Like 207
Prior authorization (PA) has long been one of healthcare’s most persistent administrative hurdles. Manual paperwork, fragmented processes, slow approvals, and inconsistent payer rules leave providers stretched, and patients waiting too long for treatments and medications.
Nearly 13 hours of physician and staff time each week and $35 billion in annual administrative waste stems from a system that often adds friction without clinical benefit. CMS-0057-F is the Centers for Medicare & Medicaid Services (CMS) response. It does not eliminate prior authorization but establishes deadlines and requires infrastructure improvements to enhance efficiency.
What the rule does?
Finalized in January 2024, CMS-0057-F requires impacted payers: Medicare Advantage organizations, Medicaid managed care plans, CHIP entities, and QHP issuers to build FHIR-based Prior Authorization APIs by January 2027. Since January 2026, binding turnaround times have applied: 72 hours for urgent requests and 7 calendar days for standard requests. Every denial must now include a specific clinical reason, as well as payer performance metrics, including approval rates, denial rates, and turnaround times.
The rule is designed to move the industry away from phone calls, faxes, and manual portal submissions toward a more structured, automated process. That said, the transition will be gradual and path dependent. Smaller providers, portal-dependent experience, and varying EHR readiness mean that alternate submission paths will continue to coexist alongside the new API infrastructure for some time. The technical foundation intended to drive this shift is built on three Da Vinci FHIR implementation guidelines:
Image
Together, these form the building blocks of a workflow intended to replace today’s manual processes, not overnight, but directionally and with enforceable timelines.
Same Rule. Four Very Different Realities.
Payers & Providers
For payers, this rule is first and foremost a build challenge. They need to build digital APIs, convert clinical criteria PDFs into structured questionnaires, meet 24/7 turnaround times, and ensure UM vendors follow the rules. Plans that treat compliance to stand out will have less PA friction, better relationships with providers, and higher MA STAR ratings. If they only do the bare minimum, providers will notice right away.
For providers, the benefits of the rule depend on how well their EHR vendors integrate the changes. Large health systems testing CRD and DTR can look forward to real-time PA checks, automated documentation, and faster decision-making. Smaller practices that still rely on portals and fax may have to wait longer to see these improvements, even after the deadline.
Delegated UM Entities & Intermediaries
Delegated utilization management entities, which make most prior authorization decisions for health plans, face a uniquely complex role. While payers retain accountability for compliance, delegates handle execution. This division is prompting urgent renegotiations of UM delegation agreements across the industry. Further complicating matters, it remains unclear whether CRD and DTR responsibilities belong to the payer or the delegate. Some health plans are developing their own smart on FHIR front ends, while others assign this responsibility to UM vendors. Many are still negotiating these roles on a case-by-case basis; a grey area explored in detail in the whitepaper.
For intermediaries such as clearinghouses, third-party administrators, and health information exchanges, this period presents a significant market opportunity. Intermediaries that offer a broad payer network coverage and a reliable interoperability layer for routing are well-positioned to become the preferred connectivity solution. However, as direct payer-to-provider FHIR connections advance, intermediaries must continually demonstrate the value of the hub model to maintain their relevance.
What about Small Practices?
Small and independent practices may benefit the least from a rule designed partly in their favor. Most rely entirely on their EHR vendor to unlock the process of improvements, and many smaller systems are still working toward readiness. The 2024 CAQH Index found that only 35% of PA transactions are fully electronic today. For now, most small practices will continue using portals, with quicker turnaround times and denial-specificity requirements applying regardless of the submission channel.
The role of Portals in the new world
Portals, the web-based interfaces through which most PA requests are submitted today, are not going away. CMS-0057-F mandates that payers build and expose FHIR-based APIs, and the rule's process requirements around accelerated decision-making and specific denial reasons apply regardless of how the request arrives.
What is changing is what happens behind the portal. Some health plans are modernizing their portals to wire directly to integrated back-end APIs, making every web-form submission effectively FHIR-compliant without requiring providers to make changes on their end. Intermediaries are positioning their existing networks as CMS-0057-F-compliant. For practices without FHIR-capable EHRs, this intermediary hub model is likely the most practical near-term path to capturing some of the rule benefits, though with limitations. The on-demand CRD capability still requires EHR-native integration and cannot be fully delivered through a browser-based model.
Is real-time Coverage Requirements Discovery actually required?
CMS-0057-F does not explicitly name CRD as a mandatory component. But skipping it preserves a reactive model in which PA requirements are only discovered after the order is placed, not at the clinical moment when they matter. CRD is what makes the new workflow proactive. The Da Vinci CRD Implementation Guide sets a 5-second response target for hook calls, making it a real infrastructure investment. Whether that investment is right for your organization and what it takes to get there are among the more consequential implementation decisions covered in the whitepaper.
At Cybage, we help organizations accelerate compliance and modernization through readiness assessments, workflow optimization, and specialized healthcare integration expertise.
Ultimately, the mandate aims to reduce administrative friction and help patients receive care more quickly and predictably.
The standards exist. The implementation guides are mature. The deadlines are set. What varies enormously is whether your organization is building toward the rule’s intent or just its minimum requirements. That gap will be visible to every provider, patient, and regulator in your network.
Want to dive deeper? Read our whitepaper on CMS-0057-F and the future of interoperable prior authorization.
Have questions about how this impacts your organization? Our healthcare technology experts are here to help.
