Results

CMS - Centers for Medicare & Medicaid Services

01/15/2021 | Press release | Distributed by Public on 01/15/2021 07:20

Reducing Provider and Patient Burden by Improving Prior Authorization Processes, and Promoting Patients’ Electronic Access to Health Information CMS-9123-F: Fact Sheet

This final rule places new requirements on Medicaid and CHIP managed care plans, state Medicaid and CHIP fee-for-service programs, and issuers of individual market medical Qualified Health Plan (QHP) on the Federally-facilitated Exchanges (FFEs) to improve the electronic exchange of health care data, and streamline processes related to prior authorization. The rule requires these payers to take steps to increase patient electronic access to their health care information, and improves the electronic exchange of health information among payers, providers and patients. Together, these policies play a key role in reducing overall payer and provider burden and improving patient access to health information.

This rule includes five key provisions.

Patient Access Application Programming Interface (API)

In the Interoperability and Patient Access final rule (CMS-9115-F), we finalized our policy to require CMS-regulated payers to implement a Fast Healthcare Interoperability Resources(FHIR)-based Patient Access API. In this final rule, starting January 1, 2023, we will require certain regulated payers affected by this rule (and listed above) to include, as part of the previously finalized Patient Access API, claims and encounters, as well as information about the patient's pending and active prior authorization decisions, to ensure patients have a better access to information about the prior authorization process and its impact on their care.

This final rule also requires certain payers to establish, implement, and maintain an attestation process for third-party application developers to attest to certain privacy policy provisions prior to retrieving data via the payer's Patient Access API.

And, this rule requires certain payers to report annual metrics to CMS about patient use of the Patient Access API, which would demonstrate the uptake of the API.

Provider Access APIs

In order to better facilitate coordination of care, and in support of a move to value-based care, we are requiring these impacted payers to build and maintain a Provider Access API for payer-to-provider data sharing of claims and encounter data (not including cost data), a sub-set of clinical data as defined in the U.S. Core Data for Interoperability (USCDI) version 1, and pending and active prior authorization decisions for both individual patient requests and groups of patients starting January 1, 2023 (for Medicaid managed care plans and CHIP managed care entities, by the rating period beginning on or after January 1, 2023).

Documentation and Prior Authorization Burden Reduction through APIs

Prior authorization is an administrative process used in healthcare whereby a provider must obtain approval from a payer before providing care and prior to receiving payment for delivering items or services. While prior authorization has its benefits, patients, providers, and payers alike have experienced burden from it. And, it has been identified as a major source of provider burden. Providers expend staff resources to identify prior authorization requirements and navigate the submission and approval processes, resources that could otherwise be directed to clinical care. Patients may unnecessarily pay out-of-pocket or abandon treatment altogether when prior authorization is delayed. In an attempt to alleviate some of the administrative burden of prior authorization and to improve the patient experience, we are finalizing a number of policies to help make the prior authorization process more efficient and transparent.

Document Requirements Lookup Service (DRLS) API: We are requiring these impactedpayers to build and maintain a FHIR-based DRLS API -- that could be integrated with a provider's electronic health record (EHR) -- to enable providers to electronically locate prior authorization requirements for each specific payer from within the provider's workflow. Prior Authorization Support (PAS) API: We are requiring these impacted payersto build and maintain a FHIR-based electronic Prior Authorization Support API that would facilitate sending prior authorization requests and receiving responses electronically within their existing workflow (while maintaining the integrity of the HIPAA transaction standards).Denial Reason: We are requiring these impactedpayers to include a specific reason for a denial when denying a prior authorization request, regardless of the method used to send the prior authorization decision under existing law, to facilitate better communication and understanding between the provider and payer. Shorter Prior Authorization Timeframes:We are requiring these impactedpayers (not including issuers of individual market medical QHPs on the FFEs) to send prior authorization decisions, both through the PAS API and as otherwise required by existing requirements, within 72 hours for urgent requests and 7 calendar days for standard requests.Prior Authorization Metrics: We are requiring these impactedpayers to provide transparency by publicly reporting on the operational outcomes of the use of the plan's prior authorization policies and practices.

These prior authorization policies take effect January 1, 2024, with the initial set of metrics to be reported by March 31, 2024 (for Medicaid managed care plans and CHIP managed care entities, by the rating period beginning on or after January 1, 2024).

Payer-to-Payer Data Exchange on FHIR

In the Interoperability and Patient Access final rule (CMS-9115-F), we finalized a requirement that, at a patient's request, CMS-regulated payers must exchange certain patient health information, and maintain that information, thus creating a longitudinal health record for the patient that is maintained with their current payer. While we encouraged the use of a FHIR-based API for this data exchange, we did not require it. In this final rule, we are expanding on this concept to increase data flow among the group of payers to which this rule applies, and to improve patient access to their health information with the following additional requirements:

Payer-to-Payer API: This final rule requires the payers it regulates to exchange patient data via a FHIR-based Payer-to-Payer API, and in addition to a sub-set of clinical data as defined in the USCDI version 1, these payers are now required to exchange claims and encounter data (not including cost data), and information about pending and active prior authorization decisions, at a patient's request.

Payer-to-Payer Data Exchange at Enrollment: We are requiring that the payers the final rule regulates share claims and encounter data (not including cost data), a sub-set of clinical data as defined in the USCDI version 1, and information about pending and active prior authorization decisions at enrollment, for payers that have a specific annual open enrollment period, or during the first calendar quarter of each year, allowing patients to take their health information with them as they move from one payer to another.

These policies take effect January 1, 2023 (for Medicaid managed care plans and CHIP managed care entities, by the rating period beginning on or after January 1, 2023).

Adoption of Health IT Implementation Specifications

On behalf of HHS, the Office of the National Coordinator for Health IT (ONC) adopted the implementation specifications described in this regulation at 45 CFR 170.215-Application Programming Interfaces-Standards and Implementation Specifications as implementation specifications for health care operations. ONC is adopting these implementation specifications on behalf of HHS as part of a nationwide health information technology infrastructure that supports reducing burden and health care costs and improving patient care. By ONC adopting these implementation specifications in this way, CMS and ONC together work to ensure a unified approach to advancing standards in HHS that adopts all interoperability standards in a consistent manner, in one location, for use by individuals and entities in the public and private sectors. Adopting the specified implementation guides (IGs) to support implementation of the APIs is expected to ensure full interoperability of the APIs and reduce implementation burden.

The final rule is available to review today at: https://www.cms.gov/files/document/11521-provider-burden-promoting-patients-electronic-access-health-information-e-prior.pdf

###