By Leigh Burchell (Altera Digital Health), EHRA Public Policy Leadership Workgroup Chair

This is part three in a four-part series examining the need for ePA, the barriers presented by the current environment, necessary capabilities and functionality for progress, and the EHR Association’s policy recommendations. Read part two here. 

There is a strong use case for electronic prior authorization (ePA), given the frustration providers have with the burdensome current processes, and health IT developers recognize the potential that exists for our technologies to assist with making our clients’ lives easier in this area. However, the road to success with ePA will be rocky if it is not broadly rolled out at a pace and with a legal/regulatory cadence that aligns with the ability of stakeholders to deploy and use solutions that follow consistent standards. Therefore, the EHR Association supports the promulgation of ePA requirements only when undertaken in a way that avoids prior policy mistakes of pushing faster than standards development can keep up. 

Rolling out ePrior Authorization will be complex, even moreso than similar efforts at digitization we’ve already accomplished. This complexity stems from the need for change – and adoption of agreed-upon standards – by multiple stakeholders with varying levels of readiness.  For example, it is important to work closely with payers to ensure their readiness for the required bidirectional information flow using standards and to ensure functionality can be sufficiently tested. This also helps avoid a scenario in which payers roll out individual requirements to which EHR developers and providers will have to respond, which would be highly inefficient. 

Further, in order for this initiative to succeed, clear expectations and patience by policymakers in rolling out requirements at a deliberate pace are essential. Any unintentional release of ambiguous definitions, the inclusion of unclear enforcement procedures, or failure to sufficiently address intersections between other federal, state, and local regulatory frameworks weaken the ability of actors to have confidence that they are compliant.  

In the past, there have been instances in which policymakers were so eager to move the industry forward that they issued requirements before standards were agreed upon through the normal consensus-driven processes. This is the most frustrating scenario by some measures, as our industry has spent countless resources developing products to satisfy certification criteria that are not standards-based (or support requirements our clients must meet) or on timelines that don’t align with the standards development process; right now, we face this exact scenario as we collectively work to deliver Electronic Health Information Export functionality without any industry-wide standard associated with the requirement. We already know that this will lead to us having to redo software development in the future when a standard is named.

Recommendations
The EHR Association recommends a two-stage approach to ePA, which is laid out in our previous RFI response to the Office of the National Coordination of Health IT (ONC). 

Briefly, we recommend that Stage 1 focus on working with the Centers for Medicare and Medicaid Services (CMS) on the adoption and certification of the Coverage Requirements Determination (CRD) and the Prior Authorization Support (PAS) Implementation Guides on the payer side – saving Documentation Templates and Rules (DTR) for a later date due to the substantial complexity of managing its capabilities on the provider side – and establish a clear implementation standard for any interactions with payers supporting prior authorization. 

Stage 2 would involve the establishment of certification criteria based on the matured and evolved interaction distributions across health IT, with the typical interaction sets documented clearly within each Implementation Guide. Further, extend the provider functional requirement for prior authorization engagement with the use of certified health IT to support the prior authorization workflow.

While there will be a progression and expansion of the basis on which health IT is certified, we strongly recommend that providers be fully supported over time by a suite of certified health IT for the full ePrior Authorization workflow.

We also recommend carving out sufficient time for health IT developers to design efficient solutions, write safe and secure code, and test thoroughly, and for healthcare organizations to implement, quality test, and train on all changes. The EHR Association recommends at least 18 months from the release of all final requirements before the use of any affected software is required and urges ONC to:

• Increase coordination among federal agencies to align terminology, standards used, reporting expectations, and other factors to reduce the burden of compliance and eliminate unnecessary variation affecting software developers and the care providers using 
• Prioritize data standards by focusing regulations on the development and use of mature, balloted standards developed by ISOs, such as HL7. Funding for investment in new technologies should be contingent on the adoption of such standards to avoid duplicative or otherwise unnecessary work.

Finally, include EHR developers early in any legislating and rule-writing efforts. With our knowledge of the care settings, people, interactions, and processes involved in healthcare delivery, we can advise policymakers on healthcare organizations’ readiness to succeed in proposed programs, as well as the development, implementation, and testing that will be necessary to safely deploy the newest requirements. 

Along with Burchell, contributing authors to this blog series are EHRA Chair Hans Buitendijk (Oracle Cerner) and Co-chair David Bucciferro (Foothold Technology), and EHRA Public Policy Leadership Vice Chair Janet Campbell (Epic).