CMS pushes prior‑auth into EHRs

Prior authorization is one of those healthcare chores that sounds administrative but lands on patients as delay. A doctor orders something. Then staff jump into payer portals, fax forms, chase missing documentation, and wait. CMS is now trying to change the plumbing, not just the policy. On May 5, the agency pulled hospitals, physician practices, EHR vendors, and digital health companies into a new voluntary pledge to make prior auth work electronically from one system to the next — inside the clinical workflow, not beside it. (cms.gov) ### What changed this week? CMS added electronic prior authorization as an “additional use case” in its Health Tech Ecosystem and published a pledge for organizations to adopt interoperable, end-to-end workflows across medical prior authorization. The point is simple: the earlier CMS rule mostly forced payers to expose APIs, but this week’s move tries to make providers and software vendors actually use them together. (cms.gov) ### Why is that a bigger deal than it sounds? Because the ugly part of prior auth is not just the insurer’s decision. It is the handoff problem. Clinicians document care in the EHR, but staff often have to re-enter the same facts into a separate payer portal or attach records manually. CMS is basically saying the fix only counts if the request, supporting documents, status checks, and response can move through the same digital path. (cms.gov) ### What is CMS asking EHRs to do? The EHR side is supposed to implement FHIR-based prior authorization capabilities using HL7 Da Vinci standards. In plainer English, the record system should be able to assemble the needed documentation, send the request in a standard format, and receive updates back without forcing staff into another website. CMS’s ecosystem categories page m(cms.gov)se. (cms.gov) ### Didn’t CMS already regulate this? Yes — but mostly on the payer side. The 2024 CMS Interoperability and Prior Authorization final rule required certain Medicare Advantage, Medicaid, CHIP, and exchange plans to stand up prior authorization APIs, with most API requirements due by January 1, 2027. That rule created the rails. The new pledge is an attempt to get trains running on them. (cms([cms.gov)rability/policies-regulations/cms-interoperability-prior-authorization-final-rule-cms-0057-f)) ### What about drugs? CMS is also widening the scope. In April 2026 it proposed extending many prior-authorization interoperability requirements to drugs, not just non-drug items and services, and it asked for comments through June 15, 2026. So this week’s ecosystem push lands in the middle of a broader expansion — more transaction types, more standards, more pressure to make the workflow real. (cms.gov) ### Why is CMS leaning so hard on this? Because the current process burns absurd amounts of labor. CMS says prior auth work costs providers about $20 to $50 per hour and takes an average of 13 hours a week — roughly 700 hours and $34,000 a year per provider. ASTP/ONC tied the broader HTI-4 e-prescribing and ePA updates to an estimated $19 billion in labor savings over 10 years. Even if those estimates end up high, the direction is obvious. (cms.gov) ### So is this mandatory? The pledge is voluntary. The catch is that the surrounding infrastructure is not entirely voluntary. CMS already has binding payer rules, ONC’s HTI-4 rule added certification criteria that support electronic prior auth in health IT, and the agency is openly trying to line up private-sector behavior before the 2027 deadlines hit. That makes the pledge feel less like PR and more like pre-implementation coordination. (healthit.gov) ### What’s the real bottom line? CMS is reframing prior authorization as a workflow integration problem. If this works, staff stop swivel-chairing between the EHR, fax machine, and payer portal. If it doesn’t, the industry will have payer APIs on paper and the same old bottlenecks in practice. (cms.gov)