Why Health Plans Can’t Treat Prior Authorization APIs and Claims Attachments as Separate Projects

Bettina Vanover, Regulatory Compliance Principal at HealthEdge

Most health plans approach regulatory deadlines in a sequential order. They establish separate implementation strategies and initiatives, prioritizing each program based on the looming compliance date. While this methodology is understandable, it also introduces inherent risks for rules that share workflow, data, governance and vendor dependencies. The uncertainty is not technical incompatibility, but rather organizational separation.

This concern is top of mind for healthcare organizations as the industry prepares for the enactment of a pair of CMS mandates, one surrounding prior authorization APIs and another centered on claims attachments. Traditional thinking would indicate health plans should first address the Interoperability and Prior Authorization Final Rule, given its January 1, 2027, compliance date, and revisit the Claims Attachment Final Rule later since the requirements will not go into effect until May 26, 2028. The organizations that treat these as separate projects are more likely to duplicate work, confuse providers and make operational decisions that will be difficult to unwind later. The better solution is to identify the shared problem underpinning both rules and develop a unified implementation strategy. 

The Convergence of Two Rules within a Health Plan

While these are separate mandates, they both depend on the same underlying realities, including how clinical documentation moves between providers and health plans. The Interoperability and Prior Authorization Final Rule (CMS-0057-F) mandates Fast Healthcare Interoperability Resources also known as FHIR®-based APIs to improve data exchange and streamline prior authorization requests and responses. The Claims Attachments Final Rule (CMS-0053-F) standardizes the electronic exchange of clinical supporting documentation via X12 transactions. Both rules depend on the ability to electronically request and receive clinical information, attribute it to the right member and route it to through the appropriate review process, preserve auditability and communicate decisions in a way providers can understand and act on. 

CMS is creating a future in which both standards coexist, often touching the same documentation workflows, provider relationships, technology partners and internal governance structures. Despite the fact these are all different regulatory instruments, they all rely on the same infrastructure. That is why a siloed strategy is so dangerous. If one team launches the prior authorization API workflow solution while a different group designs the claims attachment initiative later, the health plan may end up with two different documentation intake models, provider education campaigns and vendor roadmaps. This can force a provider to interact with multiple health plan portals, inconsistent documentation rules, duplicate requests and confusing denial rationales. Compliance may be achieved on paper, but the burden persists in practice. 

Market Pressure Will Not Wait Until 2028

It’s important for health plans to understand the compliance risk is establishing disconnected programs for a shared documentation and workflow problem. The May 2028 deadline on the Claims Attachments Final Rule tempts organizations to address the prior authorization mandate first before starting work on the claims attachment process, but the sequential model sets organizations up for failure. Both projects share an operational core and the infrastructure and governance decisions impacting the foundation of each are happening now, not in 2028. The choices being made today will determine whether future workflows are simplified or just more digital.

Administrative burden across the healthcare ecosystem has rapidly emerged as a market issue, making the need for improved systems, solutions and processes more important than ever. Research shows that more than 94% of physicians admit prior authorization is delaying care and increasing physician burnout. The Prior Authorization Final Rule is designed to significantly reduce the burden placed on health plans, providers and patients, and the successful implementation has the potential to save clinicians up to 14 minutes per authorization and the industry approximately $15 billion over the next decade. For these estimates to transform into actual results, it is imperative for health plans to understand the necessary steps to ensure readiness as we approach the compliance deadlines for both mandates.

The Practical Health Plan Playbook

The path forward for health plans is not to consolidate every regulatory initiative  into a single technical build. The prior authorization and claims attachment rules each serve a different purpose and have their own scope, timing and standards. However, health plans should leverage a playbook that enables them to organize around the shared workflow. 

The first step for health plans to establish a collaborative and cohesive operating model is to identify a single executive owner or create a governance body that operates across both prior authorization APIs and claims attachments. The goal is to have a single source of governance to prevent conflicting decisions around documentation policy, provider engagement, vendor accountability and operational metrics. Once the leadership is in place, organizations should compile an inventory of documentation-heavy workflows to inform both the prior authorization and claims attachment roadmap. This will identify where and how clinical information is currently requested, the clinical specialties that generate the most friction and where duplicate requests or avoidable denials occur.

Health plans should use this opportunity to streamline provider enablement, and the next step is to simplify how they communicate expectations, timelines, denial reasoning and resubmission pathways. For example, providers should not receive a set of instructions for API-enabled prior authorization and a separate set that details electronic claims attachments. A critical element of successful implementation is for health plans to hold vendors and partners accountable to workflow outcomes and not just technical conformance. Health plans should ask how their partners’ solutions will support both FHIR-enabled prior authorization and X12-based claims attachment exchange over time.

For these mandates to be successful, health plans need to identify what performance indicators matter most and how to best measure them. While compliance dashboards are essential, they are not enough to determine how well programs are running and if they are truly reducing friction for providers. Plans should track documentation cycle time, avoidable requests for additional information, provider complaints, denial rework, appeal patterns and the percentage of documentation exchanged through automated channels.

The industry is moving into a period of coexistence, where different standards will have overlapping timeliness and obligations within the administrative and clinical exchange ecosystem. The strategic question health plans must answer is whether the organization can create a common operating model across multiple standards without introducing additional complexities for providers and members. The most successful health plans will be those that see the mandates as an opportunity to redesign how documentation moves across the health plan-provider relationship and leverage them to speed decisions, reduce manual intervention and foster a better provider experience with more predictable processes. The inherent risk isn’t choosing the wrong standard to prioritize – it’s building the wrong operating model.


About Bettina Vanover, CHC, CIPP/US

Bettina Vanover is a Regulatory Compliance Principal at HealthEdge, where she is responsible for implementing regulatory strategy that supports payer organizations in meeting evolving healthcare standards. Vanover has more than two decades of leadership experience across healthcare compliance, regulatory strategy and government program oversight, and deep expertise in enterprise risk management, audit readiness, and scalable compliance frameworks. In her current role, Vanover is focused on helping health plans navigate regulatory complexity while driving efficiency, transparency and improved care delivery.


Similar Posts

Leave a Reply