13 Mar Health IT End-Users Alliance Responds to CMS Electronic Prior Authorization Proposed Rule
March 13, 2023
Dear Administrator Brooks-LaSure:
The Health IT End-User’s Alliance appreciates the opportunity to comment on the Centers for Medicare & Medicaid Services’ (CMS) proposed rule entitled Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Advancing Interoperability and Improving Prior Authorization Processes for Medicare Advantage Organizations, Medicaid Managed Care Plans, State Medicaid Agencies, Children’s Health Insurance Program (CHIP) Agencies and CHIP Managed Care Entities, Issuers of Qualified Health Plans on the Federally Facilitated Exchanges, Merit-Based Incentive Payment System (MIPS) Eligible Clinicians, and Eligible Hospitals and Critical Access Hospitals in the Medicare Promoting Interoperability Program, as published in the December 12, 2022 Federal Register.
The Health IT End Users Alliance (the Alliance) brings together health information professionals, physicians, hospitals, and other front-line health care providers and organizations that use health IT in the provision of care to ensure that policy and standards development activities reflect the complex web of clinical and operational challenges facing those who use technology tools for care. By working collaboratively across settings of care, the Health IT End-User’s Alliance is focused on priorities for how technology can best support clinical care and operations.
Our comments below focus on the section of the proposed rule on improving prior authorization process and the related interoperability standards and are grounded in the Alliance’s Consensus Statement on Real-World Testing.
In its proposed rule, CMS seeks to improve the prior authorization process by creating the electronic infrastructure to support faster, standardized processes for electronic communications between affected payers and hospitals, clinicians, and other health care providers to reduce burden and increase the timeliness of decisions. This includes the identification of specific standards and implementation guides that are either proposed to be required for use, or highly recommended for use. The rule also proposes other prior authorization process improvements.
The Alliance supports the agency’s goal of improving the prior authorization process and reducing burden and we commend CMS for addressing a key health care pain point for patients, providers, and health plans. Improving the prior authorization process is an urgent need and the Alliance applauds CMS for taking steps to improve it. We caution, however, that achieving that goal will require federal support of more robust real-world testing of the interoperability standards and implementation guides intended to facilitate automation. It will also require greater engagement with the health IT end-user and provider community to understand the effort needed to operationalize the technology solutions and business processes needed to interact with payer systems.
Proposed Requirement for Payers: Implement an API for Prior Authorization Requirements, Documentation, and Decision (PARDD API)
CMS proposes to require affected payers to implement by January 1, 2026 a PARDD API that, if implemented correctly, will allow providers to query a payer to find out, in near real-time, whether a given item or service requires a PA, understand the payer’s documentation requirements to support a PA, provide needed clinical information from the electronic health record, and receive back from the payer the status of the prior authorization (approved, denied, or payer needs additional information).
Today, the prior authorization process is laborious and is conducted using a range of approaches, from phone calls and faxes to the currently adopted prior authorization transaction standards – the National Council for Prescription Drug Programs NCPDP Implementation Guide Version D.0 and SCRIPT Electronic PA transactions for prescription drugs and ASC X12 278 for dental, professional, and institutional settings. The proposed approach of implementing a PARDD API has tremendous potential to decrease burden for patients, providers and payers by facilitating the exchange of needed information and providing prior authorization decisions in a much shorter amount of time, which could allow patients and providers to more effectively plan care and determine treatment pathways.
However, to be of benefit to the community, the technology supporting the PARDD API must be implemented so that provider technologies can interact with the PARDD API and support the exchange of information needed to process a prior authorization request using automation. The proposed rule does not include any discussion of how this interaction will take place, other than noting that providers would interact with the APIs through their EHR, practice management system, or other technology solution. Nor does the rule address the current level of experience with these approaches.
Recommended Standards to Support APIs
CMS proposes to require certain standards to support the PARDD API, while highly recommending a set of related implementation guides (IGs).
Proposed Standards to be Required
- USCDI (currently V1)
- FHIR Release 4.0.1
- HL7 FHIR U.S. Core IG STU 3.1.1
- HL7 SMART APP Launch Framework IG 1.0.0
- OpenID Connect Core 1.
Proposed Recommended IGs
- Da Vinci Prior Authorization Support (PAS) IG Version STDU 1.1.0
- Da Vinci Coverage Requirements Discovery (CRD) IG Version STU 1.0.0
- Da Vinci Document Templates/Rules (DTR) IG Version STU 1.0.
The agency states that it is only recommending the Da Vinci IGs, rather than requiring them, because:
“After careful ongoing consideration of the Implementation Guides…, their development cycles, and our role in advancing interoperability and supporting innovation, we believe that while these IGs will continue to play a critical role in supporting our policy, we are not ready to propose them as a requirement of our interoperability initiatives. We believe these IGs will continue to be refined over time as stakeholders have the opportunity to test and implement them, and as such, we are recommending them for use but are not proposing to require them. Specifically, we will continue to monitor and evaluate the development of the IGs and consider whether to propose them as a requirement at some future date.” [87 FR 76316.]
