Health insurers aren't too keen on the Trump administration's new prior authorization rule.
The Centers for Medicare & Medicaid Services (CMS) finalized regulations Friday that would force payers participating in certain government programs to build application programming interfaces (APIs) to streamline data sharing and prior authorization.
The final rule would also require Medicaid and Children's Health Insurance Plan fee-for-service and managed care plans to operate on a reduced prior authorization timeline beginning in January 2024.
Under the rule, payers will have a maximum of 72 hours to make a determination in an urgent request and seven days in a non-urgent request and must provide a specific reason for denial.
America's Health Insurance Plans (AHIP) CEO Matt Eyles slammed the final rule in a statement, saying it is "largely a series of empty promises."
"This shabbily and hastily constructed rule puts a plane in the air before the wings are bolted on by requiring health insurance providers to build these technologies with incomplete and untested instruction manuals," Eyles said. "And, despite rushing the rule, this Administration requires insurance providers to build expensive IT bridges to nowhere by failing to establish comparable requirements for providers or their IT vendors to use the technologies."
Eyles also criticized the administration "conducted the shortest rulemaking process on a major healthcare rule that anyone can remember" in finalizing the rule, as the administration allowed only 14 days for comment on the rule.
CMS then processed and reviewed all comments on the rule in just nine days, Eyles said.
"This was wholly inadequate to allow stakeholders to conduct appropriate analyses and was clearly not consistent with the thoughtful notice-and-comment approach to developing policies that is customarily afforded a rule estimated to cost nearly $3 billion to implement," he said.
"Health insurance providers are committed to achieving a well-connected health care system that works better for patients, providers, and all stakeholders," he added. "But this half-baked, midnight rule cannot be implemented as written, leaves patients’ sensitive data vulnerable to bad actors, and detracts from the critical work at hand defeating COVID-19."