FHIR API REQUIREMENTS

Five APIs that transform healthcare data exchange

All impacted payers must implement and maintain these HL7® FHIR® APIs to improve electronic health information exchange and streamline prior authorization processes.

1

Patient Access API

Enhanced • Live

Extend existing Patient Access APIs to include prior authorization decisions, giving patients complete visibility into authorization status, claims data, and how prior authorization impacts their care.

Required Data Elements

  • Prior authorization decisions (excluding drugs)
  • Individual claims and encounter data
  • All USCDI data elements
  • Provider remittances and cost-sharing info
  • Clinical data from provider systems

Technical Standards

  • HL7 FHIR 4.0.1
  • FHIR US Core IG STU 3.1.1
  • CARIN IG for Blue Button STU 2.0.0
  • SMART App Launch 1.0.0
  • OpenID Connect Core 1.0
Active: Jan 1, 2026 (Metrics Reporting)
2

Provider Access API

New • Required

Enable in-network providers to access patient data for care coordination and support value-based payment models. Providers with a treatment relationship can retrieve comprehensive patient information.

Required Data Elements

  • Individual claims and encounter data
  • All USCDI data classes and elements
  • Prior authorization information (excluding drugs)
  • Patient attribution process required
  • Consent management for data sharing

Technical Standards

  • HL7 FHIR 4.0.1
  • FHIR US Core IG STU 3.1.1
  • Da Vinci PDex IG STU 2.0.0
  • SMART App Launch 1.0.0
  • FHIR Bulk Data Access v1.0.0
Deadline: Jan 1, 2027
3

Payer-to-Payer API

New • Required

Support care continuity when patients change health plans by enabling seamless data exchange between payers. Includes up to 5 years of historical claims, encounter data, and clinical information.

Required Data Elements

  • 5 years of claims and encounter data
  • All USCDI data elements
  • Prior authorization records (excluding drugs)
  • Patient opt-in process required
  • Exclude provider remittances and cost-sharing

Technical Standards

  • HL7 FHIR 4.0.1
  • FHIR US Core IG STU 3.1.1
  • Da Vinci PDex IG STU 2.0.0
  • FHIR Bulk Data Access v1.0.0
  • Patient consent management
Deadline: Jan 1, 2027
4

Prior Authorization API

New • Required

Streamline prior authorization processes with electronic submission, real-time decision support, and automated status updates. Must support both HIPAA X12 278 and FHIR-based requests.

Required Capabilities

  • List of items/services requiring prior auth
  • Documentation requirements by service
  • Electronic request submission via FHIR
  • Real-time decision support and guidance
  • 72-hour urgent / 7-day standard decisions
  • Specific denial reasons required

Technical Standards

  • HL7 FHIR 4.0.1
  • Da Vinci Coverage Requirements Discovery STU 2.0.1
  • Da Vinci Documentation Templates and Rules STU 2.0.0
  • Da Vinci Prior Authorization Support STU 2.0.1
  • HIPAA X12 278 support maintained
Deadline: Jan 1, 2027
5

Provider Directory API

New • Required

Maintain a public, no-authentication provider directory API with current information about all contracted providers, facilities, and services. Must reflect changes within 30 days.

Required Data Elements

  • Provider names, specialties, contact info
  • Facility locations and services
  • Network participation status
  • Languages spoken
  • Accessibility features
  • Update within 30 days of changes

Technical Standards

  • HL7 FHIR 4.0.1
  • Da Vinci PDex Plan Net IG STU 1.1.0
  • Public access (no authentication required)
  • RESTful API architecture
  • JSON response format
Deadline: Jan 1, 2027