Photo: Alex Wong/Getty Images

The Centers for Medicare and Medicaid Services has announced that it will not take enforcement action against certain payers for the payer-to-payer data exchange provision of the May 2020 Interoperability and Patient Access final rule until future rulemaking is finalized.

The agency’s decision to exercise enforcement discretion for the payer-to-payer policy doesn’t affect any other existing regulatory requirements and implementation timelines outlined in the final rule.

On July 1, two of the policies from the May 2020 Interoperability and Patient Access final rule went into effect. On April 30, the requirements for hospitals with certain EHR capabilities to send admission, discharge and transfer notifications to other providers went into effect, while on July 1, CMS began to enforce requirements for certain payers to support Patient Access and Provider Directory APIs.

The regulations include policies that require or encourage payers to implement Application Programming Interfaces (APIs) to improve the electronic exchange of healthcare data – sharing information with patients or exchanging information between a payer and provider, or between two payers. APIs can connect to mobile apps or to a provider EHR or practice management system to enable a more seamless method of exchanging information, according to CMS. 

The regulations also include policies that are intended to reduce the burdens of the prior authorization process by increasing automation and encouraging improvements in policies and procedures, with an eye toward streamlining decision-making and communications.


The Interoperability and Patient Access final rule was intended to give patients access to their health information when and how they’d like it. The rule focused on driving interoperability and patient access to health information by liberating patient data using CMS authority to regulate Medicare Advantage (MA), Medicaid, Children’s Health Insurance Program (CHIP), and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs).

CMS exercised enforcement discretion for the Patient Access API and Provider Directory API policies for MA, Medicaid, CHIP and QHP issuers on the FFEs effective January 1 through July 1. CMS began enforcing these new requirements on July 1.

The Interoperability and Prior Authorization proposed rule emphasizes the need to improve health information exchange to achieve appropriate and necessary access to complete health records for patients, healthcare providers and payers. 

That proposed rule also focuses on efforts to improve prior authorization processes through policies and technology. It enhances certain policies from the CMS Interoperability and Patient Access final rule, and adds several new provisions to increase data sharing and reduce overall payer, provider and patient burden through the proposed improvements to prior authorization practices.


CMS first introduced the Interoperability and Patient Access final rule in December 2020. It was met with mixed reactions from providers, since the American Hospital Association applauded the efforts to remove barriers to patient care by streamlining the prior authorization process, but was disappointed that Medicare Advantage plans were left out.

America’s Health Insurance Plans spoke out against the rule in a statement from president and CEO Matt Eyles in January.

The statement blasted CMS for rushing the finalization of the rule and said it was “shabbily and hastily constructed.” It compared the rule to putting “a plane in the air before the wings are bolted on” because insurers are required to build these technologies without the necessary instructions.

While AHIP insisted the nation’s health insurers are committed to creating a better-connected healthcare system, it says the rule cannot be implemented as is, puts patient data at risk and distracts stakeholders from defeating COVID-19.

Twitter: @JELagasse
Email the writer: