In recent weeks, HHS and its agencies have been anything but slackers. Each of the past three months has brought some kind of notable rulemaking that moves the needle on interoperability. In November, it was a proposed rule on provider disincentives for information blocking. The ONC followed in December with its latest final rule for Health IT Certification, known as the HTI-1 rule. And just last week, CMS issued its most important interoperability-related rule since 2020, one that adds a host of requirements for prior authorization-related FHIR APIs.
But while our federal government no doubt moves, it doesn't necessarily move quickly, and it doesn't always ask others to move quickly either. The prior auth rule is a good example. Impacted payers—which include Medicare Advantage insurers, state Medicaid and CHIP programs, and payers who offer federal marketplace plans—have until January 1, 2027, to release their prior auth APIs, and these APIs only need to cover prior auth for procedures, not drugs.
Though I don't want to minimize the challenge of this task, three years is far too long a wait until prior auth begins to emerge from the Stone Age. If we want to rapidly improve prior authorization processes—and, more generally, accelerate the advancement of interoperability in healthcare—we should invest in financial incentives.
PA = Pretty Awful
Prior auth is basically a reality of life. If you have insurance and need a consultation with a specialist, a complex procedure, or an expensive medication, your insurance company will likely require pre-approval before agreeing to pay. This extra hoop to jump through doesn't please providers; 89% of respondents to an AMA survey said the prior auth process has negatively impacted their patients' care, and 88% feel it is a burdensome task.
Burden equates to wasted time and money. It's at such an extreme that CMS estimates its final rule will collectively save practices and hospitals 230 million hours and $16 billion over 10 years. The Council for Affordable Quality Healthcare, which tracks adoption of electronic transactions for administrative workflows under HIPAA, is less generous, with its most recent estimate that fully electronic prior auth would save the industry (providers and payers) $450 million annually. (Note: CAQH defines electronic prior auth as X12 278 transactions, not API-based transactions, since HIPAA mandates the former.)
Moolah to get moving
Whichever estimate you believe, there's the potential to cut hundreds of millions of dollars in unnecessary spending by getting our industry to embrace modern technology—and that's for only one portion of a single workflow. But we're leaving that money locked up and out of reach if most payers (legally) delay deployment of the prior auth APIs until 2027. I don't begrudge CMS for setting that timeframe; insurance companies have a lot of work ahead of them, from translating their prior auth criteria into machine-computable rules to developing and testing their APIs, and no one wants to see a hasty and flawed rollout.
But that doesn't mean there aren't ways for public and private players to encourage the availability of prior auth APIs sooner. If payers release their APIs in 2025 or 2026, their billing providers will realize enormous savings sooner. One idea would be for providers and payers to arrange to share in these savings until the official deadline arrives. Another option could be for the federal government to temporarily increase payments or cost sharing for those leading-edge payers. Both approaches would reward innovation, speed, and efficiency and would still result in overall savings for our industry.
I will admit, this is an idea with holes and flaws. For one, any financial incentives from Washington will have to be paid for, because our national debt isn't getting smaller. Second, the payers' prior auth APIs are less than helpful if EHRs don't support transacting with them, so some sort of benefit has to be considered for EHRs that provide early support.1 And calculating, documenting, and exchanging the savings resulting from the prior auth APIs could be a burdensome process itself, negating some of the overall benefits.
Nonetheless, if we want to go big on prior authorization, we have to dream big. Thinking more broadly, I believe financial incentives should be regularly in play for high-value/high-impact interoperability initiatives. For example, webhooks can add significant value and open the door to new innovations, so EHRs should be incentivized to offer webhooks until they are mandatory.
Right now the pace of change in interoperability is essentially the speed at which Congress passes new laws and HHS issues new rules—in other words, a slow, methodical grind. When greater interoperability can bring greater efficiency, lower spending, and healthier lives, we should be willing to commit money upfront to realize those benefits. In business, when you want something done, you invest not only time but also money into making it happen. Healthcare in America is a business, and interoperability must be one of its most important investments.
Note 1: EHRs and prior auth APIs
CMS' prior auth rule does not affect EHRs in any way. Any rulemaking to require EHRs to support prior auth APIs would need to come from the ONC. It is widely expected that the ONC's next rule for Health IT Certification, the HTI-2 rule, will include this requirement when it is proposed this year.