Centers For Medicare & Medicaid Services Issues Interoperability And Prior Authorization Final Rule

As part of its ongoing mission to modernize and improve the interoperability of the health care system, on January 17, 2024, the Centers for Medicare & Medicaid Services...
United States Food, Drugs, Healthcare, Life Sciences
To print this article, all you need is to be registered or login on

As part of its ongoing mission to modernize and improve the interoperability of the health care system, on January 17, 2024, the Centers for Medicare & Medicaid Services (CMS) finalized the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F) (the "Final Rule").

The Final Rule is designed to improve electronic exchange of health information and streamline prior authorization processes to advance patient access to care, ultimately contributing to better health outcomes. Medicare Advantage (MA) organizations, state Medicaid and Children's Health Insurance Program (CHIP) Fee-for-Service (FFS) programs, Medicaid managed care plans, CHIP managed care entities, and Qualified Health Plan (QHP) issuers on the Federally Facilitated Exchanges (FFEs) (the "Impacted Payers") will be subject to measures under the Final Rule designed to promote transparency around their prior authorization processes, including public disclosure of the reasoning and methodology behind denials.

Summary of Final Rule:

Application Programming Interfaces (APIs)

Starting January 1, 2027, the Impacted Payers must implement the following application programming interfaces (APIs), which will provide a technological basis for improving access to interoperable patient data and simplify the prior authorization process:


Originally required under the CMS Interoperability and Patient Access final rule ("Patient Access Final Rule"), the Patient Access API is designed to facilitate patients with easy access to claims, encounter information, and related clinical data such as laboratory results, provider remittances, and patient cost-sharing as applicable to specific claims. To provide patients with greater transparency about payer prior authorization processes, the Final Rule requires Impacted Payers to incorporate prior authorization information into the data available under the Patient Access API.


The Provider Access API aligns with CMS' continued shift to value-based care models by streamlining the sharing of patient data between in-network providers. Also subject to the required technical standards in the Patient Access Final Rule, the Provider Access API is designed to give providers access to patient data from payers necessary to better coordinate the provision of care, including individual claims and encounter data (without provider remittances and enrollee cost-sharing information); data classes and data elements in the United States Core Data for Interoperability (USCDI); and specified prior authorization information (excluding those for drugs).


To preserve continued access to care, the Payer-to-Payer API is designed to facilitate the exchange of patient data when a patient moves between payers, including information such as adjudicated claims, encounter data and certain information about the patient's prior authorizations. Impacted Payers must obtain permission from new patients to request data from a patient's previous payer, which must occur no later than 1 week from the start of coverage or at the patient's request. Impacted Payers that provide concurrent coverage of a patient must exchange the patient's data at least quarterly to ensure a complete record for such patient.


Lastly, the Final Rule finalizes the Prior Authorization API, which will permit providers to determine in a timely manner the items and services for which specific payers require prior authorization, including enabling providers to query the payer's prior authorization requirements directly form the provider's system.

The Final Rule also finalizes specific technical standards that are applicable to each API, which can be found in detail via the link below.

Requirements for Prior Authorization Process

Effective January 1, 2026, Impacted Payers must comply with new requirements for their prior authorization processes:

  • Impacted Payers must send notices to providers when they make prior authorization decisions, including a detailed explanation for denials, when applicable.
  • Impacted Payers must respond to prior authorization requests within 72 hours for expedited requests (urgent) and seven calendar days for standard requests (non-urgent).
  • To promote transparency, Impacted Payers must publicly report certain metrics about their prior authorization processes. The initial set of metrics must be reported by March 31, 2026.

Electronic Prior Authorization for MIPS Eligible Clinicians and Hospitals

The Final Rule also incentivizes adoption of the Prior Authorization API among MIPS eligible clinicians, eligible hospitals, and critical access hospitals by adding a new "Electronic Prior Authorization" category under the Health Information Exchange (HIE) objective in the MIPS Promoting Interoperability performance category and the Medicare Promoting Interoperability Program, which will begin with the calendar year 2027 performance period/2029 MIPS payment year and the calendar year 2027 electronic health record reporting period. Eligible providers may report a yes/no attestation to satisfy this new category.

The Final Rule is available on the Federal Register here.

The CMS fact sheet for the Final Rule is available here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More