The Perils of a Compliance-Only Interoperability Strategy

The first significant compliance deadlines outlined in CMS-0057-F are just around the corner. Starting in January 2026, payers will be required to begin tracking and reporting performance against prior authorization metrics and SLAs, with a view towards full implementation of prior authorization APIs (PAAPIs) by January 1, 2027.

Despite mounting urgency to implement PAAPIs and a shrinking timeframe in which to do so, many payers are struggling to get over the finish line. An April survey by the Workgroup for Electronic Data Interchange (WEDI) found that 31% of payers are only a quarter of the way to implementation—and 43% haven’t started work at all.
One significant barrier to adoption is, of course, cost. The majority of respondents to the WEDI survey (35%) estimate that the cost of buying (or building) the necessary technology infrastructure, digitizing prior authorization policies, and implementation will be anywhere from $1 million to $5 million. The price tag is a significant obstacle, but it’s not just a matter of coming up with the money; rather, it’s ensuring that money is well-spent.

In the WEDI survey, the most common challenge cited by payer respondents is determining a cohesive enterprise strategy for interoperability. CMS-9115-F spurred heavy investment in interoperability that failed to yield meaningful returns (even if ROI was never the point of CMS-9115-F), and healthcare leaders are leery of repeating the same mistakes.

Payers understand the value of interoperability, but they are also acutely aware that investing without a comprehensive strategy in place is a recipe for disaster. And with not much time left to craft that strategy, it’s no surprise that many health plans are unwilling to spend any more than is necessary to achieve bare-bones compliance with CMS-0057-F. While that approach is understandable, payers who make the effort to define and execute a well-crafted interoperability strategy will find it’s time well spent—and the ones who don’t are likely to wind up paying a higher cost in time, money, and resources in the long run.

By adopting limited, compliance-only solutions to meet CMS-0057-F requirements, payers are missing the true intent of the mandate. CMS-0057-F was not created to simply establish APIs between payers, providers, and patients. It was designed to foster meaningful collaboration between all stakeholders to improve care coordination and outcomes.

Stop-gap tools that merely check the compliance box not only fall short of this vision but often make matters worse. In many cases, solutions that are narrowly designed to meet a specific use case can increase data fragmentation, expand the patchwork of connections required for data exchange, intensify provider abrasion, and limit members’ ability to engage with their health information.

As AI adoption continues to grow in healthcare, having a solid interoperability foundation will be especially important. By not establishing that foundation, any short-term savings will likely be offset by higher expenses later as payers struggle to retrofit outdated systems to support advanced analytics, predictive modeling, and AI-enabled automation.

An enterprise-wide interoperability strategy avoids these issues. The right technology foundation will unify data across systems, limiting the number of data exchange connection points, and anticipating regulatory change.

The goal should be to create an agile, scalable foundation that supports growth and innovation and can easily adapt to new regulatory requirements that will inevitably surface in the future. By aligning interoperability strategies with the spirit—not just the letter—of the mandate, payers can move beyond compliance to accelerate innovation, strengthen collaboration, and deliver better outcomes.