Policies and Technology for Interoperability and Burden Reduction

Policies and Technology for Interoperability and Burden Reduction

Policies and Technology for Interoperability and Burden Reduction

Policies and Technology for Interoperability and Burden Reduction


CMS continues to build on its roadmap to improve interoperability and health information access for patients, providers, and payers. When implemented effectively, health information exchange (interoperability) can also reduce the burden of certain administrative processes, such as prior authorization. We have issued regulations that will drive change in how clinical and administrative information is exchanged between payers, providers and patients, and will support more efficient care coordination.

The CMS regulations include policies, which require or encourage payers to implement Application Programming Interfaces (APIs) to improve the electronic exchange of health care data – sharing information with patients or exchanging information between a payer and provider or between two payers. APIs can connect to mobile apps or to a provider electronic health record (EHR) or practice management system to enable a more seamless method of exchanging information. The regulations also include policies which may reduce burdens of the prior authorization process by increasing automation and encouraging improvements in policies and procedures to streamline decision making and communications.

On this page you can find links to resources that will be useful for implementing the APIs to support the policies of these rules. In particular we encourage stakeholders to use the general information for the Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) Implementation Guides (IGs) referenced in the CMS regulations.

Quick Links – Can’t wait to find what you are looking for? Skip ahead with these links:


Technical Standards

Implementation Support for APIs

API Name

Supporting IGs

Patient Access API

Provider Access API

  • See Above IGs for Patient Access API

Payer-to-Payer API

  • See Above IGs for Patient Access API

Provider Directory API

Documentation Requirements Lookup Service API

Prior Authorization Support (PAS) API

Bulk Data



CMS has issued two key rules related to interoperability and burden reduction. Information to help understand the technical requirements is provided below. To learn more about the operational policy provisions, please refer to the overview or fact sheet.

CMS Interoperability and Patient Access Final Rule

The Interoperability and Patient Access final rule (CMS-9115-F) put patients first by giving them access to their health information when they need it most, and in a way they can best use it. This final rule focused on driving interoperability and patient access to health information by liberating patient data using CMS authority to regulate Medicare Advantage (MA), Medicaid, Children's Health Insurance Program (CHIP), and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs).

Recognizing the challenges faced by payers during the COVID-19 public health emergency, CMS will exercise enforcement discretion for the Patient Access API and Provider Directory API policies for MA, Medicaid, CHIP and QHP issuers on the FFEs* effective January 1, 2021. CMS will not enforce these new requirements until July 1, 2021.

*QHP Issuers on the FFEs are not required to implement the Provider Directory API under this rule.

Link to the Interoperability and Patient Access final rule: https://www.federalregister.gov/documents/2020/05/01/2020-05050/medicare-and-medicaid-programs-patient-protection-and-affordable-care-act-interoperability-and

Read the Fact Sheet to learn more about the policies for Interoperability and Patient Access final rule.

CMS Interoperability and Prior Authorization Proposed Rule

The Interoperability and Prior Authorization proposed rule (CMS-9123-P) builds on the policies finalized in the CMS Interoperability and Patient Access final rule. This proposed rule emphasizes the need to improve health information exchange to achieve appropriate and necessary access to complete health records for patients, health care providers, and payers. This proposed rule also focuses on efforts to improve prior authorization processes through policies and technology, to help ensure that patients remain at the center of their own care. The rule enhances certain policies from the CMS Interoperability and Patient Access final rule, and adds several new provisions to increase data sharing and reduce overall payer, health care provider, and patient burden through the proposed improvements to prior authorization practices.

Link to the December 2020 Interoperability and Prior Authorization proposed rule:  https://www.federalregister.gov/documents/2020/12/18/2020-27593/medicaid-program-patient-protection-and-affordable-care-act-reducing-provider-and-patient-burden-by 

Read the Fact Sheet to learn more about the policies for the Interoperability and Prior Authorization proposed rule.

