What’s happening: The Centers for Medicare & Medicaid Services (CMS) has finalized policies to advance interoperability and streamline prior authorization processes by using application programming interfaces (API) technology.
What else to know: The final rule also requires payers to provide a specific reason for denied prior authorization decisions and publicly report certain prior authorization metrics.
CMS has issued a final rule that will require Medicare Advantage organizations, Medicaid, the Children’s Health Insurance Program (CHIP) fee-for-service programs, Medicaid managed care plans, CHIP managed care entities, and issuers of qualified health plans offered on the Federally-Facilitated Exchanges, to improve the electronic exchange of health information and prior authorization processes for medical items and services. The policies established in the final rule are generally effective in 2026 and 2027.
Key highlights of the final rule include:
- Prior Authorization API: Impacted payers will be required to implement and maintain a prior authorization API that is populated with its list of covered items and services, can identify documentation requirements for prior authorization approval, and supports a prior authorization request and response by Jan. 1, 2027.
- Prior Authorization Decision Time Frames: Impacted payers will be required to send prior authorization decisions within 72 hours for expedited requests and seven calendar days for standard requests.
- Provider Notice, Including Denial Reason: Beginning in 2026, impacted payers must provide a specific reason for denied prior authorization decisions, regardless of the method used to send the prior authorization request.
- Prior Authorization Metrics: Impacted payers must publicly report certain prior authorization metrics on their website, beginning in 2026.
- Electronic Prior Authorization Measure for Eligible Hospitals and Critical Access Hospitals: Beginning with the calendar year 2027 performance period, a new measure is added to the Promoting Interoperability Program that will require hospitals to attest yes to requesting a prior authorization request electronically via a prior authorization API using data from certified electronic health record technology for at least one hospital discharge and medical item or service.
- Provider Access API: Beginning Jan. 1, 2027, impacted payers must implement and maintain a provider access API to share patient data with in-network providers with whom the patient has a treatment relationship.
