EHR Association submits prior authorization comments to CMS

On March 13, the HIMSS EHR Association submitted its comments to the Centers for Medicare and Medicaid Services on its Advancing Interoperability and Improving Prior Authorization Processes Proposed Rule. 


Of primary concern, the EHRA strongly recommended CMS open a second comment period once the Office of the National Coordinator for Health IT releases its Patient Engagement, Information Sharing and Public Health Interoperability rule.

A second comment period would allow all stakeholders to revise comments as necessary and minimize the potential costs involved with complying with two sets of prior authorization requirements, according to the letter. 

Further, the vendor group said it would like to “compare and comment on any contradictory and insufficiently harmonized requirements, which will, in turn, cause unnecessary burden and duplicative work.”

As far as CMS current proposed rule, EHRA was quick to highlight that prior authorization workflows require multiple parties – payers, regulated by CMS and providers, regulated by ONC – to support two ends of the workflow. 

“If any of the specifications for each party are in conflict, this bi-directional exchange across multiple health IT on all sides will not be successful,” EHRA said. 

The vendor group also noted that prior authorization requests would need to be shared with revenue cycle/patient accounting systems that require the authorization reference to complete claims, as the process can be initiated in multiple health IT systems.

Requiring publishing of API endpoints should also be clarified while out-of-network providers should be included in the proposed Provider Access API requirements – “following the same process requirements for patient consent and attribution lists,” EHRA said.

In addition, the standards and implementation guides need further development and do not sufficiently address what is needed to enable the diverse configurations within payer and provider organizations, the vendor group stated.

“We believe it is important that CMS guidance on the use of specific HL7 FHIR-based standards

and implementation guide versions align with those promulgated by ONC through its Certification Program, including the Standards Version Advancement Process,” EHRA said.

ONC is expected to provide a more current set of versions for its next certification program update, according to the organization, and urged CMS to ensure its requirements and adoption timelines remain in sync with ONC.

In response to CMS’s additional requests for information as part of the comment period, EHRA suggested standardizing social risk questions and allowing patients to opt out of certain questions and shared ideas on how to better involve community-based organizations. 

The vendor group says certain social risk and social needs factors, such as housing status, are malleable and should be verified as still accurate during future visits. Information from CBOs that may have provided assistance does not typically flow back to providers, the vendors group says.

CBOs are critical stakeholders, according to EHRA, which suggests CMS consider their limited resources and the fact that they “subsist on a combination of paper and basic technologies, like Excel spreadsheets.” 

EHRA added that a successful strategy might include direct subsidies or funding, as well as including CBOs in larger value-based care models. 

“CMS should be working with Congress, the Health Resources and Services Administration and state agencies to explore targeted initiatives based on the successes of the HITECH Act.” 

On the state level, variations in individual state privacy laws could impede national interoperability, EHRA says and suggests CMS could work to reduce variation while embracing TEFCA to prioritize future adoption of social use cases.

“Such an approach would ensure that the country builds upon the existing healthcare technology ecosystem, folding community care into the larger healthcare picture with their provider partners, not as a separate or standalone entity,” the vendor group said.

Recommending that CMS focus on standardizing social determinants of health questions, but not requiring every organization to collect every question, EHRA argues that not all specialties need them. 

Instead, CMS should look to developing a consistent, structured set of social risk and social needs questions, “such as a federally defined format for SDOH-related questions or standardized questionnaires.”

As far as a policy for collecting and exchanging the SDOH data, patients should not be required to answer every question, says EHRA, which recommends an opt-out option to reflect some patients’ unwillingness to answer certain questions.

“For example, a homeless patient with children may be wary of answering questions about housing stability for fear of such information triggering a call to Child Protective Services,” the vendor group suggested

Overall, EHRA recommends CMS consider the following approach to social determinants data:

  • Start simple.
  • Encourage a consistent standard across actors.
  • Develop federally-standardized social risk questions.
  • Start with a small set of questions that can be generally helpful across care settings.
  • Allow practices to not address all questions when they are not applicable.

CMS asked about existing criteria under the ONC Health IT Certification Program to enable behavioral health interoperability, and EHRA called it a good starting point, but the industry needs more clarification on consent workflows and sensitive data handling. 

The vendor group suggests that CMS “work with the health IT industry to address tagging sensitive data or allowing increased delineation of opt-out/consent workflows.”

On Medicare fee for service data exchange, EHRA recommends CMS work with Da Vinci and X12 to enable a consistent approach through clarification on how to align the requests for initial and additional information for prior authorization and claim. 

“This includes the consideration of Da Vinci’s CDex implementation guide and exploration of how similar techniques can be applied for attachments while using X12 as the main transaction format,” EHRA said. 

For certification, EHRA recommends 18-24 months.

To advance maternal health data standardization and adoption, “USCDI should not be used as a monolithic tool, requiring all health IT that seek certification to support all USCDI.”

To advance TEFCA, EHRA said CMS should not require providers who are already actively engaged in data exchange through existing networks to flow data through a Qualified Health Information Network – “unless there is a clear benefit in cost and data completeness.” 

Requiring providers “to participate in two mostly equivalent sets of networks would be similarly unhelpful, creating cost and burden without adding value,” EHRA said.


Others support prior authorization changes, but also want CMS to align with ONC.

The Medical Group Management Association and the Workgroup for Electronic Data Interchange want the CMS provisions implemented before the current proposed date of January 1, 2026, they said.

While both MGMA and WEDI agree payers need a deadline to make prior authorization decisions but differ on that timeline, WEDI would also like CMS to identify opportunities to incentivize commercial payers to support rule requirements.

“We urge CMS to closely monitor the industry following the implementation date to determine if these response times should be modified,” WEDI said, and urged CMS to align with ONC’s certification program.


“The digital divide is clearly real, as CMS knows, and it will likely take a HITECH-like program – some type of financial incentive structure related to health IT adoption – to broadly change that,” said EHRA in the letter to CMS.

Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]

Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article