Assess CMS-0057 prior authorization API compliance requirements and implement the mandatory FHIR endpoints for impacted payers

Verified steps

1. Identify whether your organization is an impacted payer under CMS-0057: the rule applies to MA organizations, Medicaid FFS, CHIP, and QHP issuers on exchanges; verify your line of business against the final rule's applicability definitions
2. Implement a FHIR R4 prior authorization API supporting the Da Vinci PAS '$submit' operation, using the PAS IG profiles for Claim and ClaimResponse resources, accessible to providers with SMART on FHIR authentication
3. Implement required response time SLAs as specified in the rule: urgent requests must receive a response within a defined timeframe (check the final rule for exact hours); non-urgent requests within a longer window; pended requests must notify within the applicable window
4. Add prior authorization tracking fields to your Patient Access API and Provider Directory API: the rule requires ExplanationOfBenefit resources to include prior authorization numbers and status when applicable
5. Implement a publicly accessible FHIR endpoint for providers to query prior authorization status using ClaimResponse searches; support search parameters for patient, service date, and authorization number
6. Document compliance in your payer attestation and prepare for CMS audits by retaining records of all prior authorization API requests and responses with timestamps