CMS New Rules to Address Prior Authorization for Patient and Provider Interests

The Centers for Medicare & Medicaid Services (CMS) released the much-awaited Interoperability & Patient Access Rule in March 2020. The objective is to reinforce this rule by further improving health information exchange and obtaining member health records at a single location to reduce burden on payers, providers and members.

The enforcement date for this rule is January 1, 2023, and will be applicable to Medicaid programs, the Children’s Health Insurance Programs (CHIP) and Qualified Health Plan (QHP) issuers on the individual market Federally Facilitated Exchanges (FFEs). However, it will not be applicable to Medicare Advantage (MA) plans.

The CMS proposed rule will include policies to enhance the current Application Programming Interfaces (APIs) from its interoperability rule such as patient access API and payer to payer API. There are a few new APIs and requirements proposed to improve the overall prior authorization process.

Summary: Provisions of the Proposed Rule

Impacted payers will need to set-up the required infrastructure per CMS’ API guidelines (HL7 FHIR Version 4.0) and security requirements (OAuth2.0 and SMART app launch framework). The APIs will need to be based on industry standard implementation guides proposed by the CMS. In addition, the proposed rule includes the following HL7 Da Vinci Project implementation guides:

• Prior Authorization Support (PAS)
• Payer Coverage Decision Exchange (PCDE)
• Documentation Templates and Rules (DTR)
• Coverage Requirements Discovery (CRD)

In addition to building APIs, CMS has proposed further requirements to measure the impact of the rule and streamline certain processes:

• Third Party Attestation Process: CMS expects payers to establish, implement and maintain an attestation process mandatorily for third-party application developers to attest to certain privacy policy provisions prior to retrieving data via the payer’s Patient Access API.
• Patient Access API Metrics: Impacted payers to report metrics quarterly to CMS about list of unique patients that have requested data from the API, to assess impact of the patient access API.
• Denial Reason for Prior Authorizations: Payers to provide specific reasons for denial when denying a prior authorization request, regardless of the method used to send the prior authorization decision, to facilitate better communication and understanding between the provider and payer.
• Shorter Prior Authorizations Timeframes: Payers to shorten prior authorization decision for both urgent and standard requests.
• Prior Authorizations Metrics: Impacted payers to publicly report (on website) on each plan's data against metrics proposed by CMS to improve transparency in the prior authorization process.

Impact of the CMS Proposed Rules

• Members will be able to track their prior authorization requests and estimated treatment dates, which will provide them with a seamless experience.
• Cost reduction for payers after the prior authorization workflow related APIs are established.
• Prior authorization timeframes will be shortened, along with provider access to information on prior authorization requirements for a specific payer and service.
• Payer-to-payer data exchange: current payers will have data on active prior authorizations for a member, which will eliminate duplication of prior authorization requests when members switch plans.

Attend Our Webinar on February 17!

Subject matter experts will discuss this topic in more detail, including potential steps for payers to meet the requirements, at a free webinar on February 17, 2021. Click here to register for the CMS Proposed Rule for Interoperability webinar.