New Prior Authorization Ruling Applies to Some, Not All

New Prior Authorization Ruling Applies to Some, Not All

In December 2022, I reported on a proposed rule from the Centers for Medicare & Medicaid Services (CMS) about updating requirements for prior authorization (PA), a process that many providers and patients consider to be a roadblock to obtaining care. Now, CMS has published the Final Rule (020824) on this topic, which contains significant requirements for health plans to follow to improve the process. 

The rule only applies to a set of Impacted Payers: Medicare Advantage (MA) organizations, state Medicaid and Children’s Health Insurance Program (CHIP) Fee-for-Service (FFS) programs, Medicaid managed care plans, CHIP managed care entities, and Qualified Health Plan (QHP) issuers on the Federally Facilitated Exchanges (FFEs). 

Legally, these are the plans for which CMS can set requirements.   However, it is expected that many commercial plans will voluntarily adopt some of these provisions.

The rule also adopts a new measure for Merit-Based Incentive Payment System (MIPS)-eligible clinicians under the Promoting Interoperability performance category of MIPS, as well as for eligible hospitals and critical access hospitals (CAHs), under the Medicare Promoting Interoperability Program.

The rule requires impacted payers to add information about prior authorizations (excluding those for drugs) to the data available via the Patient Access Application Programing Interface (API). In addition to giving patients access to more of their data, impacted payers must implement and maintain a Provider Access API to share patient data with in-network providers with whom the patient has a treatment relationship. Impacted payers will be required to make the following data available via the Provider Access API: individual claims and encounter data (without provider remittances and enrollee cost-sharing information); data classes and data elements in the United States Core Data for Interoperability (USCDI); and specified prior authorization information (excluding those for drugs).

Impacted payers must maintain an attribution process to associate patients with in-network or enrolled providers with whom they have a treatment relationship, and to allow patients to opt out of having their data available to providers under these requirements.

In a significant move, the rule requires impacted payers (excluding QHP issuers on the FFEs) to send prior authorization decisions within 72 hours for expedited (i.e., urgent) requests and seven calendar days for standard (i.e., non-urgent) requests. Impacted payers must provide a specific reason for denied prior authorization decisions, regardless of the method used to send the prior authorization request.

For providers to successfully report the Electronic Prior Authorization measure:

  • MIPS-eligible clinicians must attest “yes” to requesting a prior authorization electronically via a Prior Authorization API using data from certified electronic health record technology (CEHRT) for at least one medical item or service (excluding drugs) ordered during the CY 2027 performance period, or (if applicable) report an exclusion.
  • Eligible hospitals and CAHs must attest “yes” to requesting a prior authorization request electronically via a Prior Authorization API using data from CEHRT for at least one hospital discharge and medical item or service (excluding drugs) ordered during the 2027 EHR reporting period, or (if applicable) report an exclusion.

To enhance and streamline the electronic process for prior authorization, impacted payers must implement and maintain a Prior Authorization API that is populated with its list of covered items and services, can identify documentation requirements for prior authorization approval, and supports a prior authorization request and response.

These Prior Authorization APIs must also communicate whether the payer approves the prior authorization request (and the date or circumstance under which the authorization ends), denies the prior authorization request (and a specific reason for the denial), or requests more information.

Implementation timeframes for these requirements are Jan. 1, 2026, for PA Processes and Jan. 1, 2027, for APIs.

Facebook
Twitter
LinkedIn

You May Also Like

Leave a Reply

Please log in to your account to comment on this article.

Subscribe

Subscribe to receive our News, Insights, and Compliance Question of the Week articles delivered right to your inbox.

Resources You May Like

Trending News

Get 15% OFF on all educational webcasts at ICD10monitor with code JULYFOURTH24 until July 4, 2024—start learning today!

Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →

Unlock 50% off all 2024 edition books when you order by July 5! Use the coupon code CO5024 at checkout to claim this offer!