Blog
linebreak arrow
Healthcare Automation
linebreak arrow
Everything Health Insurers Need to Know About New CMS Rule on Interoperability & Prior Authorizations
Healthcare Automation

4 min read time

read time

Everything Health Insurers Need to Know About New CMS Rule on Interoperability & Prior Authorizations

Scrape data from LinkedIn in one click.
Add to Chrome – it's free!

Last Updated: March 6, 2025.

In January 2024, the Centers for Medicare & Medicaid Services (CMS) finalized a rule aimed at tightening the turnaround times for prior authorization decisions made by health insurers. This move is reshaping the administrative processes that underpin patient care—but plenty of insurers are still trying to wrap their heads around the key provisions of this new rule, and what they actually need to do about it. Let's dive into the most frequently asked questions.

What is the New CMS Rule for Prior Authorizations?

At its core, the new CMS rule introduces significantly shorter deadlines for health insurers to either approve or deny prior authorization requests. This is a fundamental shift from previous practices for many payers, with the aim of reducing delays in patient access to necessary medical services. 

The rule, finalised on Wednesday, January 17, 2024, mandates that, beginning in 2026, urgent prior authorization requests must be resolved within a 72-hour timeframe. For standard, or non-urgent, requests, payers will now have a maximum of seven calendar days to respond. According to regulators, these new timelines have the potential to halve the current decision times for some payers.

Moreover, the rule introduces a crucial element of accountability: payers will now be required to provide a specific reason when a prior authorization request is denied. This is a significant step forward, as it should empower doctors to better understand the rationale behind the denial and, consequently, more effectively resubmit the request with additional information or navigate the appeals process. This increased transparency can lead to a more efficient and less frustrating experience for both providers and patients.

When a prior authorization request is denied under the new regulations, healthcare providers should expect to receive a detailed explanation outlining the specific reasons for the denial. This level of specificity is intended to move beyond vague or generic responses, providing actionable insights that providers can use to address the payer’s concerns.

What Else Do Insurers Need to Do to Stay Compliant?

In a move towards greater transparency, the 822-page rule also mandates that payers must publicly post certain key prior authorization metrics on their websites. This includes information on which specific services require prior authorization, the total number of prior authorization requests received, the number of approvals and denials, and the number of prior authorization denials that were subsequently overturned upon appeal [4, Me]. This level of data sharing can provide valuable insights for providers into the prior authorization practices of different payers.

Beyond the procedural changes, the rule also introduces significant technological requirements. By January 2027, federally regulated payers will be required to implement a standardised application programming interface (API) for prior authorization. APIs are essentially sets of rules that enable different computer systems to communicate and exchange information seamlessly. The CMS believes that establishing a standardised API will be a catalyst for the automation of the end-to-end prior authorization process between providers and payers. The specific standard chosen for this API is HL7 FHIR (Fast Healthcare Interoperability Resources).

The technological advancements mandated by the rule extend beyond just prior authorization. Payers will also be required to expand their existing API for patient access to include comprehensive information about prior authorizations. Furthermore, they must develop a new API for provider access, enabling healthcare professionals to readily retrieve patients’ claims, encounter data, clinical information, and prior authorization details. This enhanced data accessibility aims to provide a more holistic view of a patient’s healthcare journey. Moreover, in situations where a patient transitions between different payers or has coverage under multiple plans, insurers will be obligated to exchange relevant patient data with each other through a dedicated payer-to-payer API. This initiative builds upon previous, albeit unenforced, information-blocking rules finalised in 2020, with the ultimate goal of creating a longitudinal health record that can follow patients across the healthcare system, irrespective of changes in their insurance coverage.

Which Health Insurers Does This Impact?

The scope of this regulatory change is considerable. It applies to a wide range of federally regulated health insurers, including Medicare Advantage (MA) plans, state Medicaid and Children’s Health Insurance Program (CHIP) agencies, Medicaid and CHIP managed care plans, and plans offered on the Affordable Care Act (ACA) exchanges. This broad applicability means that a significant portion of the healthcare system will be subject to these new requirements.

What is the Reason for the New Rule?

The impetus behind this rule is multi-faceted. While payers have historically argued that prior authorization serves as a crucial mechanism to curb nonessential healthcare costs, the CMS has acknowledged the significant drawbacks of the process. Healthcare providers often report increased physician burnout due to the administrative burden and paperwork associated with prior authorizations. Furthermore, patients can be left in a state of uncertainty, their care plans hanging in the balance while they await approval from payers. 

Tragically, there have been reported cases of severe health outcomes and even death following delays in prior authorization, adding further pressure for reform. The CMS anticipates that these changes will not only streamline the process but are also projected to generate roughly $15 billion in savings over the next decade.

For healthcare providers, these new deadlines present a number of potential benefits. The most immediate impact should be a reduction in the time patients wait for critical care approvals, leading to less disruption in treatment plans.

It is important to note that this final rule does not restrict the circumstances under which payers can require prior authorization. The CMS is not mandating a reduction in the use of this cost-control mechanism. However, the expectation is that the combination of shorter turnaround times and the requirement for clear explanations of denials will lead to a more streamlined and transparent process overall.

