On January 17, 2024, the Centers for Medicare & Medicaid Services (CMS) released the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F). This represents a substantial step forward in improving interoperability and patient care. In the final rule, most compliance dates have been extended by one year to provide affected health plans with additional preparation time. By January 1, 2027, it will be mandatory for all affected payers to implement Health Level Seven International® (HL7®) Fast Healthcare Interoperability Resources (FHIR®) application programming interfaces (APIs) including:
With the finalization of the rule, there are no more reasons to ‘wait and see.’ It is crucial for health plans to work towards meeting compliance. We applaud the early adopters who have already embarked on this journey, recognizing it’s no easy feat. Meeting and maintaining adherence for the various facets of each requirement can be challenging, that’s why we outlined the key aspects of each finalized ruling below, along with details on how Availity can help position your organization for success.
In the final rule, CMS requires impacted payers to establish and maintain a FHIR-based Prior Authorization API. Providers can use the Prior Authorization API to determine whether a specific payer requires prior authorization for a certain item or service, thereby easing one of the major points of administrative burden in the existing prior authorization process. The Prior Authorization API will also allow providers to query the payer’s prior authorization documentation requirements, to facilitate the compilation of necessary information and submission of a prior authorization request.
CMS also announced an enforcement discretion for the HIPAA X12 278 standard for interoperability APIs. This will give select organizations the option to adopt either an exclusively FHIR-based Prior Authorization API or a translation of FHIR to X12 278 transaction standards.
Prior Authorization API Solution: The Prior Authorization API provision requires that impacted payers implement and maintain a Prior Authorization API that can be leveraged to:
Availity is developing our Provider Authorization API solution in accordance with the Da Vinci implementation guides recommended in the final rule. Learning through an early implementation with our payer and EHR vendor partners, we provided feedback on early versions of the Da Vinci implementation guides, and many of our recommendations were integrated into subsequent versions.
Apart from the detailed specifications for Prior Authorization API, CMS also included general process requirements for all prior authorizations. Impacted payers must deliver decisions for expedited requests within 72 hours and for standard requests within seven days, effective January 1, 2026. By January 1, 2026, a specific reason must be included in the payer’s prior authorization response communication to the provider. Moreover, affected payers are obligated to publicly disclose certain prior authorization metrics on their website by March 31, 2026. This initiative aims to enhance transparency, accountability, and overall efficiency in the prior authorization process, contributing to a more informed and streamlined healthcare ecosystem for both providers and patients.
Availity AuthAI: Amidst regulatory pressures, there’s a heightened focus to streamline the prior authorization review process. Now is the opportune moment to explore leveraging artificial intelligence (AI) to automate prior authorization requests. With insight captured from clinical data and a health plan’s unique medical policies, Availity AuthAI eliminates the manual review process, and—in most cases—can recommend approval in seconds. To learn more about Availity AuthAI or to schedule a meeting with our team, please visit us here.
In the final rule, impacted payers are required to implement and maintain Payer-to-Payer APIs to exchange clinical, claims and authorization data when a member moves between payers. New payers must present the “opt in” opportunity to members no later than one week after the start of coverage. Different from the data timeframe requirement for Patient Access and Provider Access, previous payers will have to provide only the data they maintain with dates of service within five years of the date of the request, and they should provide this data within one day of receiving a request from the member’s new payer.
Payer-to-Payer Hub: A healthcare organization revealed it took six to eight individuals about six months to establish just one connection with another payer, and they anticipate similar efforts for each following connection. Given the final rule’s requirements, extensive collaboration, and potential increased effort for multiple connections, pursuing many one-to-one connections will be challenging, considering the associated expenses and compliance costs.
That’s why we’re diligently working on creating a centralized, one-to-many connection point exclusively designed for health plans. Our goal is simple: to accelerate Payer-to-Payer API adherence and streamline the data exchange processes. By doing so, we aim to minimize the reliance on costly and time-consuming point-to-point connections. Checkout our blog on How Health Plans Can Prepare for the Payer-to-Payer Mandate to learn more.
In the final rule, impacted payers will be required to share specific information through the Provider Access API. This includes individual claims and encounter data (excluding provider remittances and enrollee cost-sharing details), data classes and elements outlined in the United States Core Data for Interoperability (USCDI), and specific prior authorization details (excluding those related to drugs).
Integrating claims and encounter data with clinical and other available information will help provide a more comprehensive understanding of an individual’s interactions with the healthcare system. At Availity, we are uniquely positioned to exchange data between providers and payers and are currently evaluating requirements to support a Provider Access API solution.
The Patient Access API has been a requirement since 2021. In the final ruling, CMS expanded the Patient Access API to include details about prior authorizations (excluding drug-related ones). Giving members access to more comprehensive data can help them better understand their payer’s prior authorization process and its implications on their care. Implementation of this requirement is mandatory by January 1, 2027, a one-year extension from the proposed rule. Due to low utilization, CMS is also requesting payers provide specific metrics on the Patient Access API usage, beginning January 1, 2026.
Availity Fusion™: Although each API outlined in the finalized rule comes with its unique nuances, the common thread among them is the mandate for data to be transported using FHIR. The process of converting legacy clinical data sets into FHIR is undeniably a complex and ongoing undertaking. It requires meticulous planning, a robust infrastructure, and adequate resources. Availity’s Upcycling Data™ technology, Availity Fusion, structures and standardizes clinical data before converting it to FHIR in near real-time. To learn how you can ignite your FHIR strategy with high-quality data, download our FHIR eBook.
Exchanging data between payers and providers, facilitating the prior authorization process, and adopting industry standards are not new to Availity. Billions of transactions are processed through Availity each year. We are excited to expand our offerings to incorporate new FHIR standards that can reduce administrative burden for all parties and promote CMS and industry goals for interoperability.