Office of the National Coordinator for Health Information Technology's (ONC) 21st Century Cures Act Final Rule
The Department of Health and Human Services (HHS) finalized technical as well as content and vocabulary standards in the ONC 21st Century Cures Act final rule, which CMS adopted to support these API policies. Other HL7 IGs are available for provider, payer and prior authorization APIs, which are not yet mandatory. However, if payers choose to use them, it will limit burden and support our mutual path forward towards an interoperable health care system. In addition, CMS continues to work with HL7 and other industry partners to ensure IGs and additional resources are freely available to payers to use if they choose to use them.

Guidance for States: CMS Interoperability and Patient Access Final Rule (CMS-9115-F)

In August 2020, CMS released a letter to state health officers detailing how state Medicaid agencies should implement the CMS Interoperability and Patient Access final rule in a manner consistent with existing guidance.  There are many provisions in this regulation that impact Medicaid and CHIP Fee-For-Service (FFS) programs, Medicaid managed care plans, and CHIP managed care entities, and this letter discusses those issues.  Additionally, this letter advises states that they should be aware of the ONC’s 21st Century Cures Act final rule on information blocking. The link for the letter is:


Best Practices for Payers and App Developers

This document includes links to useful information and best practices to help payers and developers build and maintain a FHIR-based API, as well as best practices for third-party app developers.

Best Practices for Payers and App Developers (PDF)

Patient Privacy and Security Resources

This document provides an overview of what is required to be included in a payer’s patient resource document and some content payers may choose to use to help meet this requirement. Use of this document is not required; it is to support payers as they produce patient resources tailored to their patient population.

Patient Privacy and Security Resources (PDF)



FHIR Release 4.0.1 provides the first set of normative FHIR resources. A subset of FHIR resources is normative, and future changes on those resources marked normative will be backward compatible. These resources define the content and structure of core health data, which developers to build standardized applications.

HL7 Version 4.0.1 FHIR Specification Release 4, October 30, 2019

SMART IG/OAuth 2.0

SMART on FHIR provides reliable, secure authorization for a variety of app architectures with the OAuth 2.0 standard. This profile is intended to be used by app developers that need to access FHIR resources by requesting access tokens from OAuth 2.0 compliant authorization servers. The profile defines a method through which an app requests authorization to access a FHIR resource, and then uses that authorization to retrieve the resource.

SMART Application Launch Framework IG Release 1.0.0, November 13, 2018

OpenID Connect

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables clients to verify the identity of the end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and RESTful manner. This specification defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of claims to communicate information about the end-user. It also describes the security and privacy considerations for using OpenID Connect.

OpenID Connect Core 1.0 Incorporating Errata Set 1, November 8, 2014

United States Core Data for Interoperability (USCDI)

The USCDI is a standardized set of health data classes and component data elements for nationwide, interoperable health information exchange. CMS required that payers share the USCDI data they maintain with patients via the Patient Access API, and with other payers via the Payer-to-Payer Data Exchange.

United States Core Data for Interoperability USCDI, February 2020, Version 1

Visit the Health IT website for updates to the USCDI, and read more about the recommendations for Version 2.

Implementation Support for APIs:

The IGs and related resources may be used for the Patient Access, Provider Access, Payer Access, Provider Directory, and Prior Authorization APIs.  These guides provide information payers can use to meet the requirements of CMS rules without having to develop an independent approach, which will save time and resources. In addition, the reference implementations available on the applicable websites allow payers to see the APIs in action and support testing and development.

Claims & Encounter Data

Payers are required to make a patient’s claims and encounter data available via the Patient Access API.

HL7® FHIR® CARIN Consumer Directed Payer Data Exchange IG (also referred to as the CARIN IG for Blue Button®) URL: http://hl7.org/fhir/us/carin-bb/STU1


Payers are required to make a patient’s clinical data, defined as those data the payer maintains that are included in the USCDI version 1, available via the Patient Access API.

