CMS-0057-F Prior Authorization and Interoperability Final Rule: What Providers Need to Know

By Dr. Steve Kim, Valer Co-Founder and CEO

As part of our mission to simplify and speed prior authorization submissions, we are closely tracking the regulatory landscape to understand how changes will affect providers. 

After much uncertainty and many piecemeal regulatory updates, we are on the cusp of a larger shift with CMS-0057-F, which attempts to standardize prior auth processes and increase transparency about payer ruling patterns.

If these changes aren’t on your radar, you’re not alone: 52% of providers and 43% of payers have not started working on the API requirements, a key component of the regulation.

Here’s what you need to know about the CMS prior authorization rule—including our perspective on how much this regulation will (or won’t) affect prior auth pain points. 

Takeaway #1: Payers will need to meet specific timeframes for prior auth decisions, starting January 1, 2026.

In the near future, payers will be required to provide prior authorization decisions within: 

• 72 hours for expedited requests
• 7 calendar days for standard requests 

What this means for providers: Holding payers accountable for timely responses is an important step forward and will hopefully streamline prior auth processes and ease scheduling challenges. But given the patchwork state-by-state regulation that already exists, there’s likely to be a lot of payer confusion as to which standards apply. A number of states have already enacted their own timely Turnaround Time (TAT) rules, and so it will be complicated for payers to manage which rule takes precedence for any particular plan. CMS-0057-F also only applies to Medicare Advantage, Medicaid, CHIP, and Qualified Health Plans on the Federally Facilitated Exchanges. Meanwhile, payers are also tracking a separate list of ERISA TAT requirements for large private employer plans.

 As a result, it’s difficult to determine how quickly providers will actually experience the impact of CMS-0057-F. 

Recommended next steps for providers: Providers shouldn’t count on the CMS-0057-F final rule to provide significantly enhanced visibility into TAT, at least initially. As a result, you should consider looking into alternate solutions — such as Valer — to help address this significant challenge. Valer gives patient access teams detailed data on TAT by payer and by service code for all authorizations submitted and retrieved. That way, no matter how adept your payers are at meeting the new reporting guidelines, you will have the data you need to hold payers accountable and make operational decisions at your fingertips. 

Takeaway #2: Payers also need to meet additional public reporting and transparency standards, starting January 1, 2026.

Beyond meeting TAT standards, payers must also publicly report these key prior authorization metrics:

• The percentage of prior auth requests approved
• The average time for prior auth decisions (i.e. their performance on TAT)
• The percentage of requests denied and the reasons for denials

What this means for providers: These new reporting standards aim to increase transparency and accountability between payers, providers, and patients. However, the devil is in the details. An average TAT report may not tell the whole story—different services may have dramatically different decision timeframes, which can be especially consequential for scheduling more complex, high-cost services. 

More straightforward is the requirement that payers provide denial reasons. Although many payers already do this, the ones that don’t make it very difficult to appeal or remediate an auth. Providers will benefit from a standardized set of denial reason codes that make prior auth more transparent and predictable. 

Recommended next steps for providers: Right now, robust data about prior auth decisions and timeframes simply isn’t available to most providers—and even with the CMS prior authorization rule, patient access teams will lack the data they need to improve their operations. Valer breaks out data by payer, specialty, and service line so that you have actionable insights about where to expect delays and denials. 

Takeaway #3: Payers have to implement an FHIR-based API for prior authorization by January 1, 2027. 

This API must enable providers to:

• Identify whether prior auth is required for specific items and services (excluding drugs)
• Submit prior auth requests electronically
• Receive decisions and reasons for denials electronically

What this means for providers: The goal of the API requirement is to streamline submissions and decisions for providers and payers. But payers will need to build out individual EMR endpoints to make the APIs workable. At the current rate of progress, it is unlikely that very many payers will be able to facilitate seamless API-driven workflows by January 1, 2027. 

The mandate to provide a coverage requirement determination (CRD)—i.e. identifying whether an auth is required for a service—will probably be the most robust and widely available component of the new API standards. But achieving  the end-to-end API mappings for document template and rules (DTR) and prior authorization submissions (PAS) across all payers and service lines will be  a tall order—and likely a moving target, to say the least. Payers may have some APIs, but may also continue to be relying on web portals and maybe even some legacy fax workflows, well past the January 1, 2027 date. 

Recommended next steps for providers: In that type of environment, having one platform that can bridge all those submission types will be essential. That’s what we’ve built at Valer: One place to manage and transition payer authorization workflows, whether they involve APIs, web portals, or fax forms, across all payers and all service lines. Valer provides a standard interface across all submission types, rather than a thousand different payer workflows that slow down your team and, ultimately, compromise patient care.

Progress on Paper Isn’t Enough

Although we are excited about the prospects for a better, more sane way to manage prior auth, the CMS prior authorization rule will not get us all the way there. Payers will face significant growing pains and challenges along the path to compliance—and even then, providers will not have the full range of insights or streamlined processes that you need. 

At Valer, we’ve been thinking about these issues for over 13 years, and have developed a streamlined, automated workflow for prior auth. We’ve also collected real-world data about payer behavior—so that providers don’t have to settle for the incomplete picture that CMS-0057-F will set in motion. 

The CMS prior authorization rule is coming from the right place, and we want to accelerate progress towards that more functional and transparent system. It’s a system that providers need—and that their patients deserve. Want to learn more? Watch our webinar for a deeper dive or schedule a demo today.