The Centers for Medicare & Medicaid Services (CMS) has recently finalized its Interoperability and Prior Authorization Rule, a significant step forward in healthcare data management and accessibility. This rule arrives 13 months after its proposal and amid ongoing efforts by payers, API vendors, and app developers to adapt to the 2020 Interoperability and Patient Access Rule. Despite challenges in implementing the 2020-era APIs, the healthcare industry now faces a new set of API requirements.

Key Provisions of the New Rule:

Prior Authorization API: Payers are required to implement an API that outlines documentation needs for covered items and services. This API should facilitate requests and responses for prior authorizations, including approval decisions.

Expansion of Patient Access APIs: These APIs must now include information about prior authorization decisions, enhancing patient access to their healthcare data.

Provider Access API: Payers are mandated to develop an API that allows in-network providers to access patient data. This data scope is similar to what is available in Patient Access APIs and is intended to aid in care coordination.

Payer-to-Payer Data Exchange Deadline: Following a period of leniency after the 2020 Rule, CMS has set a 2027 deadline for the implementation of Payer-to-Payer data exchange, specifying the use of FHIR (Fast Healthcare Interoperability Resources) for data transfer.

Despite these new requirements, CMS continues to enforce the need for Provider Directory APIs, essential for facilitating various patient access scenarios. Payers who have not yet implemented these APIs, or are still resolving issues, are advised to prioritize making their API functional and compliant. Compliance can be best demonstrated through real-world application, such as using Provider Directory API data to display in-network providers for different health plans.

Enforcement and Standards:

CMS has outlined its enforcement strategies for the new and existing API requirements. These include warning letters, sanctions, civil monetary penalties, and options like suppression and decertification, varying by CMS program participation.

In terms of standards, CMS reaffirms its commitment to FHIR, specifically HL7 FHIR Release 4.0.1, as the required standard for all five APIs (Patient Access, Provider Access, Provider Directory, Prior Authorization, and Payer-to-Payer). For the Provider Directory API, CMS strongly recommends adopting the HL7 Da Vinci Payer Data Exchange (PDex) Plan Net Implementation Guide, which has already been widely embraced. The alignment of federal and state regulations with these standards is anticipated to continue growing.

API vendors and architects are advised to future-proof their designs by adhering to the stated Implementation Guides (IGs) from the outset. This approach is seen as more efficient than undergoing hurried implementations and future modifications, which could lead to significant technical debt and costly revisions.

National Healthcare Directory:

The concept of a National Healthcare Directory, first proposed by CMS in October 2022, remains under consideration. The directory, envisioned as a centralized data hub for healthcare practitioners, organizations, and their digital contact points, is not yet concretely outlined in the Final Rule. The absence of such a directory has been noted as a major challenge in advancing healthcare interoperability. CMS has expressed a commitment to exploring the development of this directory, which, if realized, would build upon the existing efforts and data gathered through current Provider Directory APIs.

Cross-Pollination of APIs:

The Final Rule and related CMS responses highlight various ways in which the Provider Directory APIs can support the functionalities of Patient Access, Provider Access, Payer-to-Payer Data Exchange, and Prior Authorization APIs. This synergy between different APIs can enhance the overall effectiveness and utility of the healthcare data exchange system.

In conclusion, the CMS Interoperability and Prior Authorization Rule marks a significant step in advancing healthcare interoperability and data accessibility. The rule sets forth comprehensive requirements and standards for APIs, underlining the importance of seamless data exchange and access in the healthcare system. As the industry continues to evolve and adapt to these requirements, the focus on efficient, standardized, and future-proof API implementation will be crucial for achieving the desired outcomes in healthcare data management and patient care.