- Are HIPAA covered entities required to use the X12 278 standard for electronic prior authorizations if they have implemented or are using the Prior Authorization API?
Although the requirement still exists in regulation, the Office of Healthcare Experience and Interoperability (OHEI) National Standards Group (NSG), on behalf of the Department of Health and Human Services (HHS), announced an enforcement discretion for Health Insurance Portability and Accountability Act of 1996 (HIPAA) covered entities that implement and use a Fast Healthcare Interoperability Resources®(FHIR)®-based Prior Authorization API, as described in the CMS Interoperability and Prior Authorization final rule (CMS-0057-F). By virtue of that enforcement discretion, the regulatory requirement notwithstanding, HIPAA Administrative Simplification enforcement action will not be taken against HIPAA covered entities that choose to not use the X12 278 standard and instead use an all-FHIR® Prior Authorization API.
Further inquiries about this enforcement discretion should be sent to AdministrativeSimplification@cms.hhs.gov, with the subject line: “Enforcement Discretion Question.” Questions on other topics related to the HIPAA adopted standards or operating rules may be sent to this same e-mail address. For more information, see the related FAQs or visit the CMS Administrative Simplification website at go.cms.gov/AdminSimp.
- Is it possible to comply with the CMS Interoperability and Prior Authorization final rule by only offering an X12 278 Electronic Data Interchange (EDI) transaction via the Prior Authorization API?
No. The CMS Interoperability and Prior Authorization final rule (CMS-0057-F) requires the use of certain Health Level 7® (HL7®) standards and recommends certain HL7® implementation guides. Together, these standards and implementation guides enable a payer to meet the requirements of the final rule. Impacted payers are required to build a Prior Authorization API that is populated with the payer’s list of covered items and services that require prior authorization, can identify all documentation required by the payer for approval of any items or services that require prior authorization, and supports a prior authorization request and response. The current version of the X12 278 transaction can be used to send prior authorization requests and receive responses, but it cannot meet the other requirements of the CMS Interoperability and Prior Authorization final rule.
HIPAA Transaction Enforcement Discretion
Page Last Modified:
11/13/2024 01:27 PM