Overview: What the Rule Requires
The CMS Advancing Interoperability and Improving Prior Authorization Final Rule is reshaping how health data moves between payers and providers. Released in January 2024, the rule mandates that Medicare Advantage organizations, state Medicaid and CHIP programs, managed care entities, and Qualified Health Plan issuers implement HL7 FHIR-based APIs for data exchange. Furthermore, it sets strict new timelines for prior authorization decisions.
Starting January 1, 2026, impacted payers must send standard prior authorization decisions within seven calendar days and expedited approvals within 72 hours. Additionally, payers must now provide clear written reasons for any prior authorization denial. The API development and enhancement requirements carry a compliance deadline of January 1, 2027.
Together, these provisions are designed to reduce administrative burden, boost care coordination, and move the industry toward fully electronic prior authorization processes.
Where Payers Stand Today
Progress Is Happening — But Slowly
According to a new survey by the Workgroup for Electronic Data Interchange (WEDI), released at the 2026 HIMSS Global Health Conference in Las Vegas, payers have made notable progress over recent months. However, significant gaps remain. Currently, 10% of payers have not yet started work on the Prior Authorization API requirements. This is a marked improvement from October 2025, when that figure stood at 43%.
WEDI Executive Director Robert Tennant acknowledged the momentum: “We were encouraged to see that the percentage of payers who had not yet begun implementation declined from 43% in October 2025 to just 10% in February 2026.”
Completion Rates Remain Low
Despite this forward movement, completion levels are still concerning. Currently, 35% of payers estimate they are 25% or less complete with Patient Access API implementation — though this is down from 66% in October 2025. Only 16% expect to reach 75–100% completion by the January 1, 2027, deadline.
Where Providers Stand Today
Providers Are Falling Further Behind
Providers face a steeper uphill climb. WEDI’s survey reveals that 33% of providers have not yet started implementing the Prior Authorization API. This compares with 42% in early 2025, showing some improvement. However, less than half — just 47% in earlier reporting — said they are somewhat or very likely to meet the January 1, 2027, deadline.
Uncertainty Around Cost and Workflow
Cost remains a major unknown for provider organizations. The majority of providers — 55% — are still unsure of the total cost for implementing the final rule requirements and training their staff. Moreover, only 33% of providers indicate they are somewhat or very likely to implement the Provider Access API, down from 44% in the previous survey period.
Top Implementation Challenges for Payers
Three Critical Barriers
Payers consistently report three main obstacles slowing their compliance progress:
1. Digitizing Prior Authorization Policies — Converting existing paper-based or manual PA processes into fully digital, API-compatible workflows is technically complex and resource-intensive.
2. Meeting Compliance Timelines — The rolling deadlines across 2026 and 2027 require sustained organizational focus and long-term resource allocation.
3. Third-Party Integration Issues — Delegated third parties face difficulties connecting with different systems, creating bottlenecks that payers cannot resolve unilaterally.
Additionally, funding is an ongoing concern. Roughly 35% of payers estimate API implementation will cost between $1 million and $5 million.
Top Implementation Challenges for Providers
Three Key Obstacles
Provider organizations, meanwhile, face a different but equally demanding set of challenges:
1. Sufficient Internal Expertise — Many provider organizations lack the technical staff needed to design, test, and maintain FHIR-based APIs.
2. Vendor and Health Plan Coordination — Testing with diverse vendors and health plan partners requires significant coordination, time, and clear communication.
3. Network Complexity — Sorting out how different networks interact — including TEFCA, QHIN, and HIE — adds another layer of technical complexity to an already demanding implementation process.
What Happens After Compliance Deadlines
Industry Support Is Available
Notably, 84% of clearinghouses and 81% of vendors plan to actively assist payers and providers in meeting the final rule’s requirements. This suggests the broader health IT ecosystem recognizes the urgency and is mobilizing support.
Why Full Compliance Matters
When fully implemented, these APIs are expected to deliver real benefits. Patients will gain faster access to their data across providers and plans. Providers will receive prior authorization information directly at the point of care. Meanwhile, payers will streamline administrative workflows and reduce denial-related disputes. In short, the rule holds significant promise — but only if stakeholders commit to completing implementation on time.
Key Takeaways
The WEDI survey makes clear that progress on the CMS Interoperability and Prior Authorization Final Rule is real but uneven. Payers are further along than providers. Nevertheless, both groups face serious challenges around technical expertise, funding, and third-party coordination. With the January 1, 2027, API deadline approaching, all stakeholders — payers, providers, vendors, and clearinghouses — must accelerate their efforts to meet one of the most consequential health IT mandates in recent years.
