News & Insights


December 12, 2022

Health Headlines – December 12, 2022

CMS Proposes Rule to Require Certain Health Plans to Electronically Share Data with Providers Regarding Prior Authorization Requests

On December 13, 2022, CMS is set to publish in the Federal Register a proposed rule (Proposed Rule) requiring certain Medicare, Medicaid, Children’s Health Insurance Program, and Qualified Health Plan fee-for-service and managed care plans to share electronic health data directly with hospitals and other providers. The stated goals of the Proposed Rule are to implement an electronic prior authorization process, shorten the time frames for certain payers to respond to prior authorization requests, and establish policies to make the prior authorization process more efficient.  The Proposed Rule also seeks to expand the current Patient Access electronic database, and issues five new requests for information.  The deadline to submit public comments is March 13, 2022.

Affected Payers

The Proposed Rule would apply to Medicare Advantage organizations, state Medicaid fee-for-service (FFS) programs, state Children’s Health Insurance Program (CHIP) FFS programs, Medicaid managed care plans, CHIP managed care entities, and Qualified Health Plan (QHP) issuers on the Federally facilitated Exchanges (FFEs) (collectively, Affected Payers).

Changes to Prior Authorization Processes for Affected Payers

The Proposed Rule would address challenges with the prior authorization process faced by providers and patients.  This includes requiring implementation of a Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) standard application programming interface (API) to support electronic prior authorization. This new API will be referred to as the “Prior Authorization Requirements, Documentation and Decision” (PARDD) API.

The PARDD API would include requirements for the Affected Payers to include a specific reason when denying requests, publicly report certain prior authorization metrics, and send decisions within seventy-two hours for expedited (i.e., urgent) requests and seven calendar days for standard (i.e., non-urgent) requests.  This is twice as fast as the existing Medicare Advantage response time limit.  CMS is specifically seeking comment on alternative time frames with shorter turnaround times, for example, forty-eight hours for expedited requests and five calendar days for standard requests.

The Proposed Rule also sets forth a new Electronic Prior Authorization measure for certain hospitals and critical access hospitals (CAHs) that are eligible under either the Medicare Promoting Interoperability Program or the Merit-based Incentive Payment System (MIPS) under the Promoting Interoperability performance category.  To meet the measure, a prior authorization must be requested electronically from a PARDD API using data from certified electronic health record technology (CEHRT).  Under this proposal, MIPS eligible clinicians, eligible hospitals, and CAHs would be required to report the number of prior authorizations for medical items and services (excluding drugs) that are requested electronically from a PARDD API using data from CEHRT.

If finalized, these prior authorization policies would take effect January 1, 2026, with the initial set of metrics proposed to be reported by March 31, 2026.

Expansion of Patient Access Application Programming Interface

The Proposed Rule would also expand the current Patient Access API to include information about prior authorization decisions; allow providers to access their patients’ data by requiring payers to build and maintain a Provider Access FHIR API, to enable data exchange from payers to in-network providers with whom the patient has a treatment relationship; and create patient records by requiring payers to exchange patient data using a Payer-to-Payer FHIR API when a patient moves between payers or has concurrent payers.

CMS Withdraws its Similar December 2020 Proposed Rule

This is the second proposed rule that CMS has issued regarding the electronic exchange of healthcare data.  The first was published on December 18, 2020, and proposed new requirements for state Medicaid FFS programs, state CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP issuers on the FFEs to improve the electronic exchange of healthcare data and streamline processes related to prior authorization.  In response to that first proposed rule, CMS received many comments that emphasized that Medicare Advantage organizations were not included among the impacted payers.  There was also concern about the implementation timeframes and funding constraints.  Upon review of the comments, CMS decided that the December 2020 proposed rule will not be finalized, and instead is withdrawing that rule and issuing this new Proposed Rule instead. 

This Proposed Rule incorporates certain feedback from stakeholders to the December 2020 proposed rule, including: (1) requiring all impacted payers to use the health information technology standards at 45 C.F.R. 170.215 (i.e., API Standards); (2) adding Medicare Advantage organizations as impacted payers; and (3) a longer implementation timeline.

Implementation of the Proposed Rule Scheduled for 2026 with Some Exceptions

Most of the implementation dates for the proposals in the Proposed Rule begin in 2026, including those for the API proposals, prior authorization decision timeframes for certain impacted payers, and certain reporting proposals.  State Medicaid and CHIP FFS programs will be able to seek an extension of proposed implementation deadlines, or an exemption from some proposed requirements.  CMS also proposes an exceptions process for QHPs on the FFEs.

