CMS Prior Authorization Final Rule: A Guide For Payers and Providers

The Centers for Medicaid and Medicare (CMS) finalized the CMS Interoperability and Prior Authorization Final Rule in January 2024. This marked an important step toward the organization’s long-term goal of streamlining data exchange and management across the U.S. healthcare system and, more specifically, driving significant improvements in the prior authorization process.

The rule is designed to benefit payers, providers, and patients alike, reducing administrative burdens for providers and payers while also creating greater transparency, access to information, and quality of care across the patient journey.

But while the benefits of the rule are undeniable, the journey to achieving them will be complex and challenging for many organizations. Implementation deadlines are still more than a year away (starting in 2026), but the time is now for data and IT leaders to plan strategies for compliance.

In this guide, we’ll explain what payers and providers need to know about the CMS Prior Authorization Rule, answer important FAQs, walk through common challenges to healthcare data interoperability, and detail the tools and best practices you need to prepare.

Key Takeaways:

• The CMS Interoperability and Prior Authorization Final Rule mandates significant improvements in prior authorization processes, payer-provider data exchange, and patient communication.
• All Medicare Advantage organizations, state Medicaid, and CHIP programs must upgrade their systems to comply with new API requirements by 2026.
• Healthcare providers participating in MIPS must integrate electronic prior authorization into their workflows to improve patient outcomes and streamline administrative tasks.
• For many payers and providers, getting into compliance with the new rule comes with challenges around technical integration, data quality, security, and more.
• Robust, platform-based solutions are key for streamlining data exchange, maintaining accurate master data, eliminating silos, and keeping data secure.
  
  

CMS Interoperability and Prior Authorization Final Rule: An Overview

The CMS Interoperability and Prior Authorization Final Rule mandates new requirements for Medicare Advantage organizations, state Medicaid and CHIP fee-for-service (FFS) programs, and Medicaid managed care plans, requiring specific steps toward improving data exchange capabilities, transparency, and turnaround times for prior authorization decisions.

The rule’s primary goal is to facilitate better communication between providers, payers, and patients so that patients can receive timely access to necessary medical procedures. It’s enforcement will:

1. Streamline data sharing for real-time access to information so that providers can make better clinical decisions
2. Optimize internal processes to reduce administrative workloads and eliminate bottlenecks that slow decisions
3. Elevate requirements for communicating prior authorization decisions to create a greater shared understanding between payers, providers, and patients, and drive faster subsequent action

Organizations impacted by the rule are required to meet specific milestones by set deadlines. Most major requirements are to be fulfilled by early 2026, and full compliance is required by January 2027.

What Payers and Providers Need to Know

The CMS Prior Authorization rule applies to payers and providers in different ways. Here’s what to know about how it will impact your organization:

1. What are the requirements for payers?

The foundation of the new rule is its API implementation requirements. Payers will have to implement three types of APIs to be compliant. These include:

• Patient Access API: Must include information on prior authorizations, thereby helping patients understand how their care is managed and approved
• Provider Access API: Must allow in-network providers access to patient claims and data, USCDI data elements, and certain prior authorization information to facilitate well-coordinated care
• Payer-to-Payer API: Must allow payers to access historical records from other payers to ensure continuity of care when a patient switches payers

The rule also requires payers to communicate electronically about prior authorization decisions and to provide more specific information. All approvals must state the exact duration of the authorization, all denials must include specific reasoning, and all requests for additional information must outline which documents are needed to move the authorization forward.

Finally, the rule introduces stricter turnaround times for prior authorization decisions to expedite patient access to necessary medical services. More specifically, the rule maintains its mandate that payers deliver decisions on urgent requests within 72 hours, but adjusted turnaround time on standard requests from 7 to 14 calendar days.

Beginning in March 2026, impacted payers will also be required to report on turnaround time metrics, a measure to drive higher compliance and better patient care delivery.

2. What are the requirements for providers?

Providers, particularly those participating in the Merit-based Incentive Payment System (MIPS), face specific requirements under the CMS Interoperability and Prior Authorization Final Rule. MIPS is a critical part of CMS’s Quality Payment Program, which adjusts Medicare payments based on evidence-based and practice-specific quality data.

MIPS evaluates providers across four performance categories: Quality, Cost, Improvement Activities, and Promoting Interoperability. In the Promoting Interoperability category, which focuses on the use of certified electronic health record technology (CEHRT) to improve outcomes, the rule introduces specific mandates around electronic prior authorization.

Eligible clinicians and hospitals are required to attest to using Prior Authorization APIs to submit at least one prior authorization request electronically during the performance period. This requirement aims to streamline the authorization process by integrating it directly into providers’ daily workflows in their EHR systems.

This integration not only simplifies the administrative aspects of healthcare delivery but also aligns with the broader goals of improving patient access to services and reducing wait times for necessary medical interventions.

Challenges to Compliance

In the wake of the CMS Prior Authorization rule’s finalization, the bottom line for payers and providers is that they can no longer delay the modernization of their data systems. Data management strategies, IT infrastructures, and administrative processes must all be aligned in order to meet new requirements and ensure a smooth transition to the rule’s API-based authorization systems.

Like any transformative IT initiative, this will come with a number of challenges for many organizations, including:

Technical Integration of APIs

Many payers and providers will need to significantly update their legacy systems or transition to new ones altogether in order to integrate now-required APIs. This process demands high levels of specialized expertise that internal teams may not readily possess.

Data Quality and Accuracy

Meeting new standards for prior authorization will require accessible, accurate data. Data quality issues and/or master data problems due to fragmented and siloed data sources will be exacerbated by the rule’s stricter requirements. Payers and providers must address these issues now in order to avoid bigger problems in the future.

Privacy and Security Compliance

As data exchange expands across payer/provider networks, so must cybersecurity measures that ensure data privacy and protect IT environments from breach. This requires prioritizing security alongside other transformation efforts, and maintaining a robust security strategy across integrated systems.

Cost Control

The implementation of new systems and protocols mandated by the CMS rule demands substantial financial and time investments. Organizations must strategically manage these costs, ensuring that they effectively balance the necessary expenditures with their existing operational budgets to maintain financial stability.

Scalability and Agility

The healthcare IT landscape is always evolving—new regulatory standards, technology advancements, changing market trends happen at a more rapid pace than ever before and require organizations to think not only about current needs but those that may emerge in the future.

A challenge for payers and providers going forward will be not only getting into compliance with this current CMS Prior Authorization rule, but designing IT systems and infrastructures that are scalable and agile enough to be realigned with changing requirements.

How Gaine Can Help

The requirements outlined by the CMS Interoperability and Prior Authorization Final Rule (and the subsequent challenges they’ve created) ultimately present new opportunities to modernize and enhance systems with robust, scalable solutions that prepare organizations for the future.

Demand has never been greater for these kinds of solutions, which help to break down data silos, create smoother data flows, automate tasks, and improve accuracy and visibility across healthcare ecosystems.

Gaine is at the forefront of this industry-wide transition, with deep expertise in MDM and data flow optimization, and ecosystem-wide platform solutions built specifically to address the needs of healthcare payers and providers.

With Gaine, you can confidently take the steps needed to meet new regulatory standings and maximize ROI on your entire IT environment—all while ensuring it’s compliant and secure.

Contact our team today to learn more about how Gaine can help you transform.