On Tuesday, December 13, the Centers for Medicare and Medicaid Services (“CMS”) issued a proposed rule (“New Proposed Rule”) to improve the prior authorization process and advance Interoperability, Medicaid managed care plans, state Medicaid and CHIP agencies, and qualified health plans (“QHPs”) on the Federal Facilitation Exchange (“FFE”) (collectively, “Affected Payers”).
This proposal builds on the May 2020 “CMS Interoperability and Patient Access” final rule (2020 Final Rule) and replaces the December 2020 “CMS Interoperability and Prior Authorization” proposed rule ( “2020 Proposed Rule”) while still developing or feedback on the proposal.
In a release, CMS Administrator Chiquita Brooks-LaSure said the new proposed rule “will streamline the prior authorization process and facilitate the sharing of healthcare data to improve the care experience among providers, patients and caregivers — helping us Addressing avoidable patient delays takes care and achieves better health outcomes for all.”
Improve the prior authorization process
The new proposed rule proposes several measures to improve the efficiency and transparency of the prior authorization process to address concerns about inefficiencies that lead to delays or interruptions in patient care and provider burnout. This would require affected payers to provide specific reasons for denying prior authorization requests and to report certain indicators regarding prior authorization. The proposal would require affected payers (other than QHP issuers on FFE) to send decisions urgently based on the patient’s medical condition, but no later than 72 hours for urgent requests and 7 days for non-urgent requests (MAO currently has 14 days time to respond) for non-emergency requests, Medicaid and CHIP timetables vary by state). CMS has solicited comments on possible alternative time frames and shorter response times, and asked about administrative or technical barriers that might prevent a faster response.
Affected payers are required to publicly report certain prior authorization indicators annually, including:
- All items and services that require prior authorization;
- Overall percentage of standard prior authorization requests approved;
- Overall percentage of standard prior authorization requests denied;
- Percentage of standard prior authorization requests approved on appeal;
- Percentage of approved prior authorization requests for extensions to review time limits;
- Overall percentage of Expedited Prior Authorization requests approved;
- Overall percentage of Expedited Prior Authorization requests that were denied;
- Average and median time between submission of a standard prior authorization request and a decision; and
- Average and median time between submission of expedited prior authorization request and decision.
The new proposed rule requires affected payers to report data to CMS for the previous calendar year by March 31 of each year, beginning with March 31, 2026 for the 2025 calendar year. New issuers or programs are not required to report data until the first full calendar year of compliance.
The proposal also requires affected payers to establish and maintain a Prior Authorization Request, Documentation, and Determination (“PARDD”) application programming interface (“API”) to support electronic Prior Authorization Interoperability Resource (“FHIR”) data format standard. The PARDD API will automate the process for providers to determine whether prior authorization is required, identify prior authorization information and documentation requirements, and facilitate the exchange of prior authorization requests and decisions from their electronic health records or practice management systems.
The new proposed rule also includes electronic pre-authorization measures for Merit-Based Incentive Payment System (“MIPS”) clinicians and critical hospitals (“CAH”) under Medicare.
Patient Access API
In a May 2020 final rule, CMS finalized a policy requiring affected payers to implement an HL7 FHIR-compliant Patient Access API software interface. In new proposed rules beginning in 2026, CMS proposes requiring affected payers to include information about patients’ prior authorization decisions to help patients better understand the prior authorization process and how it might affect their care. It is also required to report to CMS annual metrics on patient use of the Patient Access API.
Provider Access API
To move toward a value-based payment model, the new proposed rule would require affected payers to establish a vendor access API for payers to share patient data—specifically, patient claims and encounter data, excluding cost information, U.S. core data exchange Operational (USCDI) Version 1 Data Elements, and Prior Authorization Requests and Decisions – with in-network providers who have a therapeutic relationship with the patient beginning in 2026.
groom insight: The withdrawn December proposed rule proposed an opt-in patient consent model for provider access to APIs, but the new rule proposes an opt-out approach in response to reviewers’ overwhelming support for an opt-out model to avoid clinical and operational hurdles.
The May 2020 final rule requires that, at the patient’s request, affected payers must exchange certain patient health information, maintain that information, and create health records maintained with current payers. However, in December 2021, CMS announced that they would delay implementation of the policy until certain implementation challenges could be addressed in future rulemaking. CMS now proposes that when a patient transitions between health plans or has concurrent payers, payers use the Payer-to-Payer FHIR API to exchange patient data (including claims and encounter data, prior authorization requests and decisions, but not cost information ).
Unlike the opt-out approach proposed for the Provider Access API, CMS proposes an opt-in framework for the Payer-to-Payer API because providing accurate information about previous or current payers already requires affirmative action by the patient and certain legal and regulatory requirements apply to certain These procedures can make the opt-out process difficult to establish. However, CMS asked for comment on changes it could consider to allow the opt-out process.
The new proposed rule provides an exception process for QHPs on FFE per API requirement that would be conditioned on requesting and approving a narrative reason why the issuer was unable to meet the applicable program year requirements. This exception procedure may apply to small issuers, financially vulnerable issuers, or new entrants to FFEs that demonstrate that deployment of this proposed standards-based API technology would materially impede the issuer’s ability to provide coverage or services to patients, and QHP(s) that will not demonstrate issuer will result in patients having little or no plan options in certain areas.
groom insight: The exception process in the new proposed rule is consistent with the patient access API process in the 2020 CMS Interoperability and Patient Access 2020 Final Rule.
Request for Information (“RFI”)
- Barriers to standards adoption, and opportunities to accelerate adoption of standards related to social risk factor data;
- Regarding Advancing the Electronic Exchange of Behavioral Health Information Among Behavioral Health Providers – Seeking Comments on How CMS Can Utilize APIs and Other Solutions to Facilitate Electronic Data Exchange with These Providers;
- Regarding Improving the Electronic Information Exchange Between Providers in Medicare Fee-for-Service Programs – Seeking Comments on How the Program Can Support Improved Document Exchange Between Providers and Patients;
- Advancing the Trusted Transactions Framework and Mutual Agreement (“TEFCA”) – soliciting comments on their approach to encouraging payers to transact under TEFCA; and
- On Advancing Interoperability and Improving the Prior Authorization Process for Maternal Health Care – Seeking comments on evidence-based policies for using health IT, data sharing, interoperability, or changing prior authorization policies to improve maternal health outcomes.
CMS will accept comments until March 13, 2023.
 ocean US Interoperability Core Data (healthit.gov) (allergies and intolerances, assessments and treatment plans, care team members, clinical notes, goals, health issues, immunizations, laboratories, medications, patient demographics, issues, procedures, Provenance, smoking status, unique device identifier and vital signs of the patient’s implanted device.