Navigating CMS Interoperability Compliance: Your 2026-2027 Playbook 

As the healthcare industry gears up for the new CMS regulations set to take effect in 2026 and 2027, it’s essential for health plans to begin preparing for the required changes. At HealthLX, we are more than just a service provider—we are your trusted partner and teammate throughout this compliance journey.

In this post, we’ll walk you through our comprehensive roadmap for ensuring your business is ready for these upcoming regulations. By following this structured approach, we believe we can set your organization up for success and ensure compliance with CMS Interoperability requirements (CMS-9115-F and CMS-0057-F). 

Step-by-Step Guide to CMS Compliance

Our process to navigate the new regulations is broken down into four distinct steps, designed to guide you through every phase of compliance:

1. Initial Meeting: Understanding Current Status & Available Options
• The first step is an in-depth discussion of where your business stands concerning the new regulations. We’ll cover what CMS-0057-F entails and how it applies to your health plan, evaluate your current compliance solutions, identify potential risks, and establish a clear path forward.
2. Financial Undertaking: Assessing Costs for Compliance
• Compliance doesn’t come without costs, but our goal is to help you make informed decisions. We’ll break down the financial investment required for different hosting solutions and implementation processes, comparing managed hosting, on-premises solutions, and cloud-based options to identify the best fit for your business.
3. Three ‘Diving Deeper’ Sessions: Exploring Key Areas
• In these sessions, we will dive into the specifics of three major areas:
• Discovery: Understand the data requirements and workflows that need to be implemented.
• Prior Authorization: Align your current prior authorization workflows and processes with the required FHIR-based automation. We will provide expert guidance on what is required for process alignment based on a health plan’s current workflows and gaps.
• Consent: Define how member consent will be handled, a crucial aspect of ensuring both regulatory compliance and user privacy.
4. Implementation: Guidance for Compliance Rollout
• The final step is to provide step-by-step implementation support. We’ll help you with timelines, resource allocation, and potential challenges, ensuring a smooth transition to full compliance.

Key Regulations and What They Mean for Your Business

The CMS-0057-F regulation is focused on enhancing interoperability between health plans, providers, and patients, facilitating smoother data exchanges. Below are some key components:

1. Prior Authorization Reporting

Starting January 1, 2026, health plans will be required to track and report prior authorization (PA) data, including approval/denial rates and response times. This data must be reported annually, starting in March 2027.

2. Patient Access API

The Patient Access API is evolving under these regulations. Key updates include the shift from USCDI V1 to V3, which introduces additional data elements like Social Determinants of Health (SDOH) and health insurance information . Health plans will need to ensure their systems can support these updates and report on API usage starting in March 2026.

3. Provider Access API

A new API will allow healthcare providers to access patient data using FHIR standards, which will help with care coordination and administrative processes. This comes with a focus on member attribution and consent management—ensuring that providers can access data without compromising patient privacy.

4. Payer-to-Payer API

This API facilitates data sharing between health plans to support continuity of care. While similar to the Provider Access API, it comes with unique challenges, particularly around consent management and managing incoming data from other payers. Health plans will need to establish clear mechanisms to manage and report consent for data sharing.

5. Prior Authorization API

This requirement introduces a new FHIR-based prior authorization channel that must be integrated into payer processes and workflows. This requirement introduces automation to improve the prior authorization process and enhance efficiency, transparency, and data exchange. It aims to reduce burdens on patients, providers, and payers by streamlining the process, including requirements for electronic prior authorization (ePA) using electronic health records (EHRs) and practice management systems. 

6. Provider Directory API

Need for ongoing management and maintenance. 

Key Implementation Dates

January 1, 2026:

• USCDI v3: Patient Access API data must be uplifted from USCDI v1 to USCDI v3.

• Patient Access API Reporting: Payers must begin annual reporting on member usage of the Patient Access API.

• Prior Authorization Decision Timeframes: Payers must respond to standard prior authorization requests within 7 calendar days and to expedited (urgent) requests within 72 hours .
• Denial Transparency: Payers are required to provide specific reasons for any denial of prior authorization requests, regardless of the submission method .
• Public Reporting: Payers must publicly report aggregated prior authorization metrics, including approval and denial rates and average decision times 

January 1, 2027:

• API Implementation: Payers must implement and maintain the following HL7® FHIR® APIs:
• Provider Access API: Allows in-network providers to access patient data, facilitating care coordination.
• Payer-to-Payer API: Enables data exchange between payers to support continuity of care when patients change health plans.
• Prior Authorization API: Automates the prior authorization process, providing information on required documentation and facilitating electronic requests and responses.
• Educational Resources: Payers must provide plain language resources to educate patients and providers about the APIs and data exchange processes.

Diving Deeper: Discovery and Data Analysis

The discovery phase is all about understanding your current systems and identifying any gaps in your processes. We’ll help you analyze and document your existing workflows, prior authorization procedures, consent systems, and technology platforms to identify what needs to be upgraded or integrated to meet the new requirements.

Discovery Components Include:

• Data analysis for USCDI V3
• Prior Authorization Data requirements
• Review of your Utilization Management System and Claim System
• Integration planning for FHIR-based systems
• Development of workflows and technology recommendations

Consent Management: A Crucial Component

Under these new regulations, health plans must rethink how they handle member consent. We’ll work with you to evaluate your existing consent systems and provide guidance on compliance. Key questions include:

• Do you have an enterprise consent management system?
• How will you store, track, and update consent?
• How will you manage opt-ins/opt-outs via your portal or customer support?

Implementation & Ongoing Monitoring

The final step is to roll out the compliance plan. We’ll provide the resources and timelines to help guide your organization before the 2026 deadlines. Once implemented, we will use ongoing monitoring, auditing, and reporting to provide you with near real-time feedback on your compliance status.

Partnering for Success

Navigating CMS-0057-F and CMS-9115-F compliance may seem daunting, but with a clear plan and trusted guidance, your health plan can meet these regulations head-on. At HealthLX, we’re here to ensure your journey is as seamless as possible, from initial assessment through long-term support. By choosing us as your partner, you’re not just meeting regulatory requirements—you’re preparing your business for a future of seamless, secure, and efficient healthcare interoperability.

Reach out to start the conversation. With us as your trusted implementation partner, and our sister company, TESCHGlobal, as the interoperability expert of the HLX platform, we can get your compliance roadmap in motion today!