Centers for Medicare and Medicaid Services (CMS) Interoperability and Patient Access rule introduction

Important

Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR® service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.

In this series of tutorials, we cover a high-level summary of the Center for Medicare and Medicaid Services (CMS) Interoperability and Patient Access rule, and the technical requirements outlined in this rule. We walk through the various implementation guides referenced for this rule. We also provide details on how to configure the Azure API for FHIR® to support these implementation guides.

Rule overview

The CMS released the Interoperability and Patient Access rule on May 1, 2020. This rule requires free and secure data flow between all parties involved in patient care (patients, providers, and payers) to allow patients to access their health information when they need it. Interoperability has plagued the healthcare industry for decades, resulting in siloed data that causes negative health outcomes with higher and unpredictable costs for care. CMS is using their authority to regulate Medicare Advantage (MA), Medicaid, Children's Health Insurance Program (CHIP), and Qualified Health Plan (QHP) issuers on the Federally Facilitated Exchanges (FFEs) to enforce this rule.

In August 2020, CMS detailed how organizations can meet the mandate. To ensure that data can be exchanged securely and in a standardized manner, CMS identified Fast Healthcare Interoperability Resources (FHIR®) version release 4 (R4) as the foundational standard required for the data exchange.

There are three main pieces to the Interoperability and Patient Access ruling:

  • Patient Access API (Required July 1, 2021) – CMS-regulated payers (as previously defined) are required to implement and maintain a secure, standards-based API that allows patients to easily access their claims and encounter information including cost, as well as a defined subset of their clinical information using third-party applications of their choice.

  • Provider Directory API (Required July 1, 2021) – CMS-regulated payers are required by this portion of the rule to make provider directory information publicly available via a standards-based API. Through making this information available, third-party application developers are able to create services that help patients find providers for specific care needs and clinicians find other providers for care coordination.

  • Payer-to-Payer Data Exchange (Originally required Jan 1, 2022 - Currently Delayed) – CMS-regulated payers are, at the patient’s request, required to exchange with other payers certain patient clinical data. While there's no requirement to follow any kind of standard, applying FHIR to exchange this data is encouraged.

Key FHIR concepts

As previously mentioned, FHIR R4 is required to meet this mandate. In addition, there are several implementation guides that provide guidance for the rule. Implementation guides provide extra context on top of the base FHIR specification. This includes defining additional search parameters, profiles, extensions, operations, value sets, and code systems.

The Azure API for FHIR has the following capabilities to help you configure your database for the various implementation guides.

Patient Access API Implementation Guides

The Patient Access API describes adherence to four FHIR implementation guides:

  • CARIN IG for Blue Button®: Payers are required to make patients' claims and encounters data available according to the CARIN IG for Blue Button Implementation Guide (C4BB IG). The C4BB IG provides a set of resources that payers can display to consumers via a FHIR API and includes the details required for claims data in the Interoperability and Patient Access API. This implementation guide uses the ExplanationOfBenefit (EOB) Resource as the main resource, pulling in other resources as they're referenced.

  • HL7 FHIR Da Vinci PDex IG: The Payer Data Exchange Implementation Guide (PDex IG) is focused on ensuring that payers provide all relevant patient clinical data to meet the requirements for the Patient Access API. This uses the US Core profiles on R4 Resources and includes (at a minimum) encounters, providers, organizations, locations, dates of service, diagnoses, procedures, and observations. While this data may be available in FHIR format, it may also come from other systems in the format of claims data, HL7 V2 messages, and C-CDA documents.

  • HL7 US Core IG: The HL7 US Core Implementation Guide (US Core IG) is the backbone for the PDex IG previously described. While the PDex IG limits some resources even further than the US Core IG, many resources follow the standards in the US Core IG.

  • HL7 FHIR Da Vinci - PDex US Drug Formulary IG: Part D Medicare Advantage plans have to make formulary information available via the Patient API. They do this using the PDex US Drug Formulary Implementation Guide (USDF IG). The USDF IG defines a FHIR interface to a health insurer’s drug formulary information, which is a list of brand-name and generic prescription drugs that a health insurer agrees to pay for. The main use case is so patients can understand if there are alternative drugs available to one that has been prescribed to them, and to compare drug costs.

Provider Directory API Implementation Guide

The Provider Directory API describes adherence to one implementation guide.

  • HL7 Da Vinci PDex Plan Network IG: This implementation guide defines a FHIR interface to a health insurer’s insurance plans, their associated networks, and the organizations and providers that participate in these networks.

Touchstone

Touchstone is a great resource to test adherence to the various implementation guides. Throughout the upcoming tutorials, we focus on ensuring that the Azure API for FHIR is configured to successfully pass various Touchstone tests. The Touchstone site has extensive documentation to help you get up and running.

Next steps

Now that you have a basic understanding of the Interoperability and Patient Access rule, implementation guides, and an available testing tool (Touchstone), we walk through setting up the Azure API for FHIR for the CARIN IG for Blue Button.

Note

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.