When Does the New Rule Come Into Effect?

For healthcare providers to effectively prepare for and adapt to these new regulations, several key dates are important to keep in mind:

  • Beginning in 2026: This is the crucial date when the new, shorter deadlines for prior authorization decisions will come into effect (72 hours for urgent requests, 7 calendar days for non-urgent requests).
  • By January 2027: Payers are mandated to have fully implemented the standardised API for prior authorization.

What Should Health Insurers Do About This Today?

In preparation for the CMS rule tightening prior authorization turnaround times, healthcare insurers should strategically focus on the following key areas to ensure a smooth transition and compliance by the 2026 deadline:

  • Thoroughly Understand and Internalise the New Regulatory Requirements: Insurers must comprehensively familiarise themselves with the specifics of the CMS final rule, particularly the mandated 72-hour turnaround for urgent prior authorization requests and the seven-calendar-day limit for non-urgent requests, which come into effect in 2026. To get ready for this deadline, experts are encouraging healthcare insurers to start implementing solutions today so they are ready for next year.
  • Assess and Optimise Current Prior Authorization Workflows: Insurers should critically evaluate their existing prior authorization processes to identify areas that need to be streamlined to meet the new, shorter deadlines.This may involve analysing current decision times, identifying bottlenecks, and re-engineering workflows with an automation tool like Magical to ensure timely processing.
  • Develop and Implement a Robust System for Providing Specific Reasons for Denials: The new rule mandates that payers must provide a specific reason for denying a prior authorization request. Insurers need to establish clear protocols and train staff on how to articulate the precise rationale behind each denial. This will not only ensure compliance but also help providers to resubmit or appeal more effectively.
  • Plan for the Mandatory Posting of Prior Authorization Metrics: By the time the rule is fully implemented, insurers will be required to post certain prior authorization metrics on their websites. Proactively identify the necessary data points – including which services require prior authorizations, the number of denials and approvals, and prior authorization denials overturned after appeal – and establish systems for accurate data collection and public reporting.
  • Strategise for the Implementation of the Standardised API (HL7 FHIR): The rule requires the implementation of a standardized application programming interface (API) for prior authorization by January 2027. Insurers should begin immediately to assess their current IT infrastructure and develop a clear roadmap for integrating the HL7 FHIR standard. This may involve engaging with IT vendors and allocating resources for the necessary development and testing to ensure seamless communication with provider systems.
  • Expand and Develop Patient and Provider Access APIs: In addition to the prior authorization API, insurers need to plan for the expansion of their patient access API to include prior authorization information and the creation of a provider access API that can retrieve patient claims, encounter, clinical, and prior authorization data. These developments will require careful planning and coordination across IT departments.
  • Prepare for Payer-to-Payer Data Exchange: For patients moving between payers or with multiple coverage plans, insurers will need to establish a system for exchanging patient data using a payer-to-payer API. Planning for this data exchange, considering data security and interoperability, is crucial.
  • Invest in Staff Training and Education: Ensure that all relevant staff, including those involved in processing prior authorizations, handling appeals, and managing IT systems, are thoroughly trained on the new regulations, the rationale behind them, and the new technological requirements.
  • Monitor HHS Guidance and Potential Future Rulemaking: The HHS has indicated that it will "continue to evaluate" prior authorization standards. Insurers should remain vigilant for any further guidance or updates from regulatory bodies to ensure ongoing compliance and proactively adapt to future changes.

Magical Can Help Streamline Your Prior Authorizations

Healthcare insurers use Magical to fully automate their prior authorization workflows to ensure they are within the required 72-hour window. Set up human-assisted automations that can process a prior authorization in one click, or set up fully autonomous agentic AI automations to automatically process any new prior authorization requests that come in. Book a demo with our team today to see how easy, reliable, and accurate your automation can be.

Make tasks disappear.
Like magic.

Slash through repetitive tasks in seconds by teleporting data between your tabs.

Book a Demo

Related Articles

6 Must-Have RCM Automation Tools for 2025

In 2025, these are the must-have tools that will help you streamline processes, reduce errors, and enhance revenue generation.

5 Examples of Agentic AI Automations in RCM

What are the top use cases for agentic AI in revenue cycle management? Check out these real-world examples from Magical customers.

How to Deploy AI for Your Healthcare Admin Team

Everyone wants to start unlocking efficiency gains from AI—but where do you start? Here are three steps to deploy AI for any healthcare admin or RCM team.

Magical logomark (//M)
Use cases
HealthcareRecruitingSalesCustomer support
Features
No-Build AutomationsConnect Any AppText expanderAutofillAuto Form FillerWebsite ScraperAI Email Writer
Resources
PricingHelp centerRPA AlternativeiPaaS AlternativeTrust and securityIntegrationsTest formPrivacy policyTerms of service
Get Magical
Magical for ChromeMagical for Edge

Company
About usCareersBlog
Follow us
TwitterLinkedInFacebookYouTubeTikTok