Learn how investment in IT infrastructure mandated by CMS-0057 can be a catalyst for advancing health plan priorities and improving care.
Ensuring your investment in IT infrastructure mandated by CMS-0057 delivers strategic returns on top of regulatory compliance requires a team effort. To help, InterSystems, the global leader in healthcare interoperability, published a white paper distilling from this 1000-plus page rule key data sharing provisions, associated technical requirements and timelines, impacted operational processes, and opportunities for improving performance and advancing value-based care. We recently updated this document for 2025. Read the Executive Summary below and download the full updated white paper at The APIs Are the Easy Part: Maximizing Your ROI While Meeting CMS Interoperability and Prior Authorization Requirements.
Executive Summary
What are your organization’s top strategic investments for the coming year? According to a Gartner survey, 46 leaders from various US payers ranked quality improvement, data and analytics, behavioral/mental health, and risk adjustment optimization as their most important initiatives. But those same leaders identified regulatory shifts as the top factor driving enterprise decision making. Indeed, regulatory shifts was the only such factor considered at least “somewhat important” by all respondents and “very important” by nearly three-quarters of surveyed leaders.1
Unfortunately, complying with new regulatory requirements is often seen as a distraction from “more important” organizational initiatives. In some cases, though, such mandates align well with business priorities and provide the necessary urgency to move key initiatives forward. Approached from the right perspective, new regulatory requirements can be harnessed to put in place infrastructure and business processes that will strengthen the enterprise for years to come. The CMS Interoperability and Prior Authorization Final Rule, CMS-0057-F, released in January 2024, represents just such an opportunity for payers.
This new rule is one in a set of regulatory initiatives requiring investment in information technology (IT) needed to democratize data-driven decision-making throughout healthcare and advance value-based care. In 2009, the HITECH Act digitized and normalized provider electronic health record (EHR) data. In 2020, CMS-9115-F introduced API-based information sharing by payers, and even more recently in 2025, HTI-4-F added new certification criteria and related standards to the ONC Health IT Certification Program, including updates for electronic prior authorization. CMS-0057-F mandates payer support for the use of digitized data and FHIR-based APIs to advance interoperability among all key stakeholders and automate costly manual prior authorizations. While targeted at a specific set of federally funded “impacted payers,” it is expected to have a ripple effect across the entire healthcare industry.
As the name implies, the rule requires payer investment in interoperability infrastructure, but compliance is far more comprehensive than a pure IT project. Implementing the mandated APIs requires answers to a host of operational, policy, and workflow decisions all critical to optimizing an organization’s return on its infrastructure investment.
More specifically, CMS-0057-F addresses four types of information sharing by impacted payers:
- Sharing information with other payers, both impacted and non-impacted, to build longitudinal member records for better care coordination
- Sharing information with members and their representatives to better manage and coordinate their own care
- Sharing information with in-network, treating providers to furnish relevant context and visibility about a patient’s care team and clinical history
- Exchanging information between providers and payers to determine whether prior authorization is required and expedite decisions
Collectively, these information sharing mandates build on and support investment in a robust longitudinal health record. You can picture the core requirements and automated information flows for impacted payers like this:
The rule’s implied requirement for deployment or expansion of a longitudinal health record that can integrate member clinical, claims, and social determinants of health data comprises one of the greatest opportunities to advance priorities like quality improvement, analytics, and risk adjustment optimization. As IDC’s Jeff Rivkin writes:
“Well-documented payer walls between the “claims side of the house and the care side of the house” are highlighted with prior authorization. A strategy to comply to the final rule issued by the U.S. Centers for Medicare & Medicaid Services suggests that payers should unify organizations and systems around their member longitudinal health record.”
Put another way, we must tear down the clinical and administrative data silos that have spread throughout US healthcare for decades to realize the dramatic improvements in quality and efficiency other industries have achieved through interoperability. And CMS-0057-F provides a vehicle for driving this needed change. It requires investment in, contribution to, and use of the type of longitudinal or unified care record needed to automate burdensome processes and generate actionable insights to improve care and promote wellness at the right point in time and place. But again, ensuring your investment delivers these larger returns on top of regulatory compliance requires a team effort. It will require close alignment among IT, clinical, and business leadership, under the guidance of your regulatory team.
Note: This document is informational only and does not constitute legal advice.
1 Bishop, M, 1Q24 U.S. Healthcare Payers Enterprise Benchmarks: Priorities and Technology Deployments, Gartner, 1 March 2024- ID G00809883