Skip to Main Content
Our Commitment to Diversity

CMS Finalizes New Interoperability Rule Promoting Improvements to Prior Authorization Processes

Date: 8 February 2024
US Policy and Regulatory Alert

On 17 January 2024, the Centers for Medicare & Medicaid Services (CMS) released a final rule outlining new interoperability and prior authorization requirements for certain payors (Final Rule).1 With the adoption of the Final Rule, CMS aims to further modernize health care delivery, improve access to health information, and reduce administrative burdens on patients, providers, and payors. Payors impacted by this rule include: Medicare Advantage organizations, state Medicaid and Children’s Health Insurance Program (CHIP) fee-for-service programs, Medicaid managed care plans, CHIP managed care entities, and Qualified Health Plan (QHP) issuers on the federally facilitated exchanges.

Payors and providers alike should begin preparing for significant changes in the prior authorization process. To ensure compliance by the deadlines CMS has established, payors subject to the Final Rule should begin developing processes to meet the new expectations. Likewise, providers may anticipate a learning curve as payors work through implementation and should begin preparing administrative staff to be ready for these changes.

Prior Authorization

Providers and clinicians are well aware that the often complex and varied administrative requirements associated with the prior authorization process can occasionally cause unnecessary delay in the provision of needed care. The Final Rule intends to create efficiencies by streamlining requirements for prior authorizations for items and services by requiring impacted payors to implement the following processes by 1 January 2026:

  • Send prior authorization decisions within 72 hours for urgent requests and seven calendar days for non-urgent requests (except for certain issuers of QHPs);
  • Include a specific reason for any denials; and
  • Report certain prior authorization metrics publicly on its website.

Notably, CMS neglected to extend these requirements to drugs, in part due to operational complexities in aligning the prior authorization framework with existing regulatory requirements for prescription drugs. However, CMS stated that it will consider extending these rules to drugs in the future, noting in the Final Rule that it received comments indicating “overwhelming” support for this approach.  

New Application Programming Interfaces (APIs)

Impacted payors must also implement a new API to facilitate automation of the prior authorization process. Additionally, impacted payors are required to implement new APIs for patient access, provider access, and payor-to-payor information sharing by 1 January 2027. Along with the new APIs, payors will be required to offer to patients both an opt-out process for the provider API and an opt-in process for the payor-to-payor API, as well as a plain language explanation of the APIs themselves demonstrating to patients the value of such APIs. From the provider standpoint, the new API requirements are notable as they aim to provide greater access to patient information to all in-network providers with whom a patient has a treatment relationship in an effort to further facilitate care coordination among treating providers. Further, facilitating greater transparency and access to patients directly will likely eliminate some of the administrative burden on providers in responding to patient questions regarding the status of their treatment.

Provider Attestations

In addition to the requirements for payors, the Final Rule also adds a new measure under the Medicare Promoting Interoperability Program for hospitals and critical access hospitals, as well as MIPS-eligible clinicians. The additional measure requires an affirmative “yes” or “no” attestation for requesting prior authorizations electronically using data from certified electronic health record (EHR) technology starting in CY 2027. Failure to complete this attestation will result in the provider not being considered a meaningful EHR user.

The firm’s Health Care and FDA practice routinely assists health systems, hospitals, and other providers and suppliers with legal advice and strategic considerations, including providing advice on care coordination, interoperability, and reimbursement matters and assisting clients with public comments on proposed and final rulemakings. Contact the authors of this article or another K&L Gates lawyer for assistance with compliance with prior authorization requirements or other care coordination and interoperability matters.

This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. Any views expressed herein are those of the author(s) and not necessarily those of the law firm's clients.

Find more items tagged as: Health Care, Policy and Regulatory
Return to top of page

Email Disclaimer

We welcome your email, but please understand that if you are not already a client of K&L Gates LLP, we cannot represent you until we confirm that doing so would not create a conflict of interest and is otherwise consistent with the policies of our firm. Accordingly, please do not include any confidential information until we verify that the firm is in a position to represent you and our engagement is confirmed in a letter. Prior to that time, there is no assurance that information you send us will be maintained as confidential. Thank you for your consideration.

Accept Cancel