Skip to main content

Oregon State Flag An official website of the State of Oregon » Homepage

Federal Interoperability & Patient Access Rules

Federal Interoperability & Patient Access Rules Overview

On March 9, 2020, the U.S. Department of Health and Human Services (HHS) released two health IT final rules requiring implementation of new interoperability policies.

  • The Centers for Medicare and Medicaid Services (CMS) Interoperability and Patient Access Final Rule focuses on patient access to electronic health information (EHI) and interoperability among providers, payers and patients.
  • The Office of the National Coordinator for Health Information Technology (ONC) 21st Century Cures Act (Cures Act) Final Rule focuses on health IT certification, which applies to health IT developers; and policy guidance on what does not constitute information blocking, which applies to healthcare providers, health IT developers, and health information exchanges/networks.

The goal of CMS' Interoperability and Patient Access Final Rule is to put patients first, giving them access to their health information when they need it most and in a way they can best use it. The purpose of Cures Act Final Rule is to give patients and their healthcare providers secure access to health information and to foster innovation to provide patients with more choices in their healthcare. The rule includes a provision requiring that patients can electronically access their electronic health information at no cost.

ONC 21st Century Cures Act Final Rule

The Office of the National Coordinator for Health Information Technology (ONC) Cures Act Final Rule was also published in the Federal Register on May 1, 2020. See the Cures Act Final Rule website for more information and the latest updates. See Cures Act final rule infographics for regulatory dates and enforcement discretion dates. ONC intends to exercise enforcement discretion for 3 months at the end of certain ONC Health IT Certification Program compliance dates associated with the Cures Act Final Rule to provide flexibility while ensuring the goals of the rule remain on track.

Key resources from ONC:

CMS Interoperability and Patient Access Final Rule

The Centers for Medicare & Medicaid Services (CMS) Interoperability and Patient Access final rule was published in the Federal Register on May 1, 2020. CMS finalized four new policies for payers and three for providers. A brief description of each of these topics can be found in the CMS Fact Sheet. On August 14, 2020, CMS released a State Health Official letter that describes how CMS-regulated payers (including Medicaid managed care plans) should implement this final rule. 

Please view Policies and Technology for Interoperability and Burden Reduction for:

  • adjustments to the implementation and enforcement timeline
  • technical standards
  • implementation guides for Patient Access and Provider Directory APIs
  • technical standards
  • patient privacy and security resources

CMS Reducing Provider and Patient Burden NPRM

On December 10th,  CMS released a proposed rule, building on the CMS Interoperability and Patient Access final rule (CMS-9115-F) that would require certain CMS-regulated payers to improve the electronic exchange of health care data via Application Program Interfaces (APIs) and streamline the prior authorization process to reduce burden on payers, providers, and patients.  This proposed rule would place new requirements on Medicaid and CHIP managed care plans, state Medicaid and CHIP fee-for-service programs, and Qualified Health Plans (QHP) issuers on the Federally-facilitated Exchanges (FFEs).

For a summary of the proposed rule see the CMS Fact Sheet. The proposed rule can be found here:

Highlights of the NPRM include that starting January 1, 2023 payers:

  • Add prior authorization decisions to Patient Access API information sharing requirements
  • Implement a privacy policy attestation process for third-party app developers
  • Implement a Provider Access API for payer-to-provider data sharing
  • Reduce prior authorization burden on providers through the implementation of APIs and other requirements
  • Meet additional Payer-to-Payer requirements, including the use of a FHIR-based API similar to Patient Access
  • Add claims, encounters, and prior authorization decisions to Payer-to-Payer Exchange information sharing requirements
  • Adopt specified implementation guides to support API implementation

The NPRM also includes five Requests for Information (RFIs). CMS is seeking comments on the following:

  • Methods for Enabling Patients and Providers to Control Sharing of Health Information
  • Electronic Exchange of Behavioral Health Information
  • Reducing Burden and Improving Electronic Information Exchange of Documentation and Prior Authorization
  • Reducing the Use of Fax Machines for Health Care Data Exchange
  • Accelerating the Adoption of Standards Related to Social Risk Data

Contact us

If you have questions, please reach out to Marta Makarushka.

Contact information: 
Marta Makarushka, Lead Policy & HIT Environment Analyst

Contact us

Have questions? Reach out to Marta Makarushka at 

Rules FAQ

View our federal interoperability and patient access rules FAQs here>


10/1 HITOC Ad-hoc Webinar: Federal Interoperability Final Rules Webinar
11/5 CCO/Payer: Federal Interoperability Final Rules Webinar
1/25 CCO/DCO Federal Interoperablity Rules Follow Up Webinar
OHA Payer Work Sessions
CMS Resources

Past Events