Skip to main content

FHIR: Two New Rules in One

The NPRM on Interoperability and Prior Authorization became a final rule in record time: Reducing Provider and Patient Burden by Improving Prior Authorization Processes, and Promoting Patients’ Electronic Access to Health Information CMS-9123-P.  The new final rule is under administrative review but is likely to be re-issued this Spring.

There is much to digest in the new rule, but here’s my main takeaway: Although it’s technically one rule, we’re essentially looking at two unrelated rules in one.

Another takeaway: The affected payers are Medicaid, CHIP, Medicaid or CHIP MCOs, and Qualified Health Plans on the federal exchange. The rule excludes Medicare and Medicare Advantage. This is different than the original Final Rule on Interoperability and Patient Access CMS-9115-F, which included Medicare and Medicare Advantage.

Now, back to the two main parts of the rule.

Access to Prior Authorization information

The first part of the new rule is basically an extension of the current Interoperability and Patient Access final rule (CMS-9115-F). The new rule requires impacted payers to now include information about the patient’s pending and active prior authorization decisions as part of the already established FHIR-based Patient Access API. This is accomplished through an additional required Implementation Guide. This will give patients direct access to current PA information no more than one day after a change is applied.

An even greater impact to the healthcare community is the authorization of two additional stakeholders to directly access the same FHIR-related health information – excluding the financial elements – that is available to the patients. This means the prior authorization data must be included in the Payer-to-Provider API and in the Payer-to-Payer bulk FHIR transfer.

Payer-to-Provider: Providers must be able to request and access a patient’s healthcare information from a payer in real time from their Health Information Exchange (HIE) solution. This is to support care coordination and to supply data such as medication histories or problem lists prior to or during a patient visit.

Payer-to-Payer: Using Bulk FHIR Transfer, a payer system can request the health data of a list of beneficiaries from another payer. The content is the same as shared with the Payer-to-Provider interface. An example of when this is beneficial is when a state Medicaid agency creates an auto-assignment of a member to a Medicaid MCO. The Medicaid MCO can then request the medical history of the transferred beneficiary.

This portion of the rule has a January 1, 2023 compliance date.

Reducing the burden of Prior Authorization  

The second aspect of the final rule is an effort to automate and standardize the Prior Authorization process. Providers currently face great difficulty in determining payer-specific requirements and in navigating the cumbersome submission and approval processes.

To ease this burden, and make the process more efficient and transparent, the CMS is proposing to streamline access to information about prior authorization and related documentation requirements. To do this, the CMS will now require impacted payers to build and maintain a FHIR-enabled Document Requirement Lookup Service (DRLS) API – basically a FHIR-enabled query/response for PA requirements that can be integrated with a provider’s HIE. To support these two new APIs, the CMS is requiring the use of Clinical Decision Support (CDS) Hooks and Clinical Query Language (CQL) / Questionnaire. These technical helpers are currently being used in other areas such as quality measures and will now be used within the Prior Authorization API ecosystem to help increase automation, leverage available clinical content, reduce effort and improve transparency.

Providers and HIEs are encouraged to build a FHIR-enabled electronic Prior Authorization Support (PAS) API that can electronically send prior authorization requests and receive responses within existing workflows. Payers will have to return the Prior Authorization decision in an expedited fashion.

This portion of the rule has a January 1, 2024 compliance date.

A big step forward

I invite you to read the final rule at your leisure – it weighs in at nearly 350 pages – but in the meantime, I can assure you that the CMS is making progress in its roadmap to improve interoperability and access. By improving the electronic exchange of health information among patients, payers and providers, the final rule will go a long way towards improving patient access to health information while also reducing payer and provider burden.


On Topic posts are subject matter expert distillations of current topics, issues or regulations.

About the Author

Jeff Strand is a business solution architect with more than 30 years of healthcare industry experience. He is a member of the MITA Governance Board and is a co-chair of the National Medicaid EDI HIPAA (NMEH) sub-workgroup on MITA. At Gainwell he helps define modular healthcare solutions to align to the CMS Medicaid Information Technology Architecture and evolving State and Federal requirements.