HL7 FHIR® Da Vinci PDex IG: Version STU 1.0.0. URL: http://hl7.org/fhir/us/davinci-pdex/STU1

HL7 FHIR® US Core IG STU 3.1.0. The PDex IG is based on the US Core IG, with the following additions designed for payer-related use cases:

  • Medication Dispense resource has been added to record a member’s prescription drug claims
  • Device resource has been added to broaden support for devices that are not implantable
  • A payer-specific Provenance resource has been added
  • Coverage resource has been added that defines the constraints for representing the subscriber information to the Payer. This along with the patient’s first name, last name, date of birth and gender allows the payer to identify the member in their system for which the most responsible physician (MRP) was the performer
  • Additional information to review:

Payer Data Exchange (PDex) IG:

US Core IG:

​​​Plan Coverage and Formularies (part of the Patient Access API)

Under the CMS Interoperability and Patient Access final rule, Part D Medicare Advantage plans must make formulary information available via the Patient Access API. In addition Medicaid and CHIP FFS and managed care must make preferred drug lists available. The IG to help members select a coverage type during enrollment for the medications they are currently on is HL7 FHIR Da Vinci - PDex US Drug Formulary IG: Version STU 1.0.1.

Provider Directory

Under the CMS Interoperability and Patient Access final rule and the CMS Interoperability and Prior Authorization final rule, Medicaid FFS programs, CHIP FFS programs, Medicaid managed care plans, and CHIP managed care entities are required to make provider directory information available via the Provider Directory API. The CMS Interoperability and Patient Access final rule includes MA organizations. This API must be accessible via a public-facing digital endpoint on the payer’s website. The IG is the HL7 FHIR Da Vinci PDex Plan Net IG: Version STU 1.0.0.

Prior Authorization Improvements through Technology

Documentation Requirements Look Up Service (DRLS) API

The CRD IG defines a workflow to allow payers to provide information about coverage requirements to healthcare providers through their clinical systems at the time treatment decisions are made. This will ensure that clinicians and administrative staff have the capability to make informed decisions and meet the requirements of the patient’s insurance coverage.  The IG is: HL7 FHIR Da Vinci - CRD IG: Version STU 1.0.0.

Documentation Templates and Rules

The DTR IG specifies how payer rules can be executed in a provider context to ensure that documentation requirements are met. In turn, provider burden will be reduced because of reduced manual data entry. The IG: HL7 FHIR Da Vinci - DTR IG: Version STU 1.0.0.

Prior Authorization Support (PAS)

The PAS IG defines a way to directly submit prior authorization requests from EHR or practice management systems (PMS).  Direct submission of prior authorization requests from an EHR or PMS can reduce costs for both providers and payers. It can also result in faster prior authorization decisions, which will lead to improved patient care experiences. The IG is: HL7 FHIR Da Vinci - PAS IG: Version STU 1.0.0.

Payer Coverage Decision Exchange (PCDE)

The PCDE IG defines a mechanism for sharing information from one payer (the previous payer) to a 'new' payer when a patient has switched plans to help ensure continuity of care and reduce/eliminate the need for repeating lab or diagnostic tests, re-trying previous therapies, etc. The IG is: HL7 FHIR Da Vinci - PCDE IG Version STU 1.0.0. 

Bulk Data Access (Flat FHIR) Specification

The Bulk Data specification explains how to transmit data on large populations of patients through FHIR, such as moving clinical data into an analytical data warehouse, sharing data between organizations, or submitting data to regulatory agencies. This specification has not been adopted by HHS or CMS; however, some federal and private organizations are using it. We encourage payers to consider testing its usability within their own organizations.

Additional Bulk Data resources:

- End of Technical Standards -

Questions? E-mail CMS Health Informatics and Interoperability Group at CMSHealthInformaticsAndInteroperabilityGroup@cms.hhs.gov

Regulation Links:

To view the CMS Interoperability and Patient Access final rule (CMS-9115-F) in the Federal Register, go to:

To view the ONC's 21st Century Cures Act final rule, go to: https://www.healthit.gov/curesrule. If you need more information, you can reach ONC via their feedback form: https://www.healthit.gov/form/healthit-feedback-form 

To view the CMS Interoperability and Prior Authorization proposed rule (CMS-9123-P) in the Federal Register, go to: https://www.federalregister.gov/documents/2020/12/18/2020-27593/medicaid-program-patient-protection-and-affordable-care-act-reducing-provider-and-patient-burden-by

Page Last Modified:
09/06/2023 05:05 PM