On December 6, 2022, CMS proposed a new rule on healthcare interoperability titled “Advancing Interoperability and Improving Prior Authorization” (CMS-0057-P). The proposed rule was formally announced in the Federal Register on December 13, 2022, kicking off a 90-day public comment period that ends March 13, 2023. Following the comment period, CMS will review submitted comments with the aim of publishing a final rule, which may be available as early as mid-2023.
The proposed rule has a few provisions that would go into effect when the final rule is published, although most provisions are planned to go into effect at the beginning of 2026. CMS proposed effective dates three years into the future based on experience CMS and covered entities had to comply with previous interoperability rules. This window of time considers the time covered entities needed to recruit and train staff and to update or build APIs and operational procedures. Payers and providers will need to act soon and collaborate now through mid-2025 to meet the effective date.
The “Advancing Interoperability and Improving Prior Authorizations” proposed rule enhances provisions of the Interoperability and Patient Access Final Rule of 2020 (CMS-9115-F) and formally withdraws the December 2020 CMS Interoperability proposed rule (CMS-9123-P). Although there are some differences, much of the direction of the December 2020 proposed rule is included in the new proposed rule, particularly the sharing of prior authorization decisions/status with patients. The new proposed rule applies prior authorization requirements for items and services and excludes prescription drugs. It also includes five main proposals, five requests for information (RFIs), and CMS’ current position of recommending rather than requiring interoperability standards for APIs. To help clarify the new proposed rule, CMS has provided a fact sheet in addition to the formal publication in the Federal Register.
What are the main provisions in the “Advancing Interoperability and Improving Prior Authorization” proposed rule?
1. Addition of information about prior authorization decisions to the existing Patient Access API requirement.
To help patients better understand payer processes for prior authorizations and the impact they have on care, CMS proposes to require impacted payers to include information about their prior authorization decisions. The proposed rule requires payers to include information about prior authorization requests and decisions (and related administrative and clinical documentation) for items and services available to patients via the Patient Access API. Additionally, payers are required to do so no later than one business day after the payer receives the prior authorization request or after another type of status change/update for the prior authorization. The proposed rule provides some general examples for any meaningful change payers make to the prior authorization request or decision that requires an update to the patient, such as:
Prior authorization status
Date approved or denied
Date or circumstance authorization ends
Approved items and services
Quantity used to date
Any materials provider sends to payer to support decision (e.g., structured or unstructured data, including lab results, scores or assessments, past medications or procedures, progress notes, or diagnostic reports).
When a prior authorization is denied, a specific reason for the denial is to be included.
2. Creation of a Provider Access API
Much like the Patient Access API from the final rule of 2020, the Provider Access API requires payers to make claims and encounter data available to providers. The data to be made available through the Provider Access API is specified in the US Core Data for Interoperability (USCDI) version 1, although excluding cost information and including prior authorization requests and decisions. In-network providers who have a treatment relationship with the patient would have access to data via the Provider Access API. Requirements for the Provider Access API also require payers to provide a mechanism for patients to opt out of making their data available to providers through this API.
3. Payer-to-Payer Data Exchange on FHIR
With payer-to-payer data exchange, CMS aims to create a longitudinal health record for a patient that is maintained by the patient’s current payer. The new proposed rule requires payers to make standard HL7 FHIR APIs available for payer-to-payer data exchange, including claims and encounter data (while excluding cost information) as specified in USCDI version 1, and including prior authorization requests and decisions in these exchanges. Payers would further be required to make data received via payer-to-payer data exchange available to patients in the Patient Access API. The new proposed rule also requires payer-to-payer data exchange if the patient opts into data sharing. Additionally, for enrollees holding concurrent coverage with two or more payers, payers would be required to make the same data available to other concurrent payers on at least a quarterly interval. The provisions in the new proposed rule rescind payer-to-payer data exchange requirements and effective dates of the 2020 Final Rule.
4. Improving Prior Authorizations Processes
The proposed rule calls for payers to make a single FHIR Prior Authorization Requirements, Documentation, and Decision API (PARDD API) available to providers, including:
Whether a prior authorization is required for an item or service,
What information and documentation requirements are needed to authorize the item or service, and
A FHIR request and response flow for providers to submit prior authorization requests to payers, and for payers to respond with decisions and status.
This proposed FHIR PARDD API incorporates and does not modify the requirements of HIPAA standard prior authorization transactions (e.g., X12 278).
The proposed rule also calls for payers to specify a reason for a prior authorization request being denied. This requirement aims to improve communication between provider and payer to ensure the patient receives the right care, including — if necessary — a successful resubmission of the prior authorization request.
The proposed rule also requires impacted payers (excluding QHP issuers on the FFEs) to send prior authorization decisions within 72 hours for expedited requests and within seven days for standard requests. In proposing these time frames, CMS is seeking comment on reducing these, respectively, to 48 hours and five days.
The proposed rule also requires impacted payers to report metrics for prior authorizations on an annual basis on the payer’s website or another publicly accessible site.
5. Electronic prior authorization measures for Merit-based Incentive Payment System (MIPS)-eligible clinicians and hospitals and critical access hospitals (CAHs).
The new proposed rule includes a new measure for electronic prior authorization for MIPS-eligible clinicians under the Promoting Interoperability performance category of MIPS and for eligible hospitals and CAHs under the Medicare Promoting Interoperability Program. To meet the measure, a prior authorization must be requested electronically from a payer’s PARDD FHIR API and use data from certified EHR technology (CEHRT). The measure would be reported by these providers as the number of prior authorization requests for medical items and services (excluding drugs) requested electronically from PARDD APIs using CEHRT.
