Prior Authorization Reform: Requirements, Benefits and Challenges for Payers

In late 2022, the Centers for Medicare and Medicaid Services (CMS) released a proposed rule to improve interoperability and prior authorization reform. In January, CMS finalized those rules, aiming to enhance healthcare data exchange while streamlining the prior authorization process.

Here’s a summary of the requirements, benefits, and challenges of this prior authorization reform as they relate to payers:

What Payers Does this Interoperability and Prior Authorization Reform Impact?

The final rule applies to Medicare Advantage, state Medicaid and Children’s Health Insurance Program (CHIP) Fee-for-Service programs, Medicaid managed care plans, CHIP managed care organizations, and Qualified Health Plan issuers on the exchanges. 

API Requirements

The final rule requires payers to enhance the existing Patient Access API while adding a Provider Access API, a Prior Authorization API, and a Payer-to-Payer API. Here’s a summary of each of those APIs, including actions payers must take, a summary of the data, and implementation timelines:


Payer Actions

Data to Be Shared

Data Availability


Patient Access API

Implement and maintain an API: This API allows patients to use health apps to access their claims, encounter data, and clinical data.
  • Adjudicated claims (including provider remittances and patient cost-sharing)
  • Encounters with capitated providers
  • Clinical data with a date of service on or after January 1, 2016 (e.g., lab results)
Data must be available through the API within one business day of processing. The API must be implemented by January 1, 2027, for most payers and earlier for some Medicaid programs.

Provider Access API

Implement and maintain an API: This API allows providers with a treatment relationship to access a patient’s claims, encounter data, and some clinical data (excluding drugs).
  • Claims and encounter data (without provider remittances and patient cost-sharing information)
  • All data classes and data elements included in the US Core Implementation Guide (IG) STU 3.1.1
  • Information about prior authorizations (excluding drugs), including:
    • Status
    • Approval/denial date
    • End date/circumstance
    • Approved items/services
    • Denial reason (if applicable)
    • Related administrative and clinical documentation (structured)
Data must be available within one business day of receiving a provider request. January 1, 2027, for most payers (earlier for some Medicaid programs)

Payer-to-Payer API

Implement and maintain an API: This FHIR-based API facilitates data exchange with other payers for new enrollments and concurrent coverage. Payers must allow patients to opt in or out of data sharing through this API.
  • Shared data includes claims and encounter data, excluding provider remittances and patient cost-sharing information. It is limited to 5 years before the request.
  • Prior authorization information (excluding drugs): 
    • Status
    • Approval/denial details
    • End date/reason
    • Approved items/services and related documentation
Payers must share requested data within one business day. January 1, 2027: For most impacted payers (Medicaid and Medicare Advantage plan), though some Medicaid programs may have earlier dates.

Prior Authorization API

Implement and maintain a Prior Authorization API: This API allows providers to electronically submit requests, check requirements, and receive decisions for services requiring prior authorization (excluding drugs).

  • Respond to requests within deadlines:
    • Standard requests: Respond within seven calendar days.
    • Expedited requests: Respond within 72 hours.
  • Provide specific denial reasons: Give clear and detailed reasons for denying prior authorization requests.
  • Publicly report on approvals, denials, and appeals: Payers must share data on these metrics at least annually.
  • Prior authorization request information: Service details, medical necessity justification, provider information.
  • Payer requirements: Criteria for approval, documentation needed, appeals process.
  • Approval/denial decisions: Status, date, specific reason for denial (if applicable).
January 1, 2027: For most impacted payers (Medicaid and Medicare Advantage plans), though some Medicaid programs may have earlier dates.


These new data interoperability APIs, including the Provider Access API, Payer-to-Payer API, and Prior Authorization API, offer several potential benefits for payers:

Improved care coordination and management:

  • Access to patient data: By receiving data from other payers and providers, payers can gain a more holistic view of a patient’s health history, medications, and care needs. As a result, payers can make better-informed coverage decisions, improve care coordination, and reduce service duplication.
  • Reduced administrative burden: Streamlined data exchange can automate manual tasks like eligibility verification and claims processing, freeing payer staff to focus on other priorities.

Enhanced fraud detection and prevention:

  • Real-time data access: APIs can provide real-time access to patient data, allowing for faster identification and prevention of potential fraud, waste, and abuse.
  • Improved data analysis: Sharing data across payers can facilitate broader analysis to identify and address fraudulent patterns.

Streamlined prior authorization processes:

  • Electronic submission and decision-making: The Prior Authorization API allows faster and more efficient request submissions, reducing administrative hurdles and wait times for providers and patients.
  • Standardized data formats: Standardized data formats through APIs can streamline communication and reduce errors, leading to quicker approvals and fewer denials.

Increased member satisfaction and retention:

  • Improved care: By facilitating better care coordination and reducing administrative burdens on providers, APIs can ultimately improve patient outcomes and satisfaction.
  • Easier access to information: APIs can empower patients with easier access to their health information, allowing them to be more engaged in their care decisions.

Challenges for Payers

While the new data interoperability APIs offer valuable benefits for payers, implementing them isn’t without its challenges. Here are some key obstacles payers may face:

Technical challenges:

  • Integration complexity: Integrating new APIs with existing IT infrastructure can be complex and require significant technical expertise and resources.
  • Data standardization and mapping: Ensuring data adheres to required standards and accurately maps between different systems can be a time-consuming and error-prone process.
  • Security and privacy concerns: Implementing robust security measures to protect sensitive patient data while ensuring compliance with privacy regulations is crucial.
  • Limited technical resources: Smaller payers may lack the in-house technical expertise or budgets needed for efficient API implementation.

Operational challenges:

  • Workflow disruptions: Integrating new data flows can disrupt existing workflows and require staff training and process adjustments.
  • Data quality and governance: Ensuring the quality and accuracy of shared data requires robust data governance processes.
  • Interoperability with non-compliant providers: Payers may face challenges exchanging data with providers who haven’t implemented the required APIs.

Financial challenges:

  • Implementation costs: Developing, testing, and maintaining APIs can be expensive, especially for smaller payers.
  • Ongoing maintenance costs: Regular updates and ongoing maintenance of API infrastructure are necessary.
  • Potential revenue impacts: Improved care coordination and fraud detection might lead to lower healthcare costs, potentially impacting some payer revenue streams.

Regulatory and legal challenges:

  • Interpreting and complying with complex regulations: Navigating the nuances of the CMS regulations and ensuring compliance can be challenging.
  • Potential legal risks: Data breaches or privacy violations could lead to legal repercussions.

Additional challenges:

  • Lack of industry-wide standards: While the regulations set minimum standards, broader industry-wide adoption would facilitate smoother implementation.
  • Limited provider readiness: Not all providers may have the technology and resources to utilize the APIs effectively.
  • Potential resistance from stakeholders: Providers and patients may have concerns about data privacy and misuse.

Certifi’s health insurance premium billing and payment solutions help healthcare payers improve member satisfaction while reducing administrative costs.

Emerging Technology: A Health Insurance CIO's Guide

Related Posts

Start typing and press Enter to search

Get New Posts in Your Inbox!

Skip to content