State Adoption of CMS FHIR APIs: California & Tennessee Lead the Way

Over the course of the last few years, we’ve seen an uptick in both federal and state interoperability regulations. This is not an uncommon trend. Normally, the federal government creates a regulatory scheme and then states decide to either adopt or expand on some or all of the requirements in their own policies. 

In healthcare, we’ve seen this pattern play out most notably with regard to privacy requirements. While all states are required to abide by the Health Insurance Portability and Accountability Act (HIPAA), some states have gone further than HIPAA, adding more privacy and consent requirements to their policies. 

Another, more timely, example of this is the adoption of The Centers for Medicaid and Medicare Services’ (CMS) interoperability requirements outlined in the Interoperability and Patient Access final rule and the Advancing Interoperability and Promoting Prior Authorization final rule (Interoperability final rules) by states – namely California and, more recently, Tennessee – for their commercially licensed healthcare service plans. 

How are California and Tennessee Leading the Way?

In September of 2022, California Senate Bill 1419 (SB 1419) was finalized to require all healthcare service plans licensed by the California Department of Managed Healthcare to establish and maintain a Patient Access API and a Provider Directory API, each as outlined in the CMS Interoperability final rules, by January 1, 2024 (extended to January 1, 2025 in December of 2023). 

More recently, in its Senate Bill 2012 finalized on May 6, 2024, Tennessee became the second state to adopt the CMS Patient Access API and Provider Directory API requirements for all health insurance entities licensed with the Tennessee Department of Health, mandating that such entities establish and maintain these APIs by July 1, 2024. (Please note, July 1, 2024 is the enforcement date provided in the draft Senate Bill. An official enforcement date has not been listed on the Tennessee General Assembly website and is subject to change.) 

In addition, both California and Tennessee licensed entities are further required to establish and maintain a Payer-to-Payer Data Exchange API, a Provider Access API, and a Prior Authorization Support API, in accordance with the final rules “published by the federal government” (i.e., by January 1, 2027, unless otherwise extended by CMS and/or the respective state).  

What is most notable about state adoption of these federal requirements, is that in doing this, the states are able to unilaterally expand the scope of these requirements beyond just federally-funded payers. All plans licensed by each respective state, including commercial and speciality plans, are required to maintain these APIs on behalf of all of their members. As a result, these APIs will impact a much broader population and ensure a far richer data set for those members who are newly eligible for Medicare and/or Medicaid services and otherwise would not be able to fully benefit from the CMS APIs. 

It will be really interesting to evaluate how the expansion of the population eligible to leverage the APIs will ultimately affect the use of such APIs. Currently, the key populations targeted by the CMS Interoperability final rules include: people over the age of 65; children under the age of 19; and individuals with income under $15,000. While this population is certainly capable of leveraging this technology, they don’t holistically represent the definition of an ideal target population for these types of services. With the expansion of these APIs to a broader population, especially in a post-pandemic era where technology-reliance has only increased, it seems very likely that we could see a substantial increase in the utilization of these APIs

Should More States Follow Suit?

While there is no question CMS regulations will have a positive impact on interoperability, there are concerns around the level of impact given the limitations of its governing authority. While CMS has expanded an impacted payer’s obligations in the context of the Payer-to-Payer Exchange API to not only make a valid attempt to request information from member-identified commercial payers, but to also respond to valid requests from commercial payers, that is the extent of their authority with respect to commercial plans. 

The states, on the other hand, have more authority to create rules and requirements for all payers licensed to do business in their respective states, including commercial plans. It’s this very dynamic that has me thinking about where the real impetus for change should come from when it comes to interoperability in healthcare. 

While any progress towards faster, more reliable data exchange is much needed and appreciated, I do firmly believe that real change will require other states to follow California and Tennessee’s lead. While we’ve seen the adoption of other types of interoperability efforts in state-driven initiatives, more states should really consider the adoption of the CMS interoperability APIs for all of their licensed plans as part of their interoperability policies. 

Without the inclusion of commercial plans into this narrative, it’s likely that the CMS interoperability efforts may fall a little short of their intended purpose – which is to empower the individual (and their care team) to make better, more informed choices when it comes to their healthcare services. So while California was the first state, and it took Tennessee almost two years to follow suit, I’m truly hoping this is a sign that more states will jump on the FHIR API bandwagon. 

Want to learn more about California Senate Bill 1419? 

To learn more about California Senate Bill 1419, join me and my colleague Rob Nolan on Tuesday, May 21st at 11:00 AM PT for a webinar entitled, “From Regulations to Roadmaps: Your Guide to Compliance with California Senate Bill 1419.” Register here.

Share with your community

Sign up to get the latest insights and updates from 1upHealth