Plus: Feds finalize new API requirements and a MIPS measure, too. After the pandemic revealed systemic issues with access to care, the feds have tried to right this problem with new policies and programs. In the latest rule, Medicare embraces technology to improve coordination between providers, hoping to bolster equity and timely access to care. Background: On Feb. 8, the Centers for Medicare & Medicaid Services (CMS) published a regulation in the Federal Register titled the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F). The rule harnesses digital tools, increases tech requirements, and streamlines prior authorization processes. The finalized policies impact the following payers — Medicare Advantage (MA) organizations, Medicaid and the Children’s Health Insurance Program (CHIP) fee-for-service (FFS) programs, Medicaid managed care plans, CHIP managed care entities, and issuers of Qualified Health Plans (QHPs) offered on the Federally- Facilitated Exchanges (FFEs). CMS hopes the rule will help bridge care gaps, promoting better provider coordination and faster turnaround for procedures and specialty care. This latest rollout also builds on provisions outlined in both the MA and Part D final rule for contract year 2024 and the HHS Office of the National Coordinator for Health Information Technology’s (ONC’s) Cures Act final rule, which was released in 2020. “When a doctor says a patient needs a procedure, it is essential that it happens in a timely manner,” said HHS Secretary Xavier Becerra in a release. “Too many Americans are left in limbo, waiting for approval from their insurance company. Today the Biden-Harris Administration is announcing strong action that will shorten these wait times by streamlining and better digitizing the approval process.” CMS Administrator Chiquita Brooks-LaSure echoed those points. “CMS is committed to breaking down barriers in the healthcare system to make it easier for doctors and nurses to provide the care that people need to stay healthy. Increasing efficiency and enabling healthcare data to flow freely and securely between patients, providers, and payers and streamlining prior authorization processes supports better health outcomes and a better healthcare experience for all,” Brooks- LaSure said in the release. Pocket These Takeaways The final rule hits on a variety of related topics, including prior authorization, tech implementations for application programming interfaces (APIs), the HIPAA Simplification Rule, MIPS, and more. Here’s a quick breakdown of the top points you need to know: 1. Know the scoop on prior authorization. With providers’ administrative burdens at an all-time high, CMS opted to make ordering procedures and services easier in its final rule. Prior authorization “can sometimes be an obstacle to necessary patient care when providers must navigate complex and widely varying payer requirements or face long waits for prior authorization decisions,” CMS noted in a fact sheet on the rule. Beginning in 2026, impacted payers, including MA organizations, will have a new timeframe for prior authorization decisions — 72 hours for expedited and a week for standard items and services, CMS indicates. Additionally, impacted payers will need to explain their reasons for denials and furnish their prior authorization metrics, similar to how Medicare Administrative Contractors (MACs) do for traditional FFS Medicare. Interesting: “CMS noted in the reg that although the requirements do not directly pertain to traditional Medicare, the agency wants the traditional Medicare program ‘to be a market leader on data exchange’ (although CMS did not indicate how or when it plans to achieve that goal),” point out attorney Leigh Feldman with law firm McDermott Will & Emery and healthcare executive Jeffrey Davis with the firm’s affiliate McDermott + Consulting. But that doesn’t mean CMS has ignored prior authorization policymaking for FFS Medicare. In fact, the agency has added nuggets of changes across several different notices and updates, Feldman and Davis say in McDermott’s Regs & Eggs blog. For example, the agency has used the Department of Health and Human Services’ (HHS’) 402 waiver power to investigate prior authorization practices in a recent demonstration project for ambulatory surgical center (ASC) services as well as past review choice demonstrations for home health and inpatient rehabilitation facilities among other add-ins across various programs, Feldman and Davis explain. 2. Understand these API upgrades. Since ONC released the Cures Act final rule, CMS has unleashed a slew of data requirements from information blocking protocols to software regs. Connecting the dots back to current Medicare FFS standards, CMS finalized MA organizations and other impacted payers implementing Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®) APIs to improve prior authorization. These APIs “can be used to facilitate a more efficient electronic prior authorization process between providers and payers by automating the end-to-end prior authorization process,” CMS expounds. The Prior Authorization API is required by Jan. 1, 2027. Other API provisions in the final rule include: Provider Access API: With value-based care in mind, impacted payers are required to implement a Provider Access API that will facilitate patient data sharing between in-network providers. The Provider Access API must incorporate individual claims/encounter information; data alignment with the USCDI; and prior authorization data. Impacted payers have one business day to update this data when requested, and beneficiary resources must also be available in plain language, CMS says. This API goes into effect Jan. 1, 2027. Patient Access API: CMS added to existing regulations outlined in 2020 in the CMS Interoperability and Patient Access final rule for this API. Impacted payers will now need to add prior authorization metrics to the HL7® FHIR® Patient Access API to give beneficiaries more access to that information, starting Jan. 1, 2026. The data will need to be updated annually. Payer-to-Payer API: Similar to the Provider Access API, the Payer-to-Payer API must also include claims and encounter information, USCDI standards, and prior authorization measures. It needs to address requests within one business day with readily available resources in plain language for beneficiaries. The requirement start date is Jan. 1, 2027. 3. Don’t miss the MIPS PI and PI Programs tie-ins. The final rule adds an electronic prior authorization measure under the health information exchange (HIE) objective. Starting in the 2027 performance year/2029 payment year, Merit-Based Incentive Payment System (MIPS) eligible clinicians must attest to requesting a prior authorization for a service/item via a Prior Authorization API using CEHRT as a Promoting Interoperability (PI) measure. Eligible hospitals and critical access hospitals (CAHs) will attest to the request as a measure for the calendar year 2027 EHR reporting period. “Attesting ‘no’ or failing to report the measure would result in the eligible clinician, hospital, or CAH not being considered a ‘meaningful user’ of CEHRT, thereby failing to meet minimum Promoting Interoperability requirements,” caution attorneys Christine Moundas, Gideon Zvi Palte, and Carolyn Lye with law firm Ropes & Gray LLP in online legal analysis. Failure to meet the “meaningful user” requirements will result in a score of zero for MIPS clinicians. This will “lead to a 75 percent lower annual increase in Medicare payments based on an inflation market basket update or rate of increase” for eligible hospitals; and will result in a Medicare payment reduction under the PI programs for CAHs, warn Moundas, Palte, and Lye. Heads up: Though commenters on the rule questioned CMS’ cost- and burden-saving estimates, the agency expects the cuts and measures to save providers 220 million hours of work and at least $16 billion over 10 years, the final rule indicates. Resources: Review the final rule and the CMS fact sheet.