Applied Policy ®

Menu

CMS and ONC Adopt Prior Authorization Reforms and Changes to Improve the Electronic Exchange of Health Care Data (CMS-9123-F) 01.15.2021

On January 15, 2021, the Centers for Medicare & Medicaid Services (CMS), working with the Office of the National Coordinator for Health Information Technology (ONC), issued a press release, fact sheet, and an unpublished final rule that aims to increase the electronic exchange of health care data and improve prior authorization processes. This final rule builds upon the recent Interoperability and Patient Access rule (CMS-9115-F)[1] and includes five key provisions for Medicaid and CHIP[2] programs (fee-for-service and managed care) as well as qualified health plans (QHPs) on Federally-Facilitated Exchanges:

  • Patient Access Application Programming Interface (API)[3] [these provisions begin in 2023]
    • Payers are required to include claims/encounter and prior authorization data
    • Payers are required to implement an attestation process for third-party developers
    • Payers are required to report annual metrics about patient use of the Patient Access API
  • Provider Access APIs [this provision begins 2023]
    • Payers are required to build and maintain a Provider Access API and include claims/encounters and prior authorization data as well as certain clinical data
  • Prior Authorization through APIs [these provisions begin in 2024]
    • Payers are required to build and maintain FHIR-based APIs for a Documents Requirements Lookup Service (DRLS) and Prior Authorization Support (PAS)
    • Payers are required to include a specific reason when denying a prior authorization request
    • Payers are required to send prior authorization decisions within 72 hours for urgent requests and 7 calendar days for standard requests (this provision does not include QHPs)
    • Payers are required to report operational metrics on their prior authorization program
  • Payer-to-Payer APIs[4] and other Data Exchange [these provisions begin in 2023]
    • Payers are required to exchange patient data using the FHIR-based API
    • Payers are required to share claims/encounter and prior authorization data as well as certain clinical data at enrollment in a new plan
  • Health Information Technology Implementation Specifications
    • Adopts the implementation specifications for use across HHS in order to provide a unified approach to interoperability and foster consistency across the nation’s health IT infrastructure

This final rule is scheduled to be effective 60 days after publication.[5]

Background

In the CMS Interoperability and Patient Access final rule (85 FR 25510) that was published on May 1, 2020, the Agency finalized policies impacting Medicare Advantage organizations (MAOs), state Medicaid and CHIP fee-for-service (FFS) programs, Medicaid managed care organizations (MMCOs), CHIP managed care entities, and QHP issuers on the Federally-Facilitated Exchanges (FFEs). These policies included the requirement that these plans and programs build and maintain application programming interfaces (APIs) that improve patient access and increase the electronic exchange of health care data. In this final rule, CMS builds on and expands the foundation that was set in the Interoperability and Patient Access final rule.

For example, in this final rule, CMS includes state Medicaid and CHIP FFS programs in the payer-to-payer data exchange policies whereas they were excluded in the Interoperability and Patient Access final rule (85 FR 25564 through 25569). Though CMS does not include any additional requirements for MAOs in this final rule, the Agency believes that they will implement provisions of this rule because their parent companies often cross multiple lines of business, some of which are covered by this rule.

Prior Authorization: Policies to Reduce Burden

Prior authorization is an administrative process for providers to request approval from payers prior to providing a medical services, prescription, or supply. CMS identified prior authorization as a major source of provider burnout and patient non-adherence to recommended medical therapies. CMS now finalizes the following policies to help streamline prior authorization processes:

  • Document Requirement Lookup Services (DRLS) API: requires payers to build and maintain Fast Healthcare Interoperability Resources (FHIR)-enabled DRLS API that integrates with a provider’s electronic health record (EHR) and allows providers to locate prior authorization requirements
  • Prior Authorization Support (PAS) API: requires payers to build and maintain FHIR-enabled electronic PAS API that can send prior authorization requests and receive responses electronically
  • Denial Reason: requires payers to include specific reason for denying a prior authorization request
  • Prior Authorization Timeframes: requires payers to send prior authorization decisions within 72 hours for urgent requests and 7 calendar days for standard requests
  • Prior Authorization Metrics: requires payers to report their prior authorization data publicly, including average time between submission and determination and percent of requests approved, denied, or approved after appeal

These requirements take effect in 2024.

Payer-to-Payer: Policies to Increase Data Exchange

In order to increase data flow among payers, CMS finalizes the following policies:

  • Payer-to-Payer API: requires payers to exchange data via a FHIR-based API as well as claims and encounter data (not including cost) and any prior authorization decisions at a patient’s request
  • Payer-to-Payer Data Exchange at Enrollment: requires payers to share claims and encounter data (not including cost) and any prior authorization decisions at the time of patient enrollment so that patients’ health information can move with them from one payer to another

These requirements will take effect in 2023.

Payer-to-Patient: CMS Extends Patient Access APIs

The Interoperability and Patient Access final rule required certain payers to implement and maintain standards-based Patient Access and Provider Directory APIs. In this rule, CMS expands upon these APIs and requires payers to include information about pending and active prior authorization decisions. In addition, impacted payers will also be required to have an attestation process for third-party app developers to attest to meeting certain privacy requirements prior to retrieving data. Finally, payers will be required to report metrics to CMS regarding patient use of the Patient Access API.

These requirements take effect in 2023.

Payer-to-Provider: CMS Sets Expectations for Payers to Share Data with Providers

In order to facilitate value-based care and improve care coordination, CMS finalizes policies in this rule that require impacted payers to build and maintain a Provider Access API for payer-to-provider data sharing. CMS requires that this API include claims/encounter and prior authorization data as well as a sub-set of clinical data as defined in the U.S. Core Data for Interoperability (UCDI) version 1.[6]

These requirements take effect in 2023.

Standards: CMS/ONC Coordinate Approach to APIs

In this rule, ONC and CMS adopt a standardized approach to health information technology implementation specifications for APIs used in health care operations. In the fact sheet, CMS states:

“By ONC adopting these implementation specifications in this way, CMS and ONC together work to ensure a unified approach to advancing standards in HHS that adopts all interoperability standards in a consistent manner, in one location, for use by individuals and entities in the public and private sectors. Adopting the specified implementation guides (IGs) to support implementation of the APIs is expected to ensure full interoperability of the APIs and reduce implementation burden.”

 

[1]   85 Fed. Reg. 25510

[2]   Children’s Health Insurance Program (CHIP) provides health coverage to eligible children via Medicaid or separate CHIP programs.

[3]  The Interoperability and Patient Access rule (CMS-9115-F) requires certain payers to implement the HL7 Fast Healthcare Interoperability Resources (FHIR)-based Patient Access API. More info on FHIP is found at: https://www.hl7.org/fhir/.

[4]   The Interoperability and Patient Access rule (CMS-9115-F) requires certain payers to exchange patient health information and recommends the use of an HL7 FHIR-based API for this purpose. More info on FHIP is at: https://www.hl7.org/fhir/.

[5]   The proposed rule went on display on 12/18/2020, which provided little time for comments. Provisions in this final rule are expected to be challenged by both stakeholders and the incoming Administration on both procedural and policy grounds.

[6] https://www.healthit.gov/isa/united-states-core-data-interoperability-uscdi