Complete Timeline
- Patient Access API terminology changes take effect
- Medicaid notice and fair hearing clarifications effective
- Payers may voluntarily adopt updated versions of required standards
- Three-year implementation window begins for API development requirements
- PA response timeframes enforced: 72 hours for urgent requests, 7 calendar days for standard (all impacted payers except QHP issuers on FFEs)
- Specific denial reasons required: Payers must include detailed rationale when denying PA requests
- Public PA metrics reporting: All impacted payers must publicly report approval/denial rates, response times, and related metrics
- Patient Access API metrics: Annual reporting to CMS on API utilization begins
- USCDI v1 and US Core IG STU 3.1.1 expire — replaced by USCDI v3 and updated IG versions
- Patient Access API enhanced with prior authorization data
- Provider Access API live — including patient opt-out process and educational materials
- Payer-to-Payer API live — including previous/concurrent payer discovery, patient opt-in, and educational materials
- Prior Authorization API live — full CRD/DTR/PAS workflow available via FHIR
- MIPS Electronic Prior Authorization measure: CY 2027 performance period begins (yes/no attestation)
- Medicare Promoting Interoperability: CY 2027 EHR reporting period begins for hospitals/CAHs
- MIPS 2029 payment year: Electronic Prior Authorization attestation from CY 2027 affects MIPS payment adjustments
Payer-Specific Date Variations
While CMS uses "January 1, 2027" as the general shorthand for the API deadline, the exact compliance trigger varies by payer type:
- MA organizations: Must comply by January 1 of the applicable year (hard date)
- State Medicaid FFS & CHIP FFS programs: Must comply by January 1 of the applicable year (hard date)
- Medicaid managed care plans & CHIP managed care entities: Must comply by the rating period beginning on or after January 1 of the applicable year
- QHP issuers on the FFEs: Must comply for plan years beginning on or after January 1 of the applicable year
Extensions, Exemptions & Exceptions
CMS recognized that not all impacted payers will be ready by the compliance dates and finalized pathways for certain payer types to seek additional time:
Extensions & Exemptions
State Medicaid and CHIP FFS programs may request an extension of the compliance dates or a full exemption from certain requirements, depending on their circumstances. States must demonstrate specific barriers to timely compliance.
Exceptions Process
QHP issuers on the FFEs may request an exception from the API requirements, conditioned on CMS's annual approval of a narrative justification. This must be renewed each year.
MA organizations do not have an extension, exemption, or exception pathway under CMS-0057-F. They must meet the January 1, 2027 deadline or face enforcement action through existing MA compliance mechanisms.
Enforcement
CMS will use existing enforcement mechanisms specific to each payer type. For MA organizations, non-compliance may result in compliance actions, civil monetary penalties, or contract termination. For Medicaid managed care plans, states are responsible for enforcing compliance through their managed care contracts. For QHP issuers, CMS may take enforcement action through the FFE oversight process.
CMS has emphasized that the approximately three-year implementation window is intended to be sufficient for all impacted payers to meet these requirements. The availability of extensions, exemptions, and exceptions is meant for genuinely exceptional circumstances — not as a routine accommodation.
```