WHAT: In the Advancing Interoperability and Improving Prior Authorization Processes Proposed Rule, CMS included a requirement for payers to develop and maintain a new Provider Access API in line with requirements from the 21st Century Cures Act. As proposed, payers would be required to implement a FHIR-enabled API to share patient data with in-network providers that have a treatment relationship with the patient.
IN BRIEF: To facilitate access to health records, the Provider Access API would allow a provider to initiate a request when that provider needs access to a patient’s data before or during a patient visit. The Provider Access API would follow the lead of the Patient Access API, facilitating the exchange of claims and encounter data (excluding cost information), as well as the data elements identified in USCDI v1. Currently, there are concerns about the effectiveness of provider attribution processes to verify the appropriateness of requests, yet CMS maintains that this process should be an opt-out process. Because it is not an opt-in process, payers would be required to distribute patient education resources explaining the opt-out process and how patients’ data may be shared should they choose not to.
WHEN: CMS published its Advancing Interoperability and Improving Prior Authorization Processes Proposed Rule on December 6, 2022. While the final rule is not yet published (as of August 24, 2023), the proposed effective date is January 1, 2026.
Access to a patient’s historical health data via the API can assist healthcare providers in making informed medical decisions. Providers overwhelmingly support the integration of a Provider Access API to increase patient-centered care leading to better patient outcomes. Payers, however, raise concerns that these requirements burden health plans and that a successful Provider Access API may not be feasible by the January 2026 proposed effective date.
Industry-wide adoption of a Provider Access API must overcome distrust between providers and payers, a lack of clinical testing, and privacy risks, such as EHR data fragmentation.
Maverick’s Take 💡
The appropriate sharing of patient health information between health plans and providers reduces provider burden and improves care coordination, resulting in increased patient safety. Still, the adoption of a Provider Access API necessitates the overcoming of distrust between providers and payers. A Provider Access API would empower physicians with more complete data sets; however, concerns about the readiness of attribution protocols bring privacy concerns – with some worried protected health information could end up being shared inappropriately. As proposed, there seems to be an unequal burden on payers to develop and maintain a pathway for data exchange with no expectation for bidirectional exchange.