Topics
More on Policy and Legislation

CMS receives payer pushback on final interoperability and prior authorization rule

Rule requiring payers to implement APIs for data sharing and to streamline prior authorization is "half-baked," AHIP says.

Mallory Hackett, Associate Editor

The Centers for Medicare and Medicaid has finalized its interoperability and prior authorization rule, just over a month after it was proposed.

The rule is intended to improve the way data is shared between stakeholders to ease the burden providers have when seeking prior authorizations, ultimately freeing them to spend more time with patients.

It will require Medicaid, CHIP and individual market Qualified Health Plans (QHP) payers to build, implement and maintain application programming interfaces (APIs) that can enable provider access to their patients' data and streamline the prior authorization process.

HIMSS20 Digital

Learn on-demand, earn credit, find products and solutions. Get Started >>

Although Medicare Advantage plans are not included in this final rule, CMS said it was considering including them in future rulemaking.

WHAT'S THE IMPACT

Prior authorization – an administrative process used in healthcare for providers to request approval from payers to provide a medical service, prescription, or supply – takes place before a service is rendered.

The APIs must be built to the Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) standard so that providers can know in advance what documentation would be needed for each different payer and to enable the entire prior authorization process to be handled directly from the provider's EHR system.

The rule also requires that payers respond to prior authorization requests within three days for urgent requests and seven calendar days for non-urgent requests. For any denials, the rule specifies that the payer must provide a specific reason why. Additionally, the rule requires these payers to make public their prior authorization metrics to demonstrate how many procedures they are authorizing.

The APIs built by these payers would also give patients access to their own health information, so when they move from plan to plan or change providers, they can take their data with them.

PAYER RESPONSE

America's Health Insurance Plans spoke out against the rule in a statement from president and CEO Matt Eyles.

The statement blasted CMS for rushing the finalization of the rule and said it was "shabbily and hastily constructed." It compared the rule to putting "a plane in the air before the wings are bolted on" because insurers are required to build these technologies without the necessary instructions.

While AHIP insisted the nation's health insurers are committed to creating a better-connected healthcare system, it says the rule cannot be implemented as is, puts patient data at risk and distracts stakeholders from defeating COVID-19.

THE LARGER TREND

CMS first introduced this rule in December 2020. It was met with mixed reactions from providers as the American Hospital Association applauded the efforts to remove barriers to patient care by streamlining the prior authorization process, but it was disappointed that Medicare Advantage plans were left out.

ON THE RECORD

"Today, we take a historic stride toward the future long promised by electronic health records but never yet realized: a more efficient, convenient, and affordable healthcare system," said CMS Administrator Seema Verma. "Thanks to this rule, millions of patients will no longer have to wrangle with prior providers or locate ancient fax machines to take possession of their own data. Many providers, too, will be freed from the burden of piecing together patients' health histories based on incomplete, half-forgotten snippets of information supplied by the patients themselves, as well as the most onerous elements of prior authorization. This change will reverberate around the healthcare system for years and decades to come."

"Health insurance providers are committed to achieving a well-connected health care system that works better for patients, providers, and all stakeholders," Matt Eyles, the president and CEO of AHIP said in a statement. "But this half-baked, midnight rule cannot be implemented as written, leaves patients' sensitive data vulnerable to bad actors, and detracts from the critical work at hand defeating COVID-19."

Twitter: @HackettMallory
Email the writer: mhackett@himss.org