CMS Interoperability & Prior Authorization Rule: Reporting Requirements for Patient Access API

Relevant to: Audit Protocol, Enrollment and Payment Systems

Each week, we scan the latest CMS memos to find the most important ones that apply for PACE programs. Below is a summary of what you need to know.

Disclaimer: The content provided on this site is a summary for informational purposes only, and Grane PBM, Inc. assumes no liability for any errors or omissions in the site’s content. The information does not constitute legal or regulatory advice or replace the original CMS memo. Readers are advised to consult the CMS memo in its entirety and to verify information independently before making any decisions based on this information.

Click here to read the complete memo from CMS.

Introduction

The Centers for Medicare & Medicaid Services (CMS) has set forth new reporting requirements for Medicare Advantage Organizations to comply with the CMS Interoperability and Prior Authorization Final Rule. Effective from 2026, these requirements mandate payers to report the utilization of Patient Access APIs, which allow patients to access their health data via chosen applications. The initiative is part of CMS’s broader interoperability strategy to reduce administrative burden and enhance patient empowerment through seamless data access and transparency.

Key Dates and Deadlines

  • Date of Memo: May 29, 2025
  • Publication Date of Final Rule: February 8, 2024
  • Start of Reporting Requirements: Calendar Year 2026
  • First Reporting Deadline: March 31, 2026
  • Start of Contract Year 2027: October 2026

PACE Compliance

This memo is relevant to PACE programs because of the reporting requirements under the CMS Interoperability and Prior Authorization Final Rule, which have implications for data usage and patient access to health information through APIs.

Plans must ensure compliance with the Patient Access API reporting metrics. Specifically, beginning in 2026, impacted payers are required to report annual metrics to CMS on the usage of the Patient Access API. This includes reporting:

  • The total number of unique patients whose data are transferred via the Patient Access API to a health app selected by the patient.
  • The total number of unique patients whose data are transferred more than once via the Patient Access API to a health app designated by the patient.

Payers must submit these metrics through the Health Plan Management System (HPMS) in the “Interoperability Reporting” section.

Failure to comply with these reporting requirements may impact the visibility and functionality of PACE plans in Medicare-related resources. It is crucial to adhere to these guidelines to ensure that patients in PACE programs are informed and able to access their health data efficiently and securely.

Required Actions

Reporting requirements for Medicare Advantage Organizations under the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F) are outlined in the memo. These include steps regarding data reporting for the Patient Access API:

1. Report data on the usage of the Patient Access API annually by March 31, starting in 2026. This includes reporting the total number of unique patients who have their data transferred through the API to health apps of their choice, and the number of those whose data is transferred more than once.

2. Submit the Patient Access API metrics within the Health Plan Management System (HPMS) under the “Interoperability Reporting” section during the designated reporting period from January 1 to March 31 each year.

3. Optional: Starting from Contract Year 2027, MAOs can provide URLs for technical documentation of the API and educational information about privacy and security related to the Patient Access API, as additional resources for CMS review.

FAQs

  • “What are the key reporting requirements under the CMS Interoperability and Prior Authorization Final Rule?”
  • “How does the Patient Access API benefit Medicare beneficiaries?”
  • “What data must impacted payers report annually to CMS?”
  • “When do the new reporting requirements for the Patient Access API take effect?”
  • “What resources are available to help payers comply with the interoperability requirements?”

Click here to read the complete memo from CMS.

Picture of John Baker

John Baker

Senior Vice President, PBM at Grane PBM John Baker brings over 30 years of expertise in pharmacy operations, managed care, and PBM services. A 1990 graduate of Ohio Northern University, he has extensive experience in contract negotiations, mail-order pharmacy, and leading managed care strategies. Throughout his career, John has guided teams in optimizing pharmacy operations, improving healthcare access, and delivering innovative PBM solutions. Since 2021, he has served as Senior Vice President at Grane PBM, leveraging his deep industry knowledge to meet client needs and drive results.

Get real-time memo alerts in your inbox

Categories

Recent Posts

Contact Us

Let's Discuss How We Can Support Your Business

Contact Us

Get real-time memo alerts in your inbox