What FHIR implementation guides are referenced in the Advancing Interoperability and Improving Prior Authorization proposed rule?
The proposed rule specifically calls for the HL7 FHIR version 4.0.1, the US Core FHIR profile, and the Smart Application Launch Framework. The proposed rule calls for a single FHIR Prior Authorization Requirements, Documentation, and Decision API (PARDD API) without requiring specific FHIR implementation guides to meet this requirement. For the FHIR PARDD API, CMS recommends the use of the existing Coverage Requirements Discovery (CRD), Document Templates and Rules (DTR), and Prior Authorization Support (PAS) FHIR implementation guides from the HL7 Da Vinci Project. CMS is strongly recommending rather than requiring the use of specific FHIR implementation guides. Before requiring their use, CMS will monitor the progress made in refining, testing, and implementing FHIR PARDD APIs with these implementation guides.
The new proposed rule also makes changes to require what data are to be included in APIs by making specific reference to the ONC requirement of USCDI. As ONC is the custodian of USCDI, by referring to the ONC requirement of USCDI, CMS now aligns with ONC as future versions of USCDI are adopted and ensures the data payers are to include in required APIs follows future versions of USCDI.
What are the requests for information (RFIs) in the Advancing Interoperability and Improving Prior Authorization proposed rule?
CMS is reissuing two preexisting requests for information (RFIs):
Accelerating the Adoption of Standards Related to Social Risk Factor Data
Focusing on social risk factors (e.g., housing instability, food insecurity) and their relationship to patient health and healthcare utilization, CMS is seeking information on barriers to adopting standards for the social risks of health. CMS views these data as important in value-based care and that standards will facilitate data sharing, particularly for providers that depend on high-quality social risk data.
Electronic Exchange of Behavioral Health Information
To inform future, potential rulemaking to advance electronic data exchange among behavioral health providers, CMS is seeking comments on how APIs might be used, as electronic data exchange among behavioral health providers has lagged compared to other types of providers.
CMS also proposes three new RFIs:
Improving the Electronic Exchange of Information in Medicare Fee-for-Service (FFS)
Different providers often order, render, or supply items and services to Medicare FFS beneficiaries. Sharing of information among these providers or suppliers could be improved to enhance treatment, coordination of care, and ensure accurate and timely payment. CMS is seeking comment on how to improve the exchange of medical documentation among these providers and patients.
Advancing Interoperability and Improving Prior Authorization Processes for Maternal Health
CMS is seeking comment on how health IT, data sharing, and interoperability would improve maternal health outcomes. Additionally, CMS is seeking specific comments on how to leverage USCCI in maternal health and improve prior authorization policies that can negatively impact maternal health outcomes.
Request for Information: Advancing the Trusted Exchange Framework and Common Agreement (TEFCA)
Prior to CMS publishing this proposed rule, the Office of the National Coordinator for Health IT (ONC) released the Trusted Exchange Framework and Common Agreement (TEFCA). CMS is seeking comment on how TEFCA supports and advances provisions proposed in this rule, as well as those in the Patient Access and Interoperability final rule of 2020. Additionally, CMS seeks comment on approaches to incentivize and encourage payers to enable exchange under TEFCA.
What programs are proposed to comply with the provisions of the Advancing Interoperability and Improving Prior Authorization proposed rule?
In the Advancing Interoperability and Improving Prior Authorization proposed rule, CMS identified the following programs to comply:
Medicare Advantage Organizations
Medicaid Managed Care Plans
State Medicaid Agencies
Children’s Health Insurance Program (CHIP) Agencies and CHIP Managed Care Entities
Issuers of Qualified Health Plans on the federally facilitated Exchanges (FFEs) (exclusive of Stand-Alone Dental Programs (SADP) and federally facilitated Small Business Health Options Program Exchanges (FF-SHOP))
Merit-based Incentive Payment System (MIPS) Eligible Clinicians (under the Promoting Interoperability performance category of MIPS)
Eligible Hospitals and Critical Access Hospitals in the Medicare Promoting Interoperability Program
The list of covered entities is greater than those originally in the Interoperability and Patient Access Final Rule of 2020 or the December 2020 CMS Interoperability proposed rule. MIPS-eligible clinicians and critical access hospitals were added in direct response to comments received on the December 2020 proposed rule.
Overall, the proposed timeframe to effective dates is intended to allow sufficient time for the impacted parties to plan and implement by the effective dates, taking into account states’ abilities to secure funding and qualified technical staff. While Medicare FFS is not included, CMS does seek comment on how the proposed provisions could apply to Medicare FFS. CMS also encourages other payers who are not directly impacted by this proposed rule to evaluate these proposals for voluntary adoption.
ZeOmega’s Jiva healthcare enterprise management platform provides a holistic, person-centric approach to health management and helps organizations meet evolving CMS requirements and succeed with value-based care. Contact ZeOmega to learn more.
Smart Authorization Gateway is the part of the HealthUnity portfolio that is available to help payers and providers meet interoperability compliance mandates – and beyond.
As Associate Vice President of Interoperability Strategy, Mike leads the HealthUnity team in strategic vision for interoperability and executes on market strategies for HealthUnity solutions. Among HealthUnity solutions is the Smart Authorization Gateway, an accredited product to streamline the prior authorization process and reduce burden for providers and payers. Mike has over 20 years’ experience in business and IT roles across the provider and payer landscape, including recognized leadership in the development and implementation of health data standards.