The Interoperability and Prior Authorization Final Rule has wide-ranging implications for payers, providers, and patients. Read on to learn more about its highly-anticipated provisions.
As part of its push to encourage interoperability and make health information more readily available across entities, the Centers for Medicare and Medicaid Services (CMS) issued its Interoperability and Prior Authorization Final Rule on January 17.
In what many providers are hailing as a big win, the rule outlines several provisions that streamline the prior authorization process, promote interoperability, and reduce administrative hurdles.
Let’s take a closer look at these provisions and how they stand to impact payers, providers, and patients.
Making Sense of the Provisions
One of the most significant rule requirements under the Interoperability and Prior Authorization Final Rule is the overhauling of the prior authorization process.
Beginning 2026, the final rule states that payers who fall under the jurisdiction of the CMS must send in prior authorization decisions to providers within 72 hours in urgent cases and in seven calendar days for standard requests. Furthermore, if a request is denied, payers will have to provide a specific reason for the same. This move will likely facilitate greater communication and transparency between payers, providers, and patients.
Impacted payers are also expected to publicly report specific prior authorization metrics on their website every year. The compliance date begins January 1, 2026.
Meanwhile, by 2027, payers are also expected to implement and maintain certain Health Level 7 Fast Healthcare Interoperability Resources (FHIR) APIs. This aims to improve the electronic exchange of healthcare data and further streamline prior authorization. Some notable provisions related to this interoperability include:
- Patient Access API: Impacted payers are expected to add information about prior authorization to the data available via the Patient Access API. The rule also mandates payers to report annual metrics related to this API usage to the CMS.
- Provider Access API: Impacted payers will have to implement and maintain a Provider Access API with individual claims and encounter data, data classes, and data elements in the USCDI, as well as specified prior authorization information.
- Payer-to-Payer API: Impacted payers must implement and maintain a Payer-to-Payer API to make available claims and encounter data, data classes, and data elements in the USCDI, and information about prior authorizations to improve care continuity when a patient changes payers.
- Prior Authorization API: Payers must implement and maintain a Prior Authorization API that contains information about its covered items and services, can identify documentation requirements for prior authorization approval, and supports a prior authorization request and response.
The rule further outlines the required standards and a recommended implementation guide for these APIs. A complete overview of this can be found on the CMS fact sheet.
The final rule also reduces the compliance burden. It also promotes flexibility by announcing that impacted payers that implement the Prior Authorization API will benefit from enforcement discretion under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, if they do not use the X12 278 standard.
Besides these measures, the CMS also encourages the increased adoption of the Prior Authorization API by adding a new measure for Merit-based Incentive Payment System (MIPS) under the Promoting Interoperability performance category and the Medicare Promoting Interoperability Program.
Who Do These Rules Impact?
The impacted providers include:
- Eligible hospitals and critical access hospitals (CAHs) participating in the Medicare Promoting Interoperability Program
- MIPs eligible clinicians participating in the MIPS Promoting Interoperability performance category
Impacted payers, meanwhile, include:
- Medicare Advantage (MA) Organizations
- State Medicaid and Children’s Health Insurance Program (CHIP) agencies
- Medicaid Managed Care Plans and CHIP Managed Care Entities
- Qualified Health Plan issuers on federally-facilitated exchanges
The Bottom Line
The Interoperability and Prior Authorization Final Rule has been widely welcomed by providers, who say increased interoperability and a streamlined prior authorization will help ease the burdens they face in providing patients with timely healthcare.
However, it’s essential to note that along with increased interoperability come heightened data concerns. As more providers gain access to healthcare information, more opportunities for data compromise open up. It’s essential for all parties impacted to make data security a priority.
FormDr, a service that allows providers to easily send and receive HIPAA-compliant forms online, was created on the foundations of interoperability. Join us to make the digital capture and transfer of patient information both efficient and secure.