The CMS Interoperability and Patient Access final rule (CMS-9115-F) was released on May 1, 2020 and required all health plans with CMS lines of business to adopt the FHIR data standard and enable members to access their claims and clinical data via third-party applications connecting to FHIR APIs. The long and short of the 131-page rule is that consumers own their health data and should have the ability to access their data through any application that wants to build against these open APIs.
It was a landmark rule and a noble cause – an important first step in requiring health plans to invest in the same modern data capabilities that power the rest of the internet economy. Most health plans have lamented this rule, their costs to implement and manage API access, and the low use of the APIs. From an ROI perspective, health plans have viewed CMS-9115-F as a tax on the businesses they run, not an investment in the future of interoperability.
That is all about to change though.
The CMS-0057-F Interoperability and Prior Authorization final rule was released on January 17, 2024, and the bulk of the regulation goes into effect in approximately 18 months, on January 1, 2027. Among some reporting updates and new data requirements, the CMS-0057 rule requires the same health plans to expand on their payer-to-member capabilities and begin sharing data Payer-to-Provider and Payer-to-Payer, and to automate Prior Authorization processes via the same FHIR API infrastructure. This requires leveraging the FHIR infrastructure investments made to enable B2C (Patient Access API) and evolving to a new world order of on-demand B2B data exchange (payers, providers, and vendors). January 2027 can’t come soon enough.
Many in the industry have been waiting with bated breath to see if the new Administration in DC would change course, delay, or otherwise hedge on enforcement. One could argue those questions remain unanswered, but with each passing day it’s clearer than ever that these FHIR APIs are purposefully part of the solution to healthcare’s data sharing challenges.
Standards-based, RESTful APIs, natively tied to the same data and technology strategies that enable data sharing in all other industries and bring modern computational capabilities to healthcare can only be a step in the right direction. The ROI that health plans hoped to realize during the Patient Access days should now be central to the business decisions being made to support CMS-0057 and beyond. As my friend and colleague Dr. Don Rucker points out, there will be winners and there will be losers. The winners will be the health plans who lean into the intent of the interoperability regulations, not those who simply aspire to check the box.
Payer-to-Payer Data Exchange only requires a health plan to have the ability to send and receive data from other health plans via FHIR APIs. The winners will be those health plans who properly engage newly enrolling members to consent to the data sharing. To incentivize action, rather than hit the reset button on things like prior authorization or step therapies, plans must understand member behavior, promote plan design benefits or ancillary services, and advance programs such as risk adjustment.
Provider Access only requires a health plan to have the ability to send data to in-network providers via FHIR APIs. The winners will be those health plans who proactively look at their current payer-to-provider data sharing programs and take the opportunity to redesign them. They’ll need to sunset the reliance on proprietary, flat-files that are packaged up – often incorrectly – and posted to an SFTP every 30 days. Provider Access isn’t a new API, it’s a means by which value-based providers can have on-demand access to the data they need to truly partner with health plans in risk-based models. With a little creativity, Provider Access is a way for health plans to surface gaps in care and other information to the providers who are caring for their members.
Prior Authorization only requires three new APIs to be stood up: CRD, DTR, and PAS. This is the classic “if a tree falls in a forest, does it make a sound?” If a health plan just stands up APIs, they’re not taking the opportunity to engage their providers in the promise of on-demand decisions. The winners will be the health plans who promote on-demand prior authorization decisions, who have a strategy to migrate from faxes and phone calls to API-based exchanges that encompass routing logic to transform the longstanding and immensely frustrating workflow in the industry. The winners will learn from the likes of Domino’s Pizza and expose to members a “progress tracker” that shows where in the process their specific service request sits and how to stay informed of approval.
The CMS-0057 regulations are not important for compliance, they are critical forcing functions for digital transformation of foundationally important workflows and processes in healthcare. They are not a tax on the system, they are an investment in modernization and system redesign. The winners will be the organizations who view them as such.
Nolan Kelly
Nolan Kelly is Chief Customer Officer for 1upHealth, where he oversees all aspects of the 1up customer experience, including Sales and Account Management, Services, Customer Success, and Support. Prior to his time at 1upHealth, he led the Enterprise Sales and Health System business at PatientPing. Nolan also served as Vice President of Growth at Linkwell Health and Director of Diversified Business Development at Blue Cross Blue Shield of Massachusetts.