The Da Vinci Project dashboard only rates one of the three recommended IGs as among its “most mature,” with the other two not yet reaching that level. CMS notes in the preamble that the referenced IGs have undergone pilots that indicate promise but does not provide any details on the scope of the pilots or the specific outcomes. Furthermore, the preamble does not provide information on the current status or results from the ongoing HL7 Da Vinci Project test of a modification to the existing HIPAA transaction standards for prior authorization using FHIR standards, although CMS approved the request for the exception in April 2021.
The Alliance is concerned that the agency is recommending the use of standards that it deems are not sufficiently mature, without identifying a clear road map to ascertain that these standards will work in the real world. This includes issues such as how FHIR-based approaches will work with the existing infrastructure that is already deployed, workflow constraints to adopting new technology, technology costs, engaging with and educating patients on their role in utilizing the technology, and how new requirements will fit into the array of regulatory requirements that health IT end-users face.
To that end, we urge CMS and other federal agencies to provide a federally supported process to engage stakeholders and establish a collaborative process to ensure that the IGs undergo timely real-world testing that provides transparent information to assess maturity and support adoption. As outlined in our consensus statement on real-world testing, that would include an understanding of whether the IGs will:
- Be implementable by health care organizations without significant effort beyond the value incurred by adoption;
- Be effective at achieving the desired goal;
- Encompass a complete solution to achieve the desired goal;
- Not result in unintended consequences that would harm individuals (caregivers, patients, physicians and other clinicians);
- Respect and accommodate the privacy needs of individual patients;
- Not add extraneous work to the care team;
- Ensure sufficient return on investment to justify the health IT spend; and
- Not disparately impact providers who care for communities that are underserved or marginalized.
CMS and other federal agencies should work with the broader health IT community to identify expectations for rigorous real-world testing of these IGs, such as the needed metrics, methods of accountability, assurance that testing results are impartial, external expert review of testing methods and results, impact on health equity, and public reporting of the outcome. Standards should not be considered mature until real-world testing has been completed and comprehensive report-outs on the testing are made public. Inclusion of standards and IGs in regulation should also not be considered a mark of maturity.
Engaging with end users to conduct real-world testing will increase the likelihood that these technical approaches will succeed and achieve the goals of improved prior authorization processes and reduced burden for patients, providers, and payers. Given the urgency of addressing the prior authorization challenges facing patients and providers, this testing must be done in a timely manner.
Once the IGs are sufficiently tested to ascertain that their adoption will support the desired end-goals, it will be important for CMS to require a single set of standards and IGs to be implemented uniformly across payer technologies. Given that providers work with a range of payers, even slight variations to how an API is implemented can increase burden significantly on the provider community.
Interaction with the HIPAA Attachment Standard.
While this proposed rule references standards for sharing administrative and clinical data that support a FHIR-based environment, the companion proposed rule on The Adoption of Standards for Health Care Attachments Transactions and Electronic Signatures, and Modification to Referral Certification and Authorization Transaction Standard proposes to adopt a specific attachment standard to be used with an updated version of the currently adopted X12 278 standard for electronic prior authorization transaction. This means payers and providers could potentially need to implement and utilize multiple different types of standards to complete an electronic prior authorization request. In other words, one part of the request may be handled by FHIR with supporting documentation handled by X12.
It would be very challenging and overly complex for trading partners to complete the same business process using two separate standards. The apparent lack of alignment across these two proposed rules creates confusion and risks running counter to the stated purpose of the HIPAA Administrative Transactions, which is to increase efficiency and reduce costs. We urge CMS to clarify whether it envisions a future state that includes both FHIR- and X12-based technical approaches to complete electronic prior authorizations, and if so, how the agency would ensure alignment and efficiency.
Other Proposals to Improve Prior Authorization Processes
In addition to the PARDD API, the proposed rule includes a number of other proposals for improving prior authorization processes starting in 2026, such as: requiring affected payers to send prior authorization decisions with specific timelines, publicly reporting certain prior authorization metrics; and including information on prior authorization decisions, including the reason for denial, in the various APIs.
Given the challenges patients and providers currently face in navigating prior authorizations and the documented negative impacts on patients, we recommend that CMS move up the timeline for affected payers to meet the prior authorization process improvements outside of implementing the PARDD API. While the standards to automate the prior authorization process may need real-world testing and other steps to mature, they are not necessary for implementation of these other prior authorization process improvements.
We note that the proposed measures of eligible hospital and eligible clinician use of electronic prior authorization through a PARDD API would add unnecessary burden by requiring end-users to track which payers offer PARDD APIs, and how each prior authorization request is made. This level of tracking is not productive and only serves to add burden. The anticipated reduction in burden from electronic prior authorization should be sufficient incentive for provider adoption. If CMS feels the need to track adoption, a simple yes/no attestation would be sufficient.
Conclusion
The Alliance supports the end-goal of the CMS proposals and looks forward to engaging with the agency and other federal partners on how to advance real-world testing to achieve the benefits that improved prior authorization processes can bring.