PA BridgeResources

CMS-0057-F for Qualified Health Plan Issuers on the Federally-Facilitated Exchanges

Draft — pending verification

This reference entry has not yet been verified against its authoritative source (CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F), 89 FR 8758 — verify against rule text and current CMS FAQs). Do not rely on it for production configuration until this notice is removed.

Who is covered

Issuers of qualified health plans offered on the Federally-facilitated Exchanges (FFEs). Off-Exchange commercial plans, state-based-Exchange-only issuers (as issuers of SBE plans), self-funded employer plans, and stand-alone dental plans are outside CMS-0057-F's direct reach — a major market-coverage gap to keep in mind when generalizing about 'commercial' plans.

Deadlines and requirements

DateRequirementDetail
2026-01-01Specific denial reasons (plan years beginning on/after this date)Prior-auth denials must carry a specific reason. Note the QHP pattern throughout: obligations attach by plan year, not calendar date.
2026-03-31First public PA metrics reportAnnual public posting of prior-authorization metrics on the issuer's website, first report due by March 31, 2026.
2027-01-01Prior Authorization API (plan years beginning on/after this date)FHIR-based PA API with documentation-requirement lookup and request/decision support; Da Vinci CRD/DTR/PAS recommended. Issuers may request exceptions through the QHP certification process in limited circumstances — verify the current exception criteria with CMS.
2027-01-01Provider Access API (plan years beginning on/after this date)FHIR API for in-network providers with attribution and patient opt-out.
2027-01-01Payer-to-Payer API (plan years beginning on/after this date)Exchange with previous/concurrent payers — significant for the individual market, where members move between Marketplace plans annually and churn between Medicaid and Marketplace coverage.
2027-01-01Patient Access API enhancements (plan years beginning on/after this date)Prior-authorization information added to the Patient Access API; API usage metrics reporting to CMS begins in 2026.

Nuances worth knowing

  • The headline difference: CMS-0057-F's prior-auth decision timeframes (72 hours/7 days) were NOT applied to QHP issuers. QHP turnaround obligations instead come from state law and other applicable requirements — verify per state before configuring SLAs.
  • Issuers with MA or Medicaid lines of business will usually standardize on the strictest requirement set across the enterprise anyway; QHP-only issuers have more genuine flexibility on timeframes but identical API obligations.
  • The exception pathway through QHP certification is narrow and time-bound — treat it as contingency planning, not strategy.

Frequently asked questions

Do the 72-hour/7-day turnaround requirements apply to QHPs?

No. CMS did not extend CMS-0057-F's decision timeframes to QHP issuers on the FFEs. The denial-reason, public-metrics, and API requirements do apply. State-law turnaround requirements still govern where they exist — check each state.

Our plans are only on a state-based Exchange — are we covered?

CMS-0057-F's QHP provisions reach QHP issuers on the Federally-facilitated Exchanges. SBE-only issuers are outside that specific hook, though states may impose parallel requirements — and several have. Verify with counsel per state.