Final Rule Published January 2024

Interoperability &
Prior Authorization

Every Medicare Advantage, Medicaid, CHIP, and QHP issuer must implement FHIR APIs and transform prior authorization processes by January 1, 2027.

Jan 1, 2027
Compliance Deadline
5 APIs
Required Systems
72 Hours
Max Urgent Decision Time
Download RFP Template
TIMELINE

Critical compliance dates

Jan 1, 2026

Operational Requirements Begin

Prior authorization decision timeframes take effect: 72 hours for urgent, 7 days for standard. All denials must include specific reasons.

Mar 31, 2026

First Public Metrics Due

Initial prior authorization metrics must be publicly posted. Annual reporting required thereafter for transparency.

Jan 1, 2027

Full API Implementation

All five FHIR APIs must be live. MIPS eligible clinicians begin electronic prior authorization attestation.

Compliance Deadlines
JAN 1 2026
Operational Requirements
72-hour urgent decisions
7-day standard decisions
Denial reason documentation
Active
MAR 31 2026
Public Metrics Reporting
Prior auth metrics published
Annual reporting begins
84 days
JAN 1 2027
All APIs Mandatory
Patient Access API
Provider Access API
Payer-to-Payer API
Prior Authorization API
360 days
API REQUIREMENTS

Five APIs that transform healthcare data exchange

01 — Patient Access API

Patient Access API

Extend existing Patient Access APIs to include prior authorization decisions, giving patients complete visibility into authorization status and care impact.

  • Prior authorization decisions (excluding drugs)
  • Claims and encounter data
  • USCDI data elements
  • Annual usage metrics reporting to CMS
{ "resourceType": "Patient", "id": "example-patient", "priorAuth": { "status": "approved", "serviceType": "MRI", "approvalDate": "2026-01-15" }, "meta": { "versionId": 2 } }
02 — Provider Access API

Provider Access API

Enable in-network providers to access patient data for care coordination and support value-based payment models.

  • Claims and encounter data
  • USCDI data classes and elements
  • Prior authorization information
  • Patient attribution process
Provider Request
SMART Auth
Patient Data
03 — Payer-to-Payer API

Payer-to-Payer API

Support care continuity when patients change plans by enabling seamless data exchange between payers.

  • 5 years of claims and encounter data
  • USCDI data elements
  • Prior authorization records
  • Patient opt-in process
{ "dataTransfer": { "from": "Payer A", "to": "Payer B", "records": 1247, "dateRange": "2021-2026", "patientConsent": "opt-in" } }
PROCESS IMPROVEMENTS

Prior authorization transformed

72h
Maximum decision time for urgent prior authorization requests
7d
Maximum decision time for standard prior authorization requests
100%
Of denials must include specific reasons for transparency
TECHNICAL STANDARDS

Built on industry standards

HL7 FHIR 4.0.1
USCDI
FHIR US Core IG STU 3.1.1
SMART App Launch 1.0.0
FHIR Bulk Data Access v1.0.0
OpenID Connect Core 1.0
CARIN IG STU 2.0.0
Da Vinci PDex IG STU 2.0.0
Da Vinci CRD IG STU 2.0.1
Da Vinci DTR IG STU 2.0.0
Da Vinci PAS IG STU 2.0.1
Da Vinci Plan-Net IG STU 1.1.0
IMPACTED PAYERS

Who must comply

Medicare Advantage (MA) Organizations

State Medicaid & CHIP Fee-for-Service Programs

Medicaid Managed Care Plans

CHIP Managed Care Entities

Qualified Health Plan (QHP) Issuers on Federally Facilitated Exchanges

Ready to ensure compliance?

Get our comprehensive RFP template designed to help you navigate CMS-0057-F requirements and achieve regulatory success.

Download RFP Template
RFP TEMPLATE

Comprehensive RFP template for CMS-0057-F compliance

01

API Development & FHIR Implementation

Complete technical architecture for all five required APIs using HL7 FHIR 4.0.1, implementation guides, and compliance with all CMS specifications.

02

Data Integration & USCDI Compliance

Comprehensive data mapping strategy ensuring all required USCDI data elements are properly exposed with appropriate consent and privacy controls.

03

Security & Authentication

Implementation of SMART App Launch Framework, OpenID Connect, OAuth 2.0, and FHIR Bulk Data Access with enterprise-grade security controls.

04

Prior Authorization Workflow Automation

Electronic prior authorization system supporting request submission, decision processing within regulatory timeframes, and denial documentation.

05

Metrics Collection & Public Reporting

Automated systems for tracking and publicly reporting prior authorization metrics and Patient Access API usage on required timelines.

06

Provider Attribution & Patient Consent

Attribution processes associating patients with providers, opt-in/opt-out mechanisms, and plain-language educational materials.

07

Testing, Documentation & Training

Comprehensive testing strategy including integration, security, and performance testing with complete documentation and staff training programs.

08

Timeline & Phased Implementation

Detailed project timeline meeting both January 1, 2026 and January 1, 2027 compliance deadlines with phased rollout and contingency planning.