§ 156.222 - Access to and exchange of health data for providers and payers.  


Latest version.
  • § 156.222 xxx

    Cross Reference
    Link to an amendment published at

    Access to and exchange of health data for providers and payers.

    (a) Application programming interface to support data exchange from payers to providers—Provider Access API. Unless granted an exception under paragraph (c) of this section, for plan years beginning on or after January 1, 2027, QHP issuers on a Federally-facilitated Exchange must do the following:

    (1) API requirements. Implement and maintain an application programming interface (API) conformant with all of the following:

    (i) Section 156.221(c)(2) through (4), (d), and (e).

    (ii) The standards in 45 CFR 170.215(a)(1), (b)(1)(i), (c)(1), and (d)(1).

    (2) Provider access. Make the data specified in § 156.221(b) with a date of service on or after January 1, 2016, excluding provider remittances and enrollee cost-sharing information, that are maintained by the QHP issuer to available in-network providers via the API required in paragraph (a)(1) of this section no later than 1 business day after receiving a request from such a provider, if all the following conditions are met:

    (i) The QHP issuer authenticates the identity of the provider that requests access and attributes the enrollee to the provider under the attribution process described in paragraph (a)(3) of this section.

    (ii) The enrollee does not opt out as described in paragraph (a)(4) of this section.

    (iii) Disclosure of the data is not prohibited by other applicable law.

    (3) Attribution. Establish and maintain a process to associate enrollees with their in-network providers to enable data exchange via the Provider Access API.

    (4) Opt out and patient educational resources.

    (i) Establish and maintain a process to allow an enrollee or the enrollee's personal representative to opt out of data exchange described in paragraph (a)(2) of this section and to change their permission at any time. That process must be available before the first date on which the QHP issuer makes enrollee information available via the Provider Access API and at any time while the enrollee is enrolled with the QHP issuer.

    (ii) Provide information to enrollees in plain language about the benefits of API data exchange with their providers, their opt out rights, and instructions both for opting out of data exchange and for subsequently opting in, as follows:

    (A) Before the first date on which the QHP issuer makes enrollee information available through the Provider Access API.

    (B) No later than 1 week after the after the coverage start date or no later than 1 week after the effectuation of coverage, whichever is later.

    (C) At least annually.

    (D) In an easily accessible location on its public website.

    (5) Provider resources. Provide on its website and through other appropriate provider communications, information in plain language explaining the process for requesting enrollee data using the Provider Access API required in paragraph (a)(1) of this section. The resources must include information about how to use the QHP issuer's attribution process to associate enrollees with their providers.

    (b) Application programming interface to support data exchange between payers—Payer-to-Payer API. Unless granted an exception under paragraph (c) of this section, for plan years beginning on or after January 1, 2027, QHP issuers on a Federally-facilitated Exchange must do the following:

    (1) API requirements. Implement and maintain an API conformant with all of the following:

    (i) Section 156.221(c)(2) through (4), (d), and (e).

    (ii) The standards in 45 CFR 170.215(a)(1), (b)(1)(i), and (d)(1).

    (2) Opt in. Establish and maintain a process to allow enrollees or their personal representatives to opt into the QHP issuer's payer to payer data exchange with the enrollee's previous payer(s), described in paragraphs (b)(4) and (5) of this section, and with concurrent payer(s), described in paragraph (b)(6) of this section, and to change their permission at any time.

    (i) The opt in process must be offered as follows:

    (A) To current enrollees, no later than the compliance date.

    (B) To new enrollees, no later than 1 week after the coverage start date or no later than 1 week after the effectuation of coverage, whichever is later.

    (ii) If an enrollee does not respond or additional information is necessary, the QHP issuer must make reasonable efforts to engage with the enrollee to collect this information.

    (3) Identify previous and concurrent payers. Establish and maintain a process to identify a new enrollee's previous and concurrent payer(s) to facilitate the Payer-to-Payer API data exchange. The information request process must start as follows:

    (i) For current enrollees, no later than the compliance date.

    (ii) For new enrollees, no later than 1 week after the coverage start date or no later than 1 week after the effectuation of coverage, whichever is later.

