Getty Images
Overcoming Tech Barriers to Achieve Prior Authorization Transparency
Payers can use the next couple of years to establish a solid technology strategy to ensure compliance with the prior authorization final rule.
Prior authorization has posed problems for nearly all healthcare stakeholders. The CMS Interoperability and Prior Authorization Final Rule aims to streamline the utilization management process and improve data-sharing between payers, providers, and patients.
Public payers, including Medicare Advantage organizations, Medicaid and the Children’s Health Insurance Program (CHIP) fee-for-service programs, Medicaid managed care plans, and CHIP managed care entities, must abide by the new regulations.
Starting in 2026, payers must return prior authorization decisions within 72 hours for urgent requests and seven calendar days for standard requests. In addition, they must provide a specific reason for denying a prior authorization request.
Payers are also required to implement a Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) Prior Authorization application programming interface (API) to support an electronic prior authorization process. Additional APIs must facilitate patient, provider, and other payer access to data.
The final rule elevates the level of transparency between payers and providers, according to Sumitro Sarkar, EY Global Nexus for Health Leader.
“What this new rule does is strengthen and tighten the connection between all those stakeholders in a very systematic and structured way, which is driven by technology to enhance it,” he told HealthPayerIntelligence. “It also elevates the overall level of experience because, as we see, healthcare is [moving] more towards a very consumer-centric way of doing business.”
Additionally, the technology component of the requirements makes it easier for patients and providers to track the status of their prior authorization, he added.
However, complying with these new rules won’t be simple for all payers.
“There are challenges at multiple levels, and there are multiple dimensions to the challenges,” Sarkar indicated. “One of the key dimensions is ‘How do you automate all of the things CMS is asking you to automate?’ For example, the APIs, moving to FHIR, and moving to HL7.”
Payers are responsible for converting unstructured information—such as what services will and will not be reimbursed, what is medically necessary, and what is experimental—into information that providers can easily access, exchange, and understand. Furthermore, this information must have no ambiguity in how it can be interpreted and delivered promptly to ensure inaccurate data doesn’t cause care denials.
Transitioning from X12 electronic data interchange (EDI) standards to HL7 standards also presents a new hurdle payers must overcome. Payers must have the right capability to convert from X12 to FHIR as a part of their technology.
“There is a whole burden of putting the right technology in place just so that you can send and receive a FHIR packet of information that has the right data sets in it so people can make a decision,” Sarkar said. “It is forcing a re-thinking on the payer side in terms of how they actually communicate because now they’re moving from faxes, phones, and pigeons to a way of transporting and receiving data in a very structured form.”
While the regulation affords a good opportunity to standardize technology among payers and providers, determining how to take advantage of this opportunity and how to meet the 2026 and 2027 deadlines poses challenges for payers. Another issue payers face is educating their staff on the new technologies and processes required.
Contracting with a vendor that handles all of the data-sharing and prior authorization processes CMS requires could eliminate these obstacles. However, if CMS establishes new guidelines that fall outside of the vendor’s purview, payers will be back to square one. Thus, a platform-driven approach may be a better route, Sarkar shared.
“[With] more of a platform-driven approach, [they] have a data platform and can think of it like a power outlet. [Payers] can bring in vendors and plug them in and plug them out when they’re not needed,” he noted.
If payers can overcome these challenges and achieve compliance, the final rule should go a long way in improving the prior authorization process.
“It’s not a Band-Aid solution anymore; it’s more strategic. It’s a good two- to three-year timeline to put a crisp strategy in place and execute on that to at least have electronic prior authorization because then [CMS] may come up with more after this, leveraging similar technology between payers and providers,” Sarkar indicated.
While the provisions in the final rule only apply to public plans, the rollout may also impact the commercial market. For example, a public payer may alert a provider about a generic drug and send the information to the provider’s electronic health record (EHR). Down the line, if a provider prescribes medication to a patient with private coverage, the generic option will appear in their EHR, allowing them to suggest this cheaper option over the brand-name drug.
Similarly, private plans can look at their in-network providers’ EHRs to assess what screenings, medications, and care management strategies were used for patients with certain conditions, such as diabetes or chronic obstructive pulmonary disease (COPD), and the success rate of these interventions.
Going forward, the best thing public plans can do is use the next couple of years to assess their current capabilities and determine what they need to comply with the prior authorization and data exchange requirements.
“Payers need to take a step back and say, ‘What is my strategy?’ The strategy should not be confined to interoperability; it should be aimed at information exchange between my providers, myself, the patient, the labs, and the pharmacy benefit managers,” Sarkar explained.
Taking time to strategize is especially important as CMS has started to roll out more requirements in a shorter time period.
“One or two steps back would allow [payers] to structure things better and come to a more resilient solution,” Sarkar concluded. “Taking a step back, strategizing, and thinking of it like a platform-driven approach where [they’re] bringing things in that are all interconnected and grounded on a strategy and the proper architecture should be the way to think about it instead of in a haphazard way throwing point solutions at it.”