In our earlier blog post, ONC HTI-2 Proposed Rule: A Leap Forward in Healthcare Interoperability, we provided a high-level overview of the proposed rule. In this post, we will focus specifically on the new API certification criteria. The rule proposes several new API certification criteria aligned with the Centers for Medicare and Medicaid Services (CMS) requirements from the CMS Final Rule (0057) Advancing Interoperability and Improving Prior Authorization. The HTI-2 proposed rule would advance the certification of the following APIs required for use in CMS-0057.

Key Certification Requirements

1. Patient Access API (§ 170.315(g)(30))

The Patient Access API certification criterion focuses on enabling patients to access their health and administrative information through a health application of their choice. The information in the API includes:

• Payer Drug Formulary Information: Ensuring patients can view information about their drug coverage.
• Clinical Coverage and Claims Information: Allowing patients to access details about their health coverage and claims.
• Prior Authorization details: Includes certain information about patients’ prior authorization requests and decisions (excluding those for drugs).

2. Provider Access API – Client and Server (§ 170.315(g)(31) and (g)(32))

The Provider Access API certification criteria aim is to allow healthcare providers to securely and quickly retrieve relevant patient health information providing for a more complete picture of a patient’s health history. This information in the API includes:

• USCDI v4 data sharing: Included in the FHIR API is standardized data and data sets.
• Claims and Encounter Information: Patient claims and encounter information (excluding remittance and patient cost-sharing), clinical data and provider information to support care coordination and management.
• Prior Authorization details: Includes certain information about patients’ prior authorization requests and decisions, such as status and service, product details (excluding those for drugs).

3. Payer-to-Payer API (§ 170.315(g)(33))

The Payer-to-Payer API certification criterion is essential for ensuring that patient information can be exchanged electronically between payer systems to empower patients and ensure continuity of care when patients switch insurance plans. This API can also help improve administrative efficiency for payers as well. The information in the API includes:

• Previous and concurrent payer information: Include functionality to identify and record data about the patient's previous and current health insurance payers; including payer identifiers, coverage dates, and plan information. Additionally, the API must provide a mechanism for patients to explicitly opt in to sharing their health information from these other payers with their current or new payer.
• Claims, Encounter and other data sets Information: Included in the FHIR API is standardized data and data sets, USCDI v4, patient claims and encounter information (excluding remittance and patient cost-sharing) to support care coordination and management.
• Prior Authorization details: Includes certain information about patients’ prior authorization requests and decisions (excluding those for drugs).

4. Electronic Prior Authorization APIs (§ 170.315(g)(34) and (g)(35))

Electronic Prior Authorization APIs are crucial for streamlining the prior authorization process, a common pain point in healthcare. The use and certification of this API would simplify the prior authorization process to expedite care for patients by reducing documentation hurdles and reducing administrative costs and likely patient frustration. The information in the API includes:

• Coverage Requirements: Data to determine patient eligibility, service/product coverage, and prior authorization requirements.

• Clinical documentation Required: Clinical guidelines, medical history, specific criteria for different procedures, treatments, or services, required documentation for each type of PA request, diagnosis, procedure codes, imaging, credentials of the requestor and more.

Implementation Timeline

The proposed rule sets specific dates for health IT developers to update their certified Health IT Modules to maintain certification:

• January 1, 2026: Update requirements for privacy and security modules.
• January 1, 2027: Prior authorization API for providers.
• January 1, 2028: Comprehensive updates including patient engagement, public health reporting, and clinical quality measures.

Preparing for Implementation

Health IT developers and healthcare organizations must pay close attention to these certification requirements to evolve their technology and product roadmaps to ensure their ability to certify or support the certification of their partners. This includes:

• Technology Upgrades: Updating existing systems or integrating new certified health IT modules.
• Vendor Collaboration: Working closely with health IT vendors to ensure their products meet the new certification criteria.
• Staff Training: Educating staff on how to use and maintain the new technologies
• Ongoing Maintenance: Keeping systems up to date with evolving certification criteria and regulatory requirements.

Conclusion

The proposed HTI-2 rule's FHIR API certification requirements mark a significant advancement in healthcare interoperability. These requirements, should they be finalized, are not just a regulatory checkbox but a strategic opportunity. As the industry adapts to these changes, we can expect future regulations to expand the use of mandated APIs beyond the current scope defined in CMS-0057.

Healthcare organizations will benefit from approaching these requirements with a forward-thinking mindset. Rather than viewing them as mere compliance hurdles, leaders should consider how these new APIs can be leveraged for long-term strategic value. This proactive approach will not only ensure readiness for current regulations but also position organizations to adapt more easily to future technological and regulatory developments. Stay tuned for more insights and analysis of the HTI-2 proposed rule and its implications for the healthcare industry in our upcoming blog series

If you want to learn more about how the HTI-2 proposed rule or other policies may impact your organization, please reach out to me at kim.boyd@pocp.com. Our team at Point-of-Care Partners is here to help you navigate these changes and leverage new opportunities for strategic growth and compliance.

For more detailed information, you can refer to the ONC HTI-2 Proposed Rule and the HHS Press Release.