Skip to main content
Version: Next

CMS 0057 F APIs

1. Introduction

The CMS 0057 F APIs provide a single platform for developers to discover, test, and integrate with Health Chain’s FHIR-based APIs. These APIs cover:

  • Patient Access
  • Payer-to-Payer (PDex)
  • Provider Directory
  • Prior Authorization Suite (CRD, DTR, PAS)

This platform simplifies compliance with CMS interoperability rules, accelerates implementation, and empowers teams to build innovative healthcare applications.


2. Background

Healthcare organizations are moving rapidly toward API-driven interoperability. To meet CMS requirements, payers must implement APIs that:

  • Enable patient access to health data.
  • Support payer-to-payer and provider data exchange.
  • Standardize prior authorization workflows.

This documentation explains the FHIR resources, profiles, and operational considerations you’ll use to integrate with the platform.


3. Objective / Goal

Provide a standards-aligned FHIR API surface with:

  • Clear documentation.
  • Sandbox testing environments.
  • Production guardrails.

This ensures faster delivery of compliant integrations while reducing implementation complexity.


4. API Catalog

4.1 Patient Access API

Scope

  • CMS Patient Access workflows.

Core Resources

  • Patient, Coverage, Claim, Encounter, Observation, Medication*.

Required Profiles

  • CARIN BB, US Core, Da Vinci PDex.

Read Semantics

  • Standard FHIR GET interactions with pagination and filtering.

Authentication & Authorization

  • SMART on FHIR OAuth2 with per-API scopes.

Environment & Sandbox

  • Full-featured sandbox with seeded patient data, coverages, and EOBs.
  • Example request/response collections available.

4.2 Payer-to-Payer API (PDex)

Scope

  • Member-authorized payer-to-payer data exchange.

Core Resources

  • Coverage, ExplanationOfBenefit (EOB), Provenance, Patient.

** Provenance & Attestation**

  • Provenance resources included in data bundles.

Authentication & Authorization

  • SMART on FHIR OAuth2 with payer-to-payer scopes.

Environment & Sandbox

  • Sandbox seeded with member transition scenarios.

  • Preloaded EOBs and Coverage bundles.

4.3 Provider Directory API

Scope

  • Access to payer’s provider directory data.

Core Resources

  • Practitioner, Organization, Network, Location, Endpoint.

Freshness SLA

  • Directory updates reflected in near real-time.

Authentication & Authorization

  • SMART on FHIR OAuth2 with directory-specific scopes.

Environment & Sandbox

  • Sandbox seeded with provider directory entries.

  • Supports testing of search parameters and freshness checks.

4.4 Prior Authorization Suite (CRD • DTR • PAS)

Scope

  • End-to-end prior authorization workflows.

CRD (Coverage Requirements Discovery)

  • Query for coverage rules and decision support.

DTR (Documentation Templates & Rules)

  • Retrieve and complete structured questionnaires.

PAS (Prior Authorization Support)

  • Submit X12 → FHIR-based prior authorization requests.

  • Check authorization statuses.

Authentication & Authorization

  • SMART on FHIR OAuth2 with prior-authorization-specific scopes.

Environment & Sandbox

  • Sandbox preloaded with:

    • Sample CRD decision rules.

    • Synthetic DTR questionnaires.

    • PAS request/response flows.


5. Standards & Profiles

  • FHIR Version: R4.

  • Profiles & IGs: CARIN, Da Vinci PDex, Plan-Net, PAS, CRD, DTR.

  • Terminologies: SNOMED CT, LOINC, RxNorm, HCPCS/CPT.

  • Conformance: CapabilityStatement endpoints declare supported profiles.

Note: Pre-built FHIR profiles are a key product benefit, ensuring consistency across payer implementations.


6. Authentication & Authorization

  • Grant Types: OAuth 2.0 / SMART on FHIR.

  • App Types: Confidential & public apps.

  • Scopes:

    • patient/*.read

    • user/*.read

    • system/*.read

    • Custom PAS scopes.

  • App Registration: Redirect URIs, JWKS.

  • Consent Signals: Respect patient opt-in/opt-out preferences.


7. Security & Compliance

  • PHI Handling: Encrypted in transit & at rest.

  • Audit: Comprehensive access logs and member audit trails.

  • Regulatory Mappings: CMS 0057-F, HIPAA.

  • Consent Management : Enforced per patient preference.


8. Monitoring & Observability

  • API Dashboards: Usage, performance, and error rates.

  • Insights: Payer-specific reports and developer analytics.

9. Change Management

  • API Versioning: URI vs header-based versioning.

  • Deprecation Policy: Clear timelines for upgrades.