Next Steps for Compliance: Interoperability & Prior Auth Final

On January 17, 2024, the Centers for Medicare & Medicaid Services (CMS) released the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F). This represents a substantial step forward in improving interoperability and patient care. In the final rule, most compliance dates have been extended by one year to provide affected health plans with additional preparation time. By January 1, 2027, it will be mandatory for all affected payers to implement Health Level Seven International^® (HL7^®) Fast Healthcare Interoperability Resources (FHIR^®) application programming interfaces (APIs) including: 

• Prior Authorization API for Transparency and Efficiency 
• Payer-to-Payer API for Member Data Sharing 
• Provider Access API for Care Coordination 
• Patient Access API for Data Accessibility

With the finalization of the rule, there are no more reasons to ‘wait and see.’ It is crucial for health plans to work towards meeting compliance. We applaud the early adopters who have already embarked on this journey, recognizing it’s no easy feat. Meeting and maintaining adherence for the various facets of each requirement can be challenging, that’s why we outlined the key aspects of each finalized ruling below, along with details on how Availity can help position your organization for success.

Prior Authorization API (Formerly Known as “PARDD”)

In the final rule, CMS requires impacted payers to establish and maintain a FHIR-based Prior Authorization API. Providers can use the Prior Authorization API to determine whether a specific payer requires prior authorization for a certain item or service, thereby easing one of the major points of administrative burden in the existing prior authorization process. The Prior Authorization API will also allow providers to query the payer’s prior authorization documentation requirements, to facilitate the compilation of necessary information and submission of a prior authorization request.

CMS also announced an enforcement discretion for the HIPAA X12 278 standard for interoperability APIs. This will give select organizations the option to adopt either an exclusively FHIR-based Prior Authorization API or a translation of FHIR to X12 278 transaction standards.  

Apart from the detailed specifications for Prior Authorization API, CMS also included general process requirements for all prior authorizations. Impacted payers must deliver decisions for expedited requests within 72 hours and for standard requests within seven days, effective January 1, 2026. By January 1, 2026, a specific reason must be included in the payer’s prior authorization response communication to the provider. Moreover, affected payers are obligated to publicly disclose certain prior authorization metrics on their website by March 31, 2026. This initiative aims to enhance transparency, accountability, and overall efficiency in the prior authorization process, contributing to a more informed and streamlined healthcare ecosystem for both providers and patients.

Payer-to-Payer API

In the final rule, impacted payers are required to implement and maintain Payer-to-Payer APIs to exchange clinical, claims and authorization data when a member moves between payers. New payers must present the “opt in” opportunity to members no later than one week after the start of coverage. Different from the data timeframe requirement for Patient Access and Provider Access, previous payers will have to provide only the data they maintain with dates of service within five years of the date of the request, and they should provide this data within one day of receiving a request from the member’s new payer.

Provider Access API

In the final rule, impacted payers will be required to share specific information through the Provider Access API. This includes individual claims and encounter data (excluding provider remittances and enrollee cost-sharing details), data classes and elements outlined in the United States Core Data for Interoperability (USCDI), and specific prior authorization details (excluding those related to drugs). 

Integrating claims and encounter data with clinical and other available information will help provide a more comprehensive understanding of an individual’s interactions with the healthcare system. At Availity, we are uniquely positioned to exchange data between providers and payers and are currently evaluating requirements to support a Provider Access API solution. 

Patient Access API

The Patient Access API has been a requirement since 2021. In the final ruling, CMS expanded the Patient Access API to include details about prior authorizations (excluding drug-related ones). Giving members access to more comprehensive data can help them better understand their payer’s prior authorization process and its implications on their care. Implementation of this requirement is mandatory by January 1, 2027, a one-year extension from the proposed rule. Due to low utilization, CMS is also requesting payers provide specific metrics on the Patient Access API usage, beginning January 1, 2026.

Exchanging data between payers and providers, facilitating the prior authorization process, and adopting industry standards are not new to Availity. Billions of transactions are processed through Availity each year. We are excited to expand our offerings to incorporate new FHIR standards that can reduce administrative burden for all parties and promote CMS and industry goals for interoperability.