CMS Issues Proposed Regulation with Additional Steps to Reduce Burden and Promote Patient Electronic Access to Health Information

On Dec. 10, the Centers for Medicare & Medicaid Services (CMS) published a proposed regulation focused on reducing provider and patient burden by improving prior authorization processes and promoting patients’ electronic access to health information. 

This proposal builds on the actions that CMS finalized in its Interoperability and Patient Access Regulation in March 2020. Comments on this proposed regulation are due to CMS Jan. 4, 2021. 

Overall, this proposed rule would place new requirements related to data sharing and prior authorization on several payers, specifically impacting state Medicaid and Children’s Health Insurance Program (CHIP) fee-for-service (FFS) programs, Medicaid managed care plans, CHIP managed care entities and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs).

The proposed regulation includes the following specific provisions.

Patient Access Application Programming Interface (API)

This proposed rule builds on CMS’s previous rulemaking and enhances the Patient Access API by requiring the use of specific implementation guides (IGs) and the inclusion of information about pending and active prior authorization decisions. Under this proposal, the impacted payers also must establish, implement, and maintain a process to facilitate requesting an attestation from a third-party application developer that requests to retrieve data via the Patient Access API to indicate the app adheres to certain privacy provisions. CMS is also proposing to require impacted payers to report certain metrics about patient data requests via the Patient Access API on a quarterly basis to CMS. 

Payer-to-Payer Data Exchange

Payer-to-Payer data exchange is intended to facilitate the exchange of patient information between impacted payers, both with the approval and at the direction of the patient and when a patient moves from one payer to another. Such steps better facilitate the coordination of care across the continuum and support a move to value-based care.

CMS is proposing to enhance this data exchange by requiring that it take place via a Health Level Seven International® (HL7) Fast Healthcare Interoperability Resources® (FHIR)-based API and to mandate impacted payers make available, at a minimum, not only the US Core Data for Interoperability (USCDI) Version 1 Data, but also adjudicated claims and encounter data (not including cost information). This data is proposed to be what the payer maintains with a date of service on or after Jan. 1, 2016.  In addition, it has to be conformant with the same IGs proposed earlier, and has to include information about pending and active prior authorization decisions, beginning Jan. 1, 2023. 

Provider Access API

According to the proposed rule, impacted payers would implement and maintain a Provider Access API that, consistent with the APIs finalized in the Interoperability and Patient Access Final Rule, utilizes HL7 FHIR Version 4.0.1 to facilitate the exchange of current patient data from payers to providers, including adjudicated claims and encounter data (not including cost information), clinical data as defined in USCDI, as well as information related to pending and active prior authorization decisions.  

Prior Authorization

In an effort to improve patient experience and access to care, CMS is proposing several additional policies associated with the prior authorization process that may ultimately reduce burden on patients, providers and payers.

CMS had previously partnered with industry stakeholders to build a FHIR-based web service that would enable providers to search documentation and prior authorization requirements for Medicare FFS directly from their electronic health records (EHRs). In this second phase of interoperability proposals, CMS is proposing to require impacted payers to implement and maintain a similar prior authorization Documentation Requirement Lookup Service (DRLS) API.

Moreover, to further streamline the process of submitting a prior authorization request and reduce processing burden on both providers and payers, this regulation proposes to require impacted payers to implement and maintain a FHIR-based Prior Authorization Support (PAS) API. This API is expected to have the capability to accept and send prior authorization requests and decisions and could be integrated within a provider’s workflow, while maintaining alignment with, and facilitating the use of, HIPAA transaction standards. According to the regulation, provider use of the PAS API would be voluntary, and payers may maintain their existing methods for processing prior authorization requests.  

Adoption of Certain Specified IGs to Support Proposed API Policies

On behalf of the Department of Health and Human Services (HHS), the Office of the National Coordinator for Health IT (ONC) carved out a portion of this proposal to adopt the implementation specifications as standards for health care operations. ONC is proposing these implementation specifications for adoption as part of a nationwide health information technology infrastructure that supports reducing burden and health care costs and improving patient care. By ONC proposing these implementation specifications in this way, CMS and ONC are together working to ensure a unified approach to advancing standards in HHS that adopts all interoperability standards in a consistent manner, in one location, for HHS use. Once adopted for HHS use, these specifications would facilitate implementation of the proposed API policies in this regulation.

Requests for Information (RFIs)

CMS also included several RFIs to gather information that may support future rulemaking or other initiatives. The five opportunities focus on:

• Methods for Enabling Patients and Providers to Control Sharing of Health Information
  • Do patients and providers want more options for controlled sharing of health information beyond what is currently in place under current federal and state laws and regulations?
     
• Electronic Exchange of Behavioral Health Information
  • CMS is interested in evaluating whether using other applications that exchange data using FHIR-based APIs and do not require implementation of a full EHR system might be a way to help behavioral health providers
     
• Reducing Burden and Improving Electronic Information Exchange of Documentation and Prior Authorization
  • How can CMS best incentivize providers to use electronic prior authorization solutions?
     
• Reducing the Use of Fax Machines for Health Care Data Exchange
  • CMS is working to identify all programs and processes that currently require and/or encourage the use of fax technology for data exchange
     
• Accelerating the Adoption of Standards Related to Social Risk Data
  • What barriers does the health care industry face to using industry standards and opportunities to accelerate adoption of standards related to social risk data?

Comments on the CMS Regulation are due Jan. 4, 2021. Look to HIMSS for additional information on this regulation and other government actions.