The Rule, Which Doesn’t Apply to Commercial Insurers, Sets Time Limits on Responses and Enforces Access API’s

To combat growing criticism of prior authorization delays by payers, the Centers for Medicare & Medicaid Services recently finalized a rule requiring health plans to send prior authorization decisions within three calendar days for urgent requests and seven calendar days for standard requests. The rule is expected to take effect in phases beginning in 2026.

The rule requires Medicare Advantage organizations, state Medicaid and Children’s Health Insurance Program (CHIP) fee-for-service programs, Medicaid managed care plans, and CHIP managed care entities to send prior authorization decisions within three calendar days for expedited (urgent) requests and seven calendar days for standard (non-urgent) requests. The insurers also must report publicly on their prior authorization metrics.

Payers will be required to implement an application programming interface (API) to support a better, more efficient electronic automation process. CMS is delaying API compliance until the 2026 calendar year. Beginning in 2027, payers will be expected to have a prior authorization API, expand on their patient access API, and implement a provider access API.

To improve coordination of care across the care continuum and accelerate movement toward value-based care, CMS noted that it is finalizing the proposed rule to require impacted payers to implement and maintain a provider access API that is consistent with the technical standards finalized in the CMS Interoperability and Patient Access final rule. This includes the Health Level Seven (HL7®) International Fast Healthcare Interoperability Resources (FHIR®).

Who Is Affected?

1. Medicare Advantage Payers

Medicare Advantage plans will be required to implement an API to support a better, more efficient electronic automation process. CMS is delaying API compliance dates for the 2026 calendar year. Beginning in 2027, payers will be expected to implement the FHIR standard for prior authorization APIs, expand on their patient access APIs, and implement a provider access API. The impact will be substantial. According to the Kaiser Family Foundation, over 35 million prior authorization requests were submitted to Medicare Advantage plans in 2021.

2. State Medicaid Payers and CHIP Plans as well as Qualified Health Plan (QHP) Issuers on the Federally Facilitated Exchanges (FFEs)

CMS will only grant a state Medicaid plan an exemption from the provider access API health plan requirement if the state has established an alternative plan to ensure that enrolled providers have efficient electronic access to the same required data about their patients through other means while the approved exemption is in effect. 

Similarly, states would be expected to use efficient means for electronic prior authorization that would reduce burden for providers and improve access to information regarding when prior authorization is required for items and services or what documentation is required in advance.

CMS also noted that the burden for state Medicaid plans to adopt this new technology may enable plans to qualify for some federal funding. According to CMS, in 2023, there were over 88 million enrollees for Medicaid and CHIP.

3. Providers with a Certified EHR

CMS is urging providers to use the provider access API for prior authorizations and recommends that providers use vendors to satisfy this API. CMS also considered a numerator and denominator model to incentivize providers to use the provider access APIs through the MIPS quality metrics. However, that proposed rule was changed to a yes/no reporting process.

CMS believes accessing patient data through the provider access API will improve providers’ ability to furnish quality care to patients, and it expects providers, too, will see the benefit of this technology.

4. Providers Without an EHR that Serve Post-Acute Patients and Underserved Populations

CMS agreed that technology should not be a barrier to accessing appropriate patient information. According to CMS, its policies are intended to make such access easier for providers.

For instance, CMS recognized that there are care settings that lag in adoption of EHRs and other health IT and/or lack the staff or resources to make use of the provider access API, which could result in these care settings missing out on the benefits of data exchange. However, CMS said making data available via a FHIR API, which ensures this data is available to any authorized system seeking to access it, will benefit settings that may not have sophisticated technological solutions.

Furthermore, CMS stated that making this data available is a vital antecedent to increased data sharing and interoperability across the healthcare system.

CMS will be closely monitoring implementation and use of the provider access API to assess its real-world impact on care delivery, such as the possible equity concerns described by the commenters. Additionally, CMS will continue to work with providers to encourage and enable them to use the API, should they wish to do so.

How Consensus Cloud Solutions Can Help

Help for payers. Payers will bear the biggest burden for the requirement to meet the 72-hour turnaround time for urgent requests and seven days for standard requests. To facilitate this, CMS is requiring the implementation of the payer APIs. Consensus Cloud Solutions offers one of the largest digital cloud fax solutions in healthcare, sending and receiving unstructured data. We understand the role faxing plays for easy communication, but we also recognize the value structured data is for consumption into receiving systems. Many providers, however do not have an EHR that can send or receive structured data to or from payers. Through our intelligent data extraction capability, called Consensus Clarity, and our translation engine, Conductor, we may be able to send a structured FHIR or X12 message by acting as a go-between the fax to the payer’s API FHIR standard.

We invite interested payers to work with us and test this capability as it is particularly important for those care settings that cannot send a structured data request, such as post-acute providers and those that serve our most vulnerable patient populations facilitating Medicaid requests.

Help for providers. In most instances, providers that use a certified EHR will be able to facilitate a FHIR authorization request and receive a response using the provider APIs. But many providers, such as post-acute providers or those serving our most vulnerable patient populations, don’t have certified EHRs. Such care settings may include skilled nursing facilities, home health, hospice, assisted living, substance use disorder clinics, and other providers that request Medicaid prior authorizations. Consensus can use our Clarity solution and Conductor to translate a cloud fax to FHIR or X12 and translate a FHIR message from the payer to a cloud fax, ensuring these care settings get the timeliest patient data from the payer.

Help for EHR vendors. If you are a certified EHR vendor, we can translate your users’ unstructured documents to structured FHIR messages. We can also return a cloud fax response, if necessary, to ensure the right communication is flowing back to the provider. 

CMS is requiring certified EHR vendors to support the provider APIs and measure compliance as part of the MIPS quality metrics. Getting credit for the MIPS quality metric is not always possible in some instances where the provider needs to send an unstructured request. Consensus Clarity with Consensus Conductor can translate messages so that requests and payer communication can still flow in a timely manner. 

Let’s continue the conversation. It would be great to hear from you. Whether you are a provider, or payer, please send me your comments ([email protected]) or fill out this quick survey to help us learn more about the potential impact of this rule on your organization:

Take the Survey