Streamlining Prior Auth Workflows Under the New CMS Rule

CMS has finalized a new rule aimed at shortening prior authorization timelines and streamlining processes to remove barriers to patient care, according to a press release. The rule mandates that prior authorization decisions be sent within 72 hours for urgent requests and 7 days for standard requests. This rule will take effect on January 1, 2026, and CMS estimates it will save approximately $15 billion over 10 years.

HHS Secretary Xavier Becerra emphasized the importance of timely medical procedures, stating, “When a doctor says a patient needs a procedure, it is essential that it happens in a timely manner. Too many Americans are left in limbo, waiting for approval from their insurance company. Today, the Biden-Harris Administration is announcing strong action that will shorten these wait times by streamlining and digitizing the approval process better.”

CMS Administrator Chiquita Brooks-LaSure emphasized the commitment to breaking down barriers in the healthcare system to make it easier for doctors and nurses to provide necessary care. She stated that increasing efficiency and enabling the secure and free flow of healthcare data between patients, providers, and payers while streamlining prior authorization processes supports better health outcomes and a better healthcare experience for all.

While prior authorization ensures medical care is necessary and appropriate, it can sometimes hinder necessary patient care due to complex and varying payer requirements or long waits for decisions. This final rule establishes requirements for specific payers to streamline the prior authorization process and complements the Medicare Advantage requirements finalized in the Contract Year (CY) 2024 MA and Part D final rule, which add continuity of care requirements and reduce disruptions for beneficiaries. Starting primarily in 2026, impacted payers (excluding QHP issuers on the FFEs) must send prior authorization decisions within 72 hours for expedited (urgent) requests and seven calendar days for standard (non-urgent) requests for medical items and services. For some payers, this new timeframe for standard requests reduces current decision times by half. The rule also mandates that all impacted payers provide a specific reason for denying a prior authorization request, facilitating resubmission or appeal when necessary. Additionally, impacted payers must publicly report prior authorization metrics similar to those already available for Medicare FFS.

CMS is finalizing API requirements to increase health data exchange and foster a more efficient healthcare system for all. Public input was valued, and the comments submitted by the public, including patients, providers, and payers, were considered in finalizing the rule. Based on these comments, CMS is delaying the compliance dates for API policies from January 1, 2026, to January 1, 2027. Starting January 2027, impacted payers will be required to expand their current Patient Access API to include prior authorization information and to implement a Provider Access API that providers can use to retrieve their patients’ claims, encounters, clinical, and prior authorization data. Additionally, informed by public comments on previous payer-to-payer data exchange policies, impacted payers are required to exchange most of these same data using a Payer-to-Payer FHIR API with a patient’s permission when a patient moves between payers or has multiple concurrent payers.

Finally, the rule introduces a new Electronic Prior Authorization measure for eligible clinicians under the Merit-based Incentive Payment System (MIPS) Promoting Interoperability performance category and for eligible hospitals and critical access hospitals (CAHs) in the Medicare Promoting Interoperability Program. They must report their use of payers’ Prior Authorization APIs to submit electronic prior authorization requests. Together, these policies aim to create a more efficient prior authorization process, supporting better access to health information and timely, high-quality care.

According to CMS, Medicare fee-for-service has already implemented an electronic prior authorization API, demonstrating the potential efficiencies for other payers. The new requirements aim to reduce the administrative burden on the healthcare workforce, empower clinicians to spend more time providing direct patient care, and prevent avoidable delays in care.

The final rule applies to Medicare Advantage organizations, Medicaid and the Children’s Health Insurance Program (CHIP) fee-for-service programs, Medicaid managed care plans, CHIP managed care entities, and issuers of qualified health plans offered on federally facilitated exchanges.