Penrod Blog

Complying with the CMS Interoperability and Prior Authorization Rule

In the past few years, the Centers for Medicare & Medicaid Services (CMS) have made substantial strides to streamline health care by increasing health data exchange and expanding care access.

As part of the Biden-Harris administration's commitment to improve health care data exchange and enhance care access, the CMS recently released the CMS Interoperability and Prior Authorization rule (CMS-0057-F) to govern efficient data exchange between care providers, patients and insurance companies. Read on to learn the requirements payers must meet to comply with CMS -0057-F.

What CMS-0057-F Means for Health Insurance Companies

In January 2024, CMS finalized its interoperability and prior authorization rule that requires various healthcare insurance entities to abide by the latest electronic health information exchange and prior authorization process for clinical services. These policies aim to enhance prior authorization and efficiency for care providers, payers and patients. The CMS estimates the process would save approximately $15 billion in ten years. 

The Rule mandates impacted payers to implement Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®) Prior Authorization application programming interface (API), facilitating automated prior authorization processes. Medicare FFS electronic prior authorization API provides evidence of advantages other payers would get on implementing a similar API. 

CMS has extended payers’ compliance dates to the new rule to January 2027, giving payers more time for implementation. Payers would be required to expand patient access APIs and implement Provider Access APIs.

Payers are also mandated to implement payer-to-payer data exchange policies with patients’ permission using a Payer-to-Payer FHIR API when patients change or include multiple concurrent payers. This will enable efficient data exchange among concurrent payers, improving quality of reporting programs. 

Health insurance companies will benefit from the policy enforcing discretion for the Health Insurance Portability band Accountability Act of 1996 (HIPAA) X12 278 measures, which provide flexibility in implementing APIs.

Cumulatively, these policies focus on creating a more efficient prior authorization process, supporting better access to health data, quality and timely care. 

Who Must Comply with CMS-0057-F?

The CMS-0057-F mandates compliance from various stakeholders within the health care system. Organizations and entities that must comply with the stated policies include:

  • Medicare Advantage (MA) organizations
  • Medicaid managed care plans
  • Medicaid and the Children’s Health Insurance Program (CHIP)
  • CHIP managed care entities
  • Free-for-service (FFS) programs 
  • Issuers of Qualified Health Plans (QHPs) offered on the Federally Facilitates Exchange (FFEs) 

According to CMS, these “impacted payers” must abide by the provisions for improving the electronic exchange of health data and creating an efficient prior authorization process for clinical services and equipment. 

The impacted payers need to comply with these policies to improve interoperability, reduce administration cost and improve quality and timely access to care for patients across the healthcare system.  

What must be done to Comply with CMS-0057-F

To effectively comply with the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F), impacted payers must implement multiple key actions including:

  • Streamlining the PA process by implementing expedited decision timelines for urgent and non-urgent PA requests to facilitate timely approval or denial of clinical services. Impacted payers are required to send prior authorization decisions within 72 hours for urgent requests and within seven days for non-urgent requests.
  • Providing comprehensive and accurate reasons for request denial to facilitate efficient resubmission or appeal when necessary
  • Extending the timeline for compliance with API policies from January 2026 to January 2027, creating sufficient time for implementing interoperability requirements
  • Exchanging data through Payer-to-Payer FHIR APIs to enhance patients’ easy transition from one payer to another or include several concurrent payers
  • Reporting the use of prior authorization APIs as part of quality reporting programs to foster PA implementation and demonstrate compliance with CMS requirements
  • Implementing  HL7® FHIR® prior authorization APIs to streamline and automate the PA process
  • Exercising enforcement discretion for HIPAA X12 278 measures, which allow impacted payers to opt for an all-FHIR-based prior authorization API implementation without necessarily being enforced against under HIPAA administrative simplification, enhancing flexibility in the use of APIs
  • Expanding patients’ and care providers’ access to APIs. Patients Access APIs allow patients access to prior authorization data, while provider access APIs enable care providers to access and retrieve patient information, including claims and clinical and prior authorization policies.
  • Publicly reporting prior authorization measures employed by all impacted payers.

These compliance requirements are meant to facilitate the efficient adoption of electronic processes, streamline information exchange and enhance the overall access and utilization of patient data in the healthcare system.

Technologies to Ease the Burden of Compliance

The new CMS offers multiple opportunities for impacted payers and providers. However, for organizations unsure how to effectively implement these policies, compliance with CMS can be daunting due to the several measures you need to meet.

Fortunately, CMS proposes various technologies you can implement to facilitate quick, practical actions that would ease the burden of compliance, speeding up the prior authorization process. 

Fast Healthcare Interoperability Resources (FHIR®)

One of the most efficient technologies for the impacted payers is the FHIR®. This program will facilitate implementation and compliance with the new CMS policies and allow impacted payers to realize the benefits of automated prior authorization. 

Although CMS considers Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®) Prior Authorization APIs essential for compliance with the new rule, the technology poses a significant challenge. Your organization may be reluctant to implement a technology solution that your IT department has to learn from scratch to handle for efficient implementation.

Effective implementation of technologies such as HL7® FHIR® is the precise reason Penrod recommends Salesforce.

Improve Compliance to CMS-0057-F with Penrod’s Salesforce

Salesforce allows payers to convert data into FHIR® compatible and seamlessly share the coveted data with related entities for efficient prior authorization, care continuity and long-term healthcare value. 

Salesforce converts thought leadership, innovation, and grit into efficient, tailored solutions. We are committed to helping companies and the patients they serve by being students of sport, creating authentic relationships and innovating solutions that improve outcomes – and helping providers automate prior authorization.

Ready to get started?

Let's talk compliance.

Pick out a time that works for you on the right and we'll talk!