past adjudicated claims, encounter data and information about patients’ prior authorizations. This Final Rule will also require impacted payers to request data from a new enrollee’s previous payer (upon enrollee approval) within one week of the start of this enrollee’s coverage. If a patient has two or more concurrent payers, these payers must exchange patient data quarterly to ensure all payers have a complete patient record. Payers are expected to be in compliance with this API requirement by January 1, 2027.
Practical Takeaways
- These APIs will hopefully lead to increased transparency between payers, providers and patients, as well as significant cost savings in the health care industry.
- While implementation deadlines for the establishment of APIs remain years away (January 1, 2027), implementing these APIs will take significant time and resources. Payers should begin developing these APIs as soon as possible to ensure timely compliance.
- Payers must publicly report compliance with prior authorization metrics and report to CMS certain specified metrics about patient data requests made using the Patient Access API on an annual basis.
- Part D-covered drugs are not included in prior authorization rules or development of the application of APIs. However, DME is included in these prior authorization rules and the application of the APIs.
CMS’s Office of Burden Reduction & Health Informatics is hosting a virtual education session on March 26, 2024, from 1:00 to 2:00 PM ET to provide additional information and answer questions related to the Final Rule.
For questions or additional information, please contact:
- Sue Andersen at (301) 785-3996 or sandersen@hallrender.com;
- Lori Wink at (414) 721-0456 or lwink@hallrender.com;
- Lisa Lucido at (248) 457-7812 or llucido@hallrender.com;
- Kaitlin Nucci at (248) 457-7838 or knucci@hallrender.com;
- Your primary Hall Render contact.
Hall Render blog posts and articles are intended for informational purposes only. For ethical reasons, Hall Render attorneys cannot—outside of an attorney-client relationship—answer specific questions that would be legal advice.
