That’s how Centers for Medicare & Medicaid Services (CMS) Administrator Mehmet Oz announced the publication of the CMS Final Rule on the Adoption of Standards for Health Care Claims Attachments and Electronic Signatures. A CMS fact sheet called the rule “groundbreaking.”
The new guidance will likely not make many headlines, being narrow in its scope, but you have to give credit to CMS for making a rather wonky rule sound exciting.
The rule is meant to move providers and payers to electronic exchange of clinical data, in contrast to using snail mail and faxes. In this particular case, the rule’s goal is to push Health Insurance Portability and Accountability Act (HIPAA)-covered entities to use electronic means when a payer requests that clinical data be sent in relation to a submitted claim (and when a provider sends the data).
The rule is the latest in a series of new regulations over the years in which CMS has adopted electronic standards for HIPAA administrative transactions. You’re probably all familiar with the X12 837, the standard and the most widely used of the HIPAA standard transactions.
CMS has also adopted electronic standards for providers to check eligibility of members (270/271) and standards for the Electronic Funds Transfers (EFT-CCD+) and electronic remittance advice (835).
Like most previous HIPAA transactions, last week’s rule adopts an X12 standard, the 277, for payers to request clinical documentation related to a claim, and the 275 for providers to send that information. The rule also adopts a number of HL7 standards, like the Clinical Document Architecture (CDA), to provide a framework for the documentation.
The rule sets the compliance date for the move to these standards as May 2028.
What’s important here – and notable – is what the rule does not include. The rule does not include prior authorization in its scope and in fact, specifically excludes it.
The rule only applies to clinical attachments, solicited or unsolicited, by payers that are related to a specific claim. That is, distinct from a prior authorization request, the rule applies only to claims on healthcare items and services that have already been provided.
A bit of a word to the wise: I asked ChatGPT about the rule when it came out last week, specifically whether it included standards for prior authorization. It replied, emphatically, yes! ChatGPT said that prior authorization was one of three use cases that the rule adopted standards for.
To be clear, the rule does not include prior authorization. ChatGPT was likely looking at the proposed rule and the large amount of industry response and commentary on how the proposed rule included prior authorization.
Speaking of misinformation, at least one of the articles published in an industry trade report last week said that under this Final Rule, providers must send all claim attachments electronically by the compliance date in the rule, May 2028.
That is not accurate either (maybe the author asked ChatGPT.)
Like all other HIPAA standard transactions, and the regulations that adopt standards for them, providers are not required to conduct the transactions electronically. They can keep their paper and mail and faxes. However, if providers do decide to conduct the transactions electronically, they must use CMS’s adopted standards.
Health plans, on the other hand, have to be ready to conduct the HIPAA transactions electronically by their respective compliance dates. Health plans must be able to conduct any and all adopted HIPAA standard transactions electronically, should a provider request them.
To summarize, CMS adopted new standards last week to be used when a health plan electronically requests clinical documentation related to a claim, and when a provider sends that documentation back electronically. Plans have to be up to speed with the ability to do this by May 2028, should providers want to conduct that transaction electronically.
Providers: whenever you’re ready, after May 2028, health plans should have the ability to electronically request and receive clinical documentation related to a claim.
In the meantime, you might want to hold on to that fax machine for just a little longer.
Finally: trust, but confirm, what the robots tell you.
