In our recent webinar entitled “Breaking Down the Final Rule: Takeaways and Actions”, our panel of regulatory and health data interoperability experts discussed key highlights of the CMS Interoperability and Prior Authorization final rule (published in January 2024), along with recommended actions organizations should take to get on the road to compliance.
Key Topics Covered By Our Experts:
Expansion of the existing Patient Access API requirement.
The final rule states that, in addition to claims, clinical, and encounter data, impacted payers must make available via the Patient Access API data on all active prior authorization requests and for any prior authorization requests that have had a status update within one (1) year, the following data, to the extent maintained, no later than one (1) business day after receipt of such request or of a status change to an existing request.
Two actions recommended by our experts to ready your organization to meet the Patient Access API requirement are to begin to track usage and to add all lines of business, among other key actions.
The net new requirement for a Provider Access API.
The final rule states that impacted payers must make available to in-network or enrolled providers all claims, encounter, and clinical data maintained by the payer for encounters with a date of service on or after January 1, 2016 and all prior authorization data for any active request or requests that have had a status change within one (1) year prior within one (1) business day from the receipt of a valid request from the provider.
Two actions recommended by our experts to ready your organization to meet the Provider Access API requirement are to start with VBC partners and to begin to define attribution programming, among other key actions.
A modification to the existing Payer-to-Payer API requirement.
The final rule states that, by start of coverage, impacted payers must (a) provide its active members with the opportunity to identify their previous and concurrent payer(s) and opt in to data sharing; (b) within one (1) week of receipt of the foregoing information, request all claims, clinical, and encounter data maintained by the identified payer(s), for encounters with a date of service within five (5) years from the date of request, as well as prior authorization data for any active requests or requests that have had a status change within one (1) year prior, not including denied requests; and (c) must make available in response to a valid request within one (1) business day, all claims, clinical, and encounter data maintained by the payer, for encounters with a date of service within five (5) years from the date of request, as well as prior authorization data for any active requests or requests that have had a status change within one (1) year prior, not including denied requests.
Two actions recommended by our experts to ready your organization to meet the Payer-to-Payer API requirement are to build the internal capabilities to leverage this information and to begin to review policies and workflows, among others.
The new Prior Authorization API requirement.
The final rule states that impacted payers must make available to providers a Provider Authorization API that: provides a list of all covered items or services offered by the payer that requires prior authorization; identifies all required documentation that the provider must submit in connection with the request; supports a HIPAA-compliant prior authorization request and response; and communicates the status (approval, denial, more information) of a standard prior authorization request as soon as possible but no later than seven (7) calendar days and, for an expedited prior authorization request, as soon as possible but no later than seventy-two (72) hours.
Two actions recommended by our experts to ready your organization to meet the Prior Authorization API requirement are to audit which organizations and vendors touch prior authorization today and to begin reporting, among others.
Start Today to be in Compliance in Time
The overall sentiment expressed by our experts is for organizations to start now. The best way to start is to fully understand the requirements and the best first steps. You can begin by:
- Watching the recorded session to hear all the key actions shared.
- Reviewing the slides presented.
- Visit our page on frequently asked questions surrounding the Interoperability and Prior Authorization final rule.