<img height="1" width="1" style="border-style: none;" alt="" src="//googleads.g.doubleclick.net/pagead/viewthroughconversion/1064346053/?value=0&amp;guid=ON&amp;script=0">

CMS’ New Rules to Address Prior Authorization for Patient and Provider Interests

Hands having discussion over graphs and laptop

By Shobhit Saran - Asst. Vice President, Health Plans Consulting, Gati Patel – Healthcare Business Analyst, FAST+

CMS has released a proposed rule late last year to enhance certain policies under the Interoperability and Patient Access Rule established in March 2020. The objective is to reinforce this rule by further improving health information exchange and obtain member health records at a single location to reduce burden on payers, providers, and members.

The enforcement date for this rule is 1st January 2023, and will be applicable to Medicaid programs, the Children’s Health Insurance Programs (CHIP), and Qualified Health Plan (QHP) issuers on the individual market Federally Facilitated Exchanges (FFEs). However, it will not be applicable to Medicare Advantage (MA) plans.

CMS’s proposed rule will include policies to enhance the current Application Programming Interfaces (APIs) from CMS interoperability rule such as patient access API and payer to payer API. There are few new APIs and requirements proposed to improve the overall prior authorization process.

Summary: Provisions of the Proposed Rule



API Status


Prior Authorization Support (PAS) API

For providers to send prior authorization requests and receive responses electronically, in coordination with existing HIPAA X12 transactions.



Document Requirement Lookup Service (DRLS) API

For providers to electronically inquire about prior authorization requirements for a specific payer and items / services.



Provider Access API – Claims, Clinical and Prior Auth Data

Similar to patient access API, payers to expose an API for providers to access their attributed patient’s data, except for remittance and cost related data.



Patient Access API – Active & Pending Prior Auth

Share member’s prior auth details, in addition to existing patient access API to share claims, clinical & encounter data



Payer to payer Data Exchange – Claims & Prior Auth data

In addition to clinical data, APIs to share claims and active & pending prior auth data.


Impacted payers will need to set-up the required infrastructure as per CMS’ API guidelines (FHIR version 4.0) and security requirements (OAuth2.0 and SMART app launch framework). The APIs will need to be based on industry standard implementation guides proposed by the CMS. Additional implementation guides necessary are HL7 Da Vinci’s:

  • Prior Authorization Support (PAS)
  • Payer Coverage Decision Exchange (PCDE)
  • Documentation Templates and Rules (DTR)
  • Coverage Requirements Discovery (CRD)

In addition to building APIs, CMS has proposed further requirements to measure the impact of the rule and streamline certain processes:

1. Third Party Attestation Process: CMS expects payers to establish, implement, and maintain an attestation process mandatorily, for third-party application developers to attest to certain privacy policy provisions prior to retrieving data via the payer’s Patient Access API.

2. Patient Access API Metrics: Impacted payers to report metrics quarterly to CMS about list of unique patients that have requested data from the API, to assess impact of the patient access API.

3. Denial Reason for Prior Auths: Payers to specific reasons for denial when denying a prior authorization request, regardless of the method used to send the prior authorization decision, to facilitate better communication and understanding between the provider and payer.

4. Shorter Prior Auth Timeframes: Payers to shorten prior auth decision for both urgent and standard requests.

5. Prior Auth Metrics: Impacted payers to publicly report (on website) on each plan, data against metrics proposed by CMS to improve transparency in the prior authorization process.

Impact of the CMS’s proposed rules

  • Members will be able to track their prior auth requests and estimated treatment dates, which will provide members with a seamless experience.
  • Cost reduction for payers after the prior auth workflow related APIs are established.
  • Prior auth timeframes will be shortened, along with provider access to information on prior auth requirements for a specific payer and service.
  • Payer-to-payer data exchange: current payers will have data on active prior authorizations for a member, which will eliminate duplication of prior auth requests when members switch plans.


Related to topics:

Explore other blogs

CMS 21st Century Cures IPA Rule & its Impact on State Health Agencies
CMS 21st Century Cures IPA Rule & its Impact on State Health Agencies
Analytics Opportunities for Payers from CMS Regulations
Analytics Opportunities for Payers from CMS Regulations
Payviders: Enhancing the member experience by creating more personalized digital touchpoints I Part 2 of 2
Payviders: Enhancing the member experience by creating more personalized digital touchpoints I Part 2 of 2


No items currently match your filtering criteria.