On Tuesday, December 13, the Centers for Medicare & Medicaid Services (“CMS”) released a proposed rule (“New Proposed Rule”) to improve the prior authorization process and advance interoperability for Medicare Advantage organizations (“MAOs”), Medicaid managed care plans, state Medicaid and CHIP agencies, and qualified health plans (“QHPs”) on the Federally-Facilitated Exchanges (“FFEs”) (collectively, “impacted payers”).
This proposal builds on the “CMS Interoperability and Patient Access” final rule from May 2020 (2020 Final Rule”) and replaces the “CMS Interoperability and Prior Authorization” proposed rule from December 2020 (“2020 Proposed Rule”), while still building off of feedback from that proposal.
CMS Administrator Chiquita Brooks-LaSure said in a press release that the New Proposed Rule “would streamline the prior authorization process and promote health care data sharing to improve the care experience across providers, patients, and caregivers – helping us to address avoidable delays in patient care and achieve better health outcomes for all.”
Improving Prior Authorization Processes
The New Proposed Rule proposes a number of measures to improve efficiency and transparency in prior authorization processes to address concerns about inefficiencies leading to delays or interruptions in care for patients and burnout for providers. It would require that impacted payers offer a specific reason for denials of prior authorization requests and report certain metrics around prior authorization. The proposal would require impacted payers (except for QHP issuers on FFEs) to send decisions as urgently as the patient’s condition requires but no later than 72 hours for urgent requests and within 7 days for non-urgent requests (MAOs currently have 14 days to respond to nonurgent requests, Medicaid and CHIP timelines vary by state). CMS has requested comments on possible alternative timeframes and shorter response times and asked about administrative or technological barriers that may hinder faster responses.
Impacted payers would need to publicly report certain prior authorization metrics on an annual basis, including:
- All items and services that require prior authorization;
- The overall percentage of approved standard prior authorization requests;
- The overall percentage of denied standard prior authorization requests;
- The percentage of standard prior authorization requests approved on appeal;
- The percentage of approved prior authorization requests for which the review timeframe was extended;
- The overall percentage of approved expedited prior authorization requests;
- The overall percentage of denied expedited prior authorization requests;
- The average and median elapsed time between the submission of a standard prior authorization request and the determination; and
- The average and median elapsed time between the submission of an expedited prior authorization request and the determination.
The New Proposed Rule would require that impacted payers report data from the previous calendar year to CMS by March 31 of each year, starting with reporting for calendar year 2025 data by March 31, 2026. New issuers or plans would not be required to report data until the first full calendar year that is subject to the requirement.
The proposal would also require that impacted payers build and maintain a Prior Authorization Requirements, Documentation and Decision (“PARDD”) Application Programming Interface (“API”) to support electronic prior authorizations that meets the Health Level 7 (“HL7”) Fast Healthcare Interoperability Resources (“FHIR”) data format standard. The PARDD API would automate the process for providers to determine whether a prior authorization is required, identify prior authorization information and documentation requirements, and facilitate the exchange of prior authorization requests and decisions from their electronic health records or practice management system.
The New Proposed Rule also includes an electronic prior authorization measure for Merit-based Incentive Payment System (“MIPS”) clinicians under Medicare and for Critical Access Hospitals (“CAHs”).
Additional Requirements
Patient Access API
In the May 2020 Final Rule, CMS finalized a policy requiring impacted payers to implement a Patient Access API software interface that meets the HL7 FHIR standard. In the New Proposed Rule, starting in 2026, CMS proposes requiring the impacted payers to include information about patients’ prior authorization decisions to help patients better understand the prior authorization process and how it influences their care. It would also require reporting of annual metrics to CMS about patient use of the Patient Access API.
Provider Access API
In an effort to move toward value-based payment models, the New Proposed Rule would require impacted payers to build a Provider Access API for payers to share patient data—specifically, patient claims and encounter data, excluding cost information, United States Core Data for Interoperability (USCDI) version 1 data elements,[1] and prior authorization requests and decisions—with in-network providers with whom the patient has a treatment relationship beginning in 2026.
GROOM INSIGHT: The withdrawn December Proposed Rule proposed an opt in patient permission model for the Provider Access API, but the new rule instead proposes an opt out approach in response to overwhelming support from commenters for an opt out model to avoid clinical and operational hurdles.
Payer-to-Payer API
The May 2020 Final Rule required that, at a patient’s request, impacted payers must exchange certain patient health information, maintain that information, and create a health record maintained with their current payer. However, in December 2021, CMS announced that they would hold off on enforcing the policy until certain implementation challenges could be addressed in future rulemaking. CMS is now proposing to require that payers exchange patient data using a Payer-to-Payer FHIR API when a patient transitions between health plans or has concurrent payers (including claims and encounter data, prior authorization requests and decisions, but not cost information).
Unlike the Provider Access API proposal’s opt out approach, CMS is proposing an opt in framework for the Payer-to-Payer API, because providing accurate information on previous or concurrent payers would already require an affirmative act from the patient and certain statutory and regulatory requirements applicable to some programs would make an opt out process difficult to establish. However, CMS requests comments on changes it could consider to allow for an opt out process.
The New Proposed Rule provides for an exceptions process for QHPs on the FFEs from each of the API requirements, which would be conditioned on request and approval of a narrative justification explaining why the issuer was unable to satisfy the requirements for the applicable plan year. This exceptions process could apply to small issuers, financially vulnerable issuers, or new entrants to the FFEs that demonstrate that deploying this proposed standards-based API technology would be a significant barrier to the issuers’ ability to provide coverage or service to patients and that not certifying the issuers’ QHP(s) would result in patients having few or no plan options in certain areas.
GROOM INSIGHT: The exceptions process in the New Proposed Rule is in line with the process for the Patient Access API in the CMS Interoperability and Patient Access 2020 Final Rule from 2020.
Requests for Information (“RFIs”)
CMS included five RFIs in the New Proposed Rule:
- on barriers to adopting standards, and opportunities to accelerate the adoption of standards, related to social risk factor data;
- on advancing the electronic exchange of behavioral health information among behavioral health providers—seeking comment on how CMS might leverage APIs and other solutions to facilitate electronic data exchange with these providers;
- on improving the electronic exchange of information between providers in the Medicare fee-for-service program—seeking comment on how the program may support improvements of the exchange of documentation between providers and patients;
- on advancing the Trusted Exchange Framework and Common Agreement (“TEFCA”)— seeking comment on their approach to encouraging payers to enable exchange under TEFCA; and
- on advancing interoperability and improving the prior authorization process for maternal health—seeking comment on evidence-based policies to improve maternal health outcomes using health IT, data sharing, interoperability, or changes to prior authorization policies.
CMS is accepting comments until March 13, 2023.
If you have any questions regarding the proposed rule, please contact the authors of this alert or any of our Groom attorneys.
[1] See The United States Core Data for Interoperability (healthit.gov) (allergies and intolerances, assessment and plan of treatment, care team members, clinical notes, goals, health concerns, immunizations, laboratory, medications, patient demographics, problems, procedures, provenance, smoking status, unique device identifier(s) for a patient’s implantable device(s), and vital signs.