Featuring: Cara Tucker | Legal Counsel-Regulatory
CMS is accepting comments until March 13 on its proposed rule to improve interoperability between payers and providers and eliminate barriers in the prior authorization process that put undue burden on providers and potentially put patients at risk.
Among other proposed changes to take effect in 2026, payers would be required to implement and maintain APIs — sets of published protocols that allow different software programs to securely communicate with one another and transmit information — to support an automated prior authorization process and electronically exchange data with providers. However, this proposed rule falls short of requiring the use of certain Fast Healthcare Interoperability Resources® (FHIR) Implementation Guides (IGs), leaving room for implementation variation that could potentially limit interoperability and frustrate lasting change and improvement within this space.
Summary of Key Proposed Changes
The following proposed requirements would apply, with some exceptions, to Medicare Advantage plans, Medicaid managed care and fee-for-service plans, Children’s Health Insurance Program (CHIP) managed care and fee-for-service arrangements, and Qualified Health Plans (QHP) on the health insurance marketplace, HealthCare.gov. These requirements would not apply prescription drugs or to employer-sponsored health coverage.
Payers to Implement + Maintain an API to Automate the Prior Authorization Process
While acknowledging the key role prior authorization can play in the healthcare system, CMS summarized feedback received from various stakeholders by stating, “the prior authorization process is a primary source of burden for both providers and payers, a major source of burnout for providers, and can become a health risk for patients if inefficiencies in the process cause care to be delayed.”
In this rule, CMS would require payers to implement and maintain a FHIR Prior Authorization Requirements, Documentation, and Decision API, or PARDD API. Here’s how it would work:
- The PARDD API would automate the prior authorization request process for providers by allowing a provider to query the payer’s system to determine whether a prior authorization was required for certain items and services and identify documentation requirements.
- The API would then automate the compilation of necessary data to populate the HIPAA-compliant prior authorization transaction.
- Payers would then use the PARDD API to provide the status of the prior authorization request, including whether it was approved or denied.
Payers to Respond to Prior Authorization Requests Within Certain Timeframes
Payers would be required to give prior authorization decisions within 72 hours of receiving an expedited request and within seven days of receiving a standard request.
Payers to Provide the Specific Reason for Prior Authorization Details
Payers would be required to give providers the specific reason for any denial related to prior authorization and to make that specific reason for denial available to the patient via the Patient Access API. The specific reason would be required regardless of the mechanism used to submit the prior authorization request.
Payers to Publicly Report on Prior Authorization Metrics
Payers would be required to publicly report certain aggregated metrics about prior authorization by posting them directly on the payer’s website or via a publicly accessible hyperlink(s).
Payers to Implement + Maintain a Provider Access API
In addition to the PARDD API, payers would be required to implement and maintain a Provider Access API, which would be a payer-provider data exchange available only to providers in the payer’s network. With two exceptions for remittances and cost sharing information, it would include the same data elements for patient items and services that are available in the existing Patient Access API, noting there will be a new requirement for both APIs to include prior authorization requests and decisions. CMS intends the Provider Access API to better facilitate coordination of care, and support movement toward value-based payment models.
New Reporting Measure for Critical Access Hospitals + MIPS-Eligible Clinicians + Hospitals
To promote provider adoption and use of the PARDD API, CMS proposes a new reporting measure under the Health Information Exchange objective in the Merit-based Incentive Payment System (MIPS) Promoting Interoperability performance category and the Medicare Promoting Interoperability Program, beginning with the reporting period in calendar year 2026. This requirement would apply to MIPS-eligible clinicians under the Promoting Interoperability performance category of MIPS and eligible hospitals and critical access hospitals (CAHs) under the Medicare Promoting Interoperability Program. A MIPS-eligible clinician, eligible hospital, or CAH would be required to report a numerator and denominator or (if applicable) an exclusion.
The denominator would be the unique prior authorizations requested for medical items and services, excluding drugs, ordered for patients discharged from the eligible hospital or CAH inpatient or emergency department (place of service (POS) code 21 or 23) during the EHR reporting period, excluding prior authorizations that cannot be requested using the PARDD API because the payer does not offer an API that meets the PARDD API requirements. The numerator would be the unique prior authorizations in the denominator that are requested electronically from a PARDD API using data from certified electronic health record technology (CEHRT). Certain exclusions would apply.
Regarding this proposal, CMS seeks comment on whether it should consider alternatives to these proposed reporting measures and what challenges providers would face in identifying payers with PARDD API technology to accurately report the denominator data.
Submit a comment at Regulations.gov voicing your organization’s opinions on these changes before March 13.
Cara Tucker has been an attorney for over 10 years, specializing in healthcare and regulatory compliance. She currently serves as legal counsel managing regulatory updates at Ensemble Health Partners, developing legally based strategies and procedures to holistically resolve systemic payor issues to increase revenue, reduce administrative burdens and mitigate risk.
These materials are for general informational purposes only. These materials do not, and are not intended to, constitute legal or compliance advice, and you should not act or refrain from acting based on any information provided in these materials. Neither Ensemble Health Partners, nor any of its employees, are your lawyers. Please consult with your own legal counsel or compliance professional regarding specific legal or compliance questions you have.