    (iii) If an enrollee does not respond or additional information is necessary, the QHP issuer must make reasonable efforts to engage with the enrollee to collect this information.

    (4) Exchange request requirements. Exchange enrollee data with other payers, consistent with the following requirements:

    (i) The QHP issuer must request the data specified in paragraph (b)(4)(ii) of this section through the enrollee's previous payers' API, if all the following conditions are met:

    (A) The enrollee has opted in, as described in paragraph (b)(2) of this section.

    (B) The exchange is not prohibited by other applicable law.

    (ii) The data to be requested are all of the following with a date of service within 5 years before the request:

    (A) Data specified in § 156.221(b) excluding the following:

    (1) Provider remittances and enrollee cost-sharing information.

    (2) Denied prior authorizations.

    (B) Unstructured administrative and clinical documentation submitted by a provider related to prior authorizations.

    (iii) The QHP issuer must include an attestation with this request affirming that the enrollee is enrolled with the QHP issuer and has opted into the data exchange.

    (iv) The QHP issuer must complete this request as follows:

    (A) No later than 1 week after the payer has sufficient identifying information about previous payers and the enrollee has opted in.

    (B) At an enrollee's request, within 1 week of the request.

    (v) The QHP issuer must receive, through the API required in paragraph (b)(1) of this section, and incorporate into its records about the enrollee, any data made available by other payers in response to the request.

    (5) Exchange response requirements. Make available the data specified in paragraph (b)(4)(ii) of this section that are maintained by the QHP issuer to other payers via the API required in paragraph (b)(1) of this section within 1 business day of receiving a request, if all the following conditions are met:

    (i) The payer that requests access has its identity authenticated and includes an attestation with the request that the patient is enrolled with the payer and has opted into the data exchange.

    (ii) Disclosure of the data is not prohibited by other applicable law.

    (6) Concurrent coverage data exchange requirements. When an enrollee has provided sufficient identifying information about concurrent payers and has opted in as described in paragraph (b)(2) of this section, a QHP issuer on a Federally-facilitated Exchange must do the following, through the API required in paragraph (b)(1) of this section:

    (i) Request the enrollee's data from all known concurrent payers as described in paragraph (b)(4) of this section, and at least quarterly thereafter while the enrollee is enrolled with both payers.

    (ii) Respond as described in paragraph (b)(5) of this section within 1 business day of a request from any concurrent payers. If agreed upon with the requesting payer, the QHP issuer may exclude any data that were previously sent to or originally received from the concurrent payer.

    (7) Patient educational resources. Provide information to enrollees in plain language, explaining at a minimum: the benefits of Payer-to-Payer API data exchange, their ability to opt in or withdraw that permission, and instructions for doing so. The QHP issuer must provide the following resources:

    (i) When requesting an enrollee's permission for Payer-to-Payer API data exchange, as described in paragraph (b)(2) of this section.

    (ii) At least annually, in appropriate mechanisms through which it ordinarily communicates with current enrollees.

    (iii) In an easily accessible location on its public website.

    (c) Exception.

    (1) If a plan applying for QHP certification to be offered through a Federally-facilitated Exchange believes it cannot satisfy the requirements in paragraph (a) or (b) (or paragraphs (a) and (b)) of this section, the issuer must include a narrative justification in its QHP application that describes all of the following:

    (i) The reasons why the issuer cannot reasonably satisfy the requirements for the applicable plan year.

    (ii) The impact of non-compliance upon providers and enrollees.

    (iii) The current or proposed means of providing health information to payers.

    (iv) Solutions and a timeline to achieve compliance with the requirements in paragraph (a) or (b) of this section (or paragraphs (a) and (b)).

    (2) The Federally-facilitated Exchange may grant an exception to the requirements in paragraph (a) or (b) (or paragraphs (a) and (b)) of this section if the Exchange determines that making QHPs of such issuer available through such Exchange is in the interests of qualified individuals in the State or States in which such Exchange operates, and an exception is warranted to permit the issuer to offer QHPs through the FFE.

    [89 FR 8986, Feb. 8, 2024

    .

    ]