CMS Aims to Reduce Prior Authorization Burden, Improve Patient Access to Health Information

December 11, 2020

On December 10, the Centers for Medicare & Medicaid Services (CMS) released the Reducing Provider and Patient Burden and Promoting Patients' Electronic Access to Health Information proposed rule. This proposal builds on the agency’s Interoperability and Patient Access final rule and would require Medicaid and CHIP managed care plans, state Medicaid and CHIP fee-for-service programs, and Qualified Health Plans (QHP) issuers on the Federally-facilitated Exchanges to improve the electronic exchange of health care data and streamline processes related to prior authorization.

In an effort to alleviate the administrative burden of prior authorization (PA), improve the patient experience, and make the PA process more efficient and transparent the CMS proposal would require payers to:

  • Build and maintain a requirement lookup service application program interface (API) to be integrated with a provider’s electronic health record (EHR) allowing providers to electronically locate PA requirements for each specific payer from within the provider’s workflow.
  • Build and maintain an electronic prior authorization support (PAS) API that has the capability to send prior authorization requests and receive responses electronically within their existing workflow.
  • When denying a prior authorization request, include the specific reason for a denial regardless of the method used to send the prior authorization decision.
  • Send PA decisions within 72 hours for urgent requests and 7 calendar days for standard requests.
  • Publicly report data about their PA process, such as the percent of PA requests approved, denied, and approved after appeal, and average time between submission and determination.

These prior authorization policies would take effect January 1, 2023, with the initial set of metrics  reported by March 31, 2023.

Beginning January 1, 2023, impacted payers—as part of the established patient access API—would also be required to:

  • Include information about the patient’s pending and active prior authorization decisions.
  • Report metrics to CMS quarterly about use of the patient access API to assess its impact on patients.
  • Establish, implement, and maintain an attestation process for third-party application developers to attest to certain privacy policy provisions.

See CMS’ fact sheet for additional information.

Visit ASCO in Action for more  news, advocacy, and analysis on cancer policy.