Logo
↩ Return to Blog
CMS
April 22, 2026
2026 Interoperability Proposed Rule

2026 Interoperability Proposed Rule

On April 10, the Centers for Medicare & Medicaid Services (CMS) released the 2026 Interoperability Standards and Prior Authorization for Drugs proposed rule. The agency also released a fact sheet outlining the major provisions of the proposed rule. The below acts to summarize or directly reproduce many of the key components of that fact sheet.

2026 Interoperability Proposed Rule

Share

Background

This proposed rule builds on previous requirements that Medicare Advantage (MA) organizations, state Medicaid and Children’s Health Insurance Program (CHIP) fee-for-service (FFS) programs, Medicaid managed care plans, CHIP managed care entities and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs) (collectively “impacted payers”) must implement Patient Access, Provider Directory, Provider Access, Payer-to-Payer and Prior Authorization Application Programming Interfaces (APIs) (collectively “interoperability APIs”). In this rule, CMS is proposing to add small group market QHP issuers offering plans on the Federally-facilitated Small Business Health Options Program (FF-SHOP) as an impacted payer subject to the interoperability requirements of the previous rules and these proposals.

While the prior authorization requirements in the 2024 final rule focused on non-drug items and services, the 2026 CMS Interoperability Standards and Prior Authorization for Drugs proposed rule extends many of those requirements to cover prior authorizations for drugs. Specifically, CMS now proposes to require impacted payers to support electronic prior authorization, to make decisions on requests within shorter timeframes that align CMS programs and to increase transparency for the prior authorization of drugs. In addition, CMS is proposing to require impacted payers to update health information technology (health IT) standards and to report interoperability API endpoints and API usage metrics to CMS. 

Furthermore, under HIPAA, the U.S. Department of Health and Human Services (HHS) is proposing to adopt certain Health Level Seven® (HL7®) Fast Healthcare Interoperability Resources® (FHIR®) standards and implementation specifications for transactions related to prior authorizations. These HHS proposals would apply to all HIPAA covered entities (healthcare providers, health plans and healthcare clearinghouses) that electronically exchange prior authorization requests and decisions for items and services.

Electronic Prior Authorization for Drugs

The 2024 final rule requires impacted payers to implement and maintain a Prior Authorization API to facilitate electronic prior authorization for non-drug items and services. CMS now proposes to require impacted payers to incorporate coverage and documentation requirements into those APIs to support the electronic prior authorization of drugs covered under a medical benefit beginning October 1, 2027.

CMS is also proposing to require that state Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities and QHP issuers on the FFEs support electronic prior authorization for drugs covered under a pharmacy benefit—which aligns with existing requirements for Medicare Part D sponsors. Specifically, CMS is proposing to require those impacted payers to support three National Council for Prescription Drug Programs (NCPDP) standards—the SCRIPT, Formulary & Benefit (F&B) and Real-Time Prescription Benefit (RTPB) standards—beginning October 1, 2027.

FHIR Standard for Prior Authorization Transactions

HHS is proposing to modify the current HIPAA Administrative Simplification standards for dental, professional and institutional transactions related to prior authorization. Specifically, HHS is proposing to adopt the FHIR standard and certain FHIR implementation guides (IGs) as the standards for the “referral certification and authorization” and the “eligibility for a health plan” transactions related to prior authorization. Alternatively, we propose to also adopt the FHIR standard and applicable FHIR IGs to also include transactions for referral certifications. These modifications would improve transparency for patients, streamline provider workflows, increase transaction speed and accuracy, and reduce costly administrative inefficiencies. 

HHS also proposes to adopt the HL7 FHIR Da Vinci Clinical Data Exchange (CDex) IG as the standard for attachments accompanying prior authorization transactions. The CDex IG is used to exchange files in various formats such as Consolidated Clinical Document Architecture (C-CDA) documents, PDF and text files. This flexibility allows documents containing relevant patient data to be shared seamlessly across health IT systems. The CDex IG also allows health plans to be explicit with the data they are requesting, which would help healthcare providers avoid spending time gathering and sending more information than necessary. 

HHS proposes that HIPAA covered entities that engage in those electronic transactions would be required to comply with these proposals no later than 24 months after the final rule’s effective date. Small health plans would have 36 months after the final rule’s effective date to comply with these proposals. HIPAA covered entities which do not engage in electronic prior authorization transactions would not be required to adopt these standards. 

API Endpoints and Associated Information

CMS is proposing to require impacted payers to report their API endpoints for each of the interoperability APIs for CMS to publish in a centralized location. In addition, CMS is proposing to require impacted payers to submit to CMS a direct URL to their interoperability APIs’ FHIR capability statements and URL(s) with required technical documentation—about authorization and authentication protocol and implementation details and API registration information—for each of their interoperability APIs.

CMS is proposing that existing impacted payers report this required information to CMS no later than 60 days after the effective date of a final rule and that new impacted payers report this information no later than 60 days before they begin covering patients under the applicable CMS program. In addition, impacted payers would be required to update the information within one week of any changes and verify that the reported information is still correct at least annually. 

Alternatively, CMS is proposing that impacted payers report the proposed information for each interoperability API using the National Directory of Healthcare Providers & Services (NDH) IG Endpoint Profile resources. 

Health IT Standards and Specifications 

This proposed rule includes proposals from the Office of the National Coordinator for Health Information Technology (ONC) to adopt updated versions of certain health IT standards and specifications on behalf of HHS related to the interoperability APIs. Adopting these updated versions would support the continued development of a nationwide health IT infrastructure and ongoing federal alignment of standards for interoperability and health information exchange. In addition, ONC proposes that certain currently adopted versions of the proposed standards in 45 CFR 170.215 would expire on January 1, 2028.

We will provide more details arising from the interoperability proposed rule in next week’s alert.