In a new rule, the Centers for Medicare & Medicaid Services (CMS) finalized policies to improve patients’ access to their electronic health information and reduce burden on providers related to prior authorization.
The rule’s provisions apply to Medicare Advantage (MA) organizations, Medicaid managed care plans and Children’s Health Insurance Program (CHIP) managed care entities, state Medicaid and CHIP fee-for-service (FFS) programs, and qualified health plan (QHP) issuers on the federally facilitated exchanges, collectively referred to as impacted payers.
The rule leverages application programming interfaces (APIs) by building on requirements in the 2020 final rule on interoperability and patient access, which required that payers implement APIs to increase health information exchange. APIs are platforms that allow mobile applications to access information in an electronic health record (EHR) or other database.
The final rule requires impacted payers to create a provider access API to allow better payer-to-provider data sharing of:
- Claims and encounter data.
- Data elements in the United States Core Data for Interoperability dataset.
- Active and pending prior authorization decisions.
CMS also finalized a proposal requiring impacted payers to include prior authorization decisions in patient access APIs.
Finally, the rule requires payer-to-payer data exchange when a patient changes health plans or when a patient has concurrent coverage with multiple payers. Impacted payers must comply with these provisions beginning Jan. 1, 2027.
Prior Authorization Policies
CMS also finalized policies to streamline prior authorization, which is a process for health care providers to request approval from payers before providing and being reimbursed for a service. To reduce prior authorization wait times and minimize provider burden, impacted payers must:
- Develop a prior authorization API. This API will automate the provider prior authorization process and facilitate integration of prior authorization requests and data from the EHR.
- Provide a specific reason for prior authorization denials.
- Impacted payers, except for QHPs, must send prior authorization decisions to providers within 72 hours for urgent requests and seven calendar days for non-urgent requests.
- Publicly report prior authorization metrics annually.
The prior authorization policies take effect Jan. 1, 2026. Impacted payers must report the first set of metrics by March 31, 2026.
CMS added new measures for hospitals under the Promoting Interoperability Program and eligible clinicians under the Promoting Interoperability category of the Merit-based Incentive Payment System (MIPS) to report on the use of electronic prior authorization. MIPS-eligible clinicians, eligible hospitals, and critical access hospitals will be required to report the number of prior authorizations for medical items and services (excluding drugs) that are requested electronically from a prior authorization API using data from certified EHR technology.
Contact Director of Policy Rob Nelb, MPH, at rnelb@essentialhospitals.org or 202.585.0127 with questions.