CMS-0057-F for CHIP Fee-for-Service and Managed Care
Draft — pending verification
This reference entry has not yet been verified against its authoritative source (CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F), 89 FR 8758 — verify against rule text and current CMS FAQs). Do not rely on it for production configuration until this notice is removed.
Who is covered
State CHIP fee-for-service programs and CHIP managed care entities. Where a state runs CHIP as a Medicaid expansion, obligations track the Medicaid program; separate CHIP programs carry the requirements directly.
Deadlines and requirements
| Date | Requirement | Detail |
|---|---|---|
| 2026-01-01 | Prior authorization decision timeframes | Expedited requests within 72 hours, standard requests within 7 calendar days. Pediatric populations skew the request mix (therapies, behavioral health, DME) toward categories with high renewal volume, which raises the operational value of clean renewal workflows. |
| 2026-01-01 | Specific denial reasons | Specific denial reasons required on adverse determinations, layered on CHIP's existing notice and review protections. |
| 2026-03-31 | First public PA metrics report | Annual public posting of prior-authorization metrics, first due March 31, 2026. |
| 2027-01-01 | Prior Authorization API (FHIR) | FHIR-based PA API (Da Vinci CRD/DTR/PAS recommended). Small CHIP programs frequently satisfy this through their Medicaid enterprise systems or managed care vendors rather than standalone builds. |
| 2027-01-01 | Provider Access API | FHIR API for in-network providers with attribution and opt-out, covering claims, encounters, clinical data, and prior authorizations. |
| 2027-01-01 | Payer-to-Payer API | Exchange with previous/concurrent payers. CHIP-to-Medicaid and CHIP-to-Marketplace transitions as children age or family income changes make this a real workflow, not a checkbox. |
| 2027-01-01 | Patient Access API enhancements | Prior-authorization information added to the Patient Access API; usage metrics reporting to CMS begins in 2026. |
Nuances worth knowing
- Like Medicaid FFS, CHIP FFS programs have pathways to request extensions or exemptions for certain API requirements — the availability and scope must be verified against the rule text; CHIP managed care entities should confirm what applies to them versus the state.
- EPSDT-adjacent expectations in Medicaid-expansion CHIP states shape what UM may deny for children, so denial-reason quality and appeal-readiness deserve extra care in this population.
- Vendor leverage is the story for most CHIP programs: the same UM platform and API stack usually serves Medicaid and CHIP together, so CHIP compliance is often a configuration scope question rather than a separate build.
Frequently asked questions
Is CHIP treated differently from Medicaid under CMS-0057-F?
Mostly no — CHIP FFS and CHIP managed care are impacted payers on the same requirement set and dates as their Medicaid counterparts. Differences show up in program structure (Medicaid-expansion vs. separate CHIP) and in which entity — state or managed care contractor — carries each obligation.
Can a small CHIP program share its Medicaid APIs?
Operationally that is the common pattern: one API infrastructure serving both programs, with program-appropriate data segmentation. The compliance obligation still attaches to each program, so contracts and certifications need to name CHIP explicitly.