Embracing the Opportunity of the CMS Final Rule
While many impacted payers may view complying with the CMS Interoperability and Prior Authorization final rule as a check-the-box exercise, we believe it’s much more than that. We see it as an opportunity for all payers to enhance their data sharing practices, streamline processes, and reduce administrative burden. By embracing the final rule, payers can foster better collaboration in healthcare and ultimately improve patient outcomes.
To get started on this important journey, we recommend payers begin with a number of administrative and process-oriented actions that set the foundation for the technical work. 1upHealth recently published a how-to guide called “Payer’s Playbook: CMS Interoperability Final Rule” that highlights these initial actions.
Here are some to get you started:
Evaluate your prior authorization ecosystem for Patient Access API
One significant change introduced by the final rule is the inclusion of prior authorization data in the Patient Access API. For many payers, the prior authorization process is managed across multiple systems or vendors. This means that even before figuring out what data to make available, payers will need to evaluate their existing prior authorization ecosystem to determine what other systems and third parties need to be involved.
Opting out (and back into) Provider Access API
Per the final rule, the opt-out process for Provider Access API needs to be available and accessible to members prior to the enforcement date of January 1, 2027 and prior to the sharing of data, and at all times thereafter. This means that payers must consistently monitor and maintain those processes for updates to ensure appropriate enforcement. For the avoidance of doubt, this process must include the ability to opt out of data sharing and the ability for a member to opt back in.
Unlike the Patient Access API that is required to have an authentication process built into the technical infrastructure, the opt-out process for the Provider Access API will need to be driven and managed primarily through administrative processes.
Responding to valid requests as part of Payer-to-Payer API
For the Payer-to-Payer API, payers will need to do some administrative work with respect to responding to valid requests received from other payers. In addition to validating the identity of the payer to confirm they’re a legitimate healthcare organization – which can be accomplished with an established endpoint vetting process managed by either the payer or their desired vendor – responding payers will also need a process to take the demographic/identifying data received from the requesting payer and use it to identify whether they have information for such member in their system.
This means that responding payers need a system for patient matching. That being said, nothing in the regulation requires the responding payer to do any sort of entity resolution. If no match is generated, or alternatively, more than one match is generated, the payer simply needs to return an error.
There’s a lot of work to get done between now and the January 1, 2027 deadline
It’s clear that the CMS Interoperability and Prior Authorization final rule isn’t just a set of regulations, it’s a roadmap reshaping how data is shared across the healthcare ecosystem. While it’s incredibly easy to get hung up on the costs associated with the requirements, the most successful payers will be those that look beyond compliance to focus on the opportunity to improve interoperability and the overall delivery of healthcare in this country.
This blog only scratches the surface of the non-technical actions you’ll need to take to position your organization for compliance by the January 1, 2027 deadline and the real interoperability opportunity that lies beyond. To read about all the administrative and process actions to take, download and read the full Playbook.