Requests for Information

Finally, the Proposed Rule includes five requests for information (RFIs).  CMS is re-issuing two RFIs from the December 2020 proposed rule. One RFI is related to standards for social risk-factor data, and another RFI is related to the electronic exchange of behavioral health information among behavioral health providers.

CMS is also issuing three new RFIs: (i) one to solicit information related to opportunities for improving the electronic exchange of medical documentation between providers to support prior authorization programs for Medicare FFS; (ii) a second to gather public feedback regarding data standardization and use of prior authorization to improve maternal health care; and (iii) a third to solicit comments regarding enabling exchange under the Trusted Exchange Framework and Common Agreement (TEFCA).

The text of the Proposed Rule can be found here. The press release from CMS regarding the Proposed Rule is available here.  The CMS Fact Sheet regarding the Proposed Rule is available here.  The deadline to submit public comments in response to the Proposed Rule is March 13, 2022.

Reporter, Ariana Fuller, Los Angeles, +1 213 443 4342,

OIG Review Identifies 378 Labs That Allegedly Billed Medicare Part B at Questionably High Levels for COVID-19 Tests

OIG issued a report last week examining alleged billing irregularities relating to COVID-19 tests (the Report). The Report explains that in response to increased Medicare Part B spending on COVID-19 tests in 2020, OIG performed a review of clinical diagnostic laboratories that billed other diagnostic tests—including individual respiratory tests (IRTs), respiratory pathogen panels (RPPs), genetic tests, and allergy tests—in conjunction with COVID-19 tests. While OIG acknowledged in the Report that these “add-on tests” were not unusual, OIG focused on labs with a high volume or high payments for these add-on tests. OIG’s review identified 378 labs that they allege billed Medicare Part B for add-on tests at “questionably high levels” of either volume or payment amounts. OIG suggested that further scrutiny of the identified labs’ billing patterns was warranted to determine whether there was potential waste or fraud and referred the labs to CMS for further review.

In 2020, Congress expanded Medicare Part B coverage to include testing for COVID-19. Additionally, because respiratory illnesses can cause symptoms associated with COVID-19, CMS also expanded coverage to include certain respiratory tests. However, preliminary OIG analysis of Medicare B claims data raised concerns that some labs may be billing for allegedly unnecessary add-on diagnostic tests alongside COVID-19 tests that significantly increased Medicare payments.

In response to this concern, OIG attempted to identify labs that billed Medicare Part B for allegedly “questionably high levels of add-on tests.” The measures OIG used “identified (1) labs for which add-on tests constituted a high proportion of each lab’s total number of tests, and (2) labs for which add-on tests constituted a high proportion of each lab’s total payments for tests.”

Out of the total 19,577 labs that billed Medicare Part B for COVID-19 tests, OIG performed an outlier analysis of 5,588 labs that billed Medicare for add-on tests on claims for COVID-19 tests. These labs all billed Medicare for over 100 total COVID-19 and add-on tests. OIG determined which of these labs were statistical outliers based on a high proportion of add-on tests or a high proportion of payments for add-on tests.

In total, the analysis identified 378 labs that OIG alleges have questionable billing patterns. Of those, 276 labs were identified for allegedly high volumes of add-on tests, 263 labs were identified for allegedly high payment amounts for add-on tests, and 161 labs were identified as having both allegedly high volume of and payment amounts for add-on tests. Additionally, OIG identified eight outlier labs that allegedly billed Medicare “for the same tests for the same enrollee on the same day as another lab” and admitted that although this may be legitimate, this may indicate a fraud scheme. The 378 labs that OIG identified have been referred to CMS for further review.

The Report, including a detailed breakdown of the analysis, is available here.

Reporter, Lindsay Greenblatt, Los Angeles, +1 213 218 4032,

In the News

King & Spalding Client Alert: OCR Issues Guidance Regarding HIPAA Requirements for Online Tracking Technologies

In last week’s edition of Health Headlines, we reported that the HHS Office for Civil Rights (OCR) issued a bulletin earlier this month on the requirements imposed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for online tracking technologies regarding the protection of privacy and security of health information. Following up on that development, King & Spalding’s Data, Privacy and Security team distributed a Client Alert, available here, with an in-depth discussion of the new guidance and its implications for healthcare providers and other regulated entities operating in the digital health space.