CMS Finalizes a New Prior Authorization and Health Information Exchange Rule

May 7, 2024

Audiologists and speech-language pathologists often experience the frustration of canceling patient appointments or receiving payment denials. The prior authorization process causes providers to waste hours of their valuable time submitting and resubmitting documents to insurance companies. This adds a layer of administrative burden to providers and a hurdle that keeps patients from accessing care.

To address this problem, the Centers for Medicare & Medicaid Services (CMS) finalized the CMS interoperability and prior authorization rule (CMS-0057-F) in January 2024. The rule is intended to significantly reduce the patient and provider burden of prior authorization and improve timely care delivery. According to CMS, this initiative is also designed to facilitate better care coordination and support movement toward value-based payment models.

ASHA supported several provisions of the rule—including provider access, electronic prior authorization, and standards relating to social determinants of health (SDOH)—in its March 2023 comments [PDF]. Here’s everything you need to know about this new rule.

Who Are the Impacted Providers?

Impacted providers include:

  • Providers who work at Medicare Merit-Based Incentive Payment System (MIPS)-eligible hospitals and critical access hospitals
  • MIPS-eligible clinicians participating in the MIPS promoting interoperability performance category.

Who Are the Impacted Payers?

This rule will apply to Medicare Advantage plans, state Medicaid fee-for-service programs, Medicaid managed care, state Children’s Health Insurance Program (CHIP) fee-for-service programs, CHIP managed care, and qualified health plan issuers on the Federally Facilitated Exchanges.

What Are the Requirements?

The impacted payers are required to use electronic health record systems and implement Health Level 7 (HL7) Fast Health Care Interoperability Resources [PDF] (FHIR) application program interfaces to improve electronic exchange of health information. To streamline the exchange of prior authorization information, the impacted payers will implement the Patient Access Application Programming Interface (API), Provider Access API, Payer-to-Payer API, and Prior Authorization API.

What Is Interoperability, FHIR, and API?

Interoperability refers to multiple computer systems being able to exchange and use health information. Unlike paper-based health records, which are used by one person at a time, interoperable health records could be used simultaneously by many users in different locations.

FHIR uses an internet-based technology to exchange clinical and administrative health-related data, allowing providers, payers, and patients to access data in real time.

An API is a software that allows two applications to talk to each other and share data across organizations. Every time you use rideshare apps or food delivery apps on your phone, you are using interoperability and API.

ASHA collaborates with the CMS Post Acute Care Interoperability (PACIO) project to infuse speech-, language-, swallowing-, cognitive-, hearing-, and balance-related data into interoperable electronic health care systems. Thanks to these collaborations and advocacy efforts, Patient Communication Status is now available under the United States Core Data for Interoperability (USCDI). Patient Communication Status ensures patient communication needs are accommodated and allows referring physicians to initiate appropriate SLP referrals. USCDI is a national standardized set of health information—such as patient name, date of birth, etc.—that’s routinely exchanged.

How Does It Affect Your Patients?

Patient Access API: Impacted payers are required to implement HL7 FHIR Patient Access API and add information to patient API on prior authorization status. This will provide patients with real-time access to their prior authorization information.

This more transparent process will help patients understand their payers’ prior authorization requirements, reasons for denials, and impact on their care so they can discuss these issues with their providers when scheduling their sessions. Impacted payers are also required to use simple and easy-to-understand language so that patients can grasp the benefits of API data exchange and their ability to opt in or opt out.

CMS requires impacted payers to report annual metrics of patient API usage beginning January 1, 2026.

How Does It Affect You as a Provider?

Provider Access API: The impacted payers are also required to implement a Provider Access API to share patient data with in-network providers who treat those patients. Through this API, providers will have access to information on individual claims and encounter data (without provider remittances and enrollee cost-sharing information); data classes and data elements in the USCDI; and specified prior authorization information. USCDI provides a standard set of data to each provider from all patient health care encounters to review in real time, which will enable the delivery of quality care. CMS also requires impacted payers to maintain an attribution process, which gives patients the opportunity to opt out of sharing their information with certain providers.

To encourage providers to adopt the electronic prior authorization process, the final rule also adds a new measure for MIPS-eligible clinicians under the Promoting Interoperability Performance category of MIPS and for eligible hospitals and critical access hospitals. Currently, only audiologists and SLPs who exceed the low-volume threshold and are not otherwise exempt must participate in MIPS. See ASHA’s MIPS resources for additional information.

Payer-to Payer API: Impacted payers are also required to implement and maintain a payer-to-payer API to share patient data within five years of the requested date to ensure care continuity when patients change payers.

Prior Authorization API: Impacted payers must populate a list of covered items and services, identify documentation requirements, and communicate whether the payer approves a prior authorization request, denies the request, or requires more information. This will allow providers to resubmit prior authorization requests when needed.

The Department of Health and Human Services will announce how the Health Insurance Portability and Accountability Act (HIPAA) will apply to these prior authorization transactions in the future.

Prior Authorization Time Frame: Impacted payers are required to send the prior authorization decision within 72 hours or three days for urgent requests and seven calendar days for standard requests. ASHA is educating CMS on audiology and speech-language pathology services while seeking additional guidance on what diagnoses and treatments count as urgent requests.

Impacted payers are required to implement some of these operational provisions beginning January 1, 2026. Patient Access, Provider Access, Prior Authorization API, and Payer-to-Payer APIs must be implemented by January 1, 2027.

What’s Next?

If you are an impacted provider—meaning you work for an eligible hospital or a critical access hospital participating in the Medicare Promoting Interoperability Program or you are a MIPs-eligible clinician participating in the MIPS Promoting Interoperability performance category—you will be required to enter prior authorization information electronically. As your administration starts implementing these requirements, you’ll begin to see changes in your EMR systems to include data elements related to prior authorization and a list of necessary documents to support your request.

With payers providing reasons for denials, you may be able to resubmit requests based on their feedback, and you will be able to establish a system to predict what documents the payer may require in the future.

These processes will save you time and help streamline your workflow so that you can spend more time caring for your patients.


Email us at

ASHA Corporate Partners