Under the CMS Interoperability and Patient Access Final Rule (CMS-9115-F), payers (health insurers) must use standardized data formats and APIs to facilitate seamless exchange of health information. Key standards and APIs include:

Fast Healthcare Interoperability Resources (FHIR)

• Data Format: FHIR is a standard developed by HL7 that provides a framework for exchanging healthcare information electronically. It includes standardized data formats and elements to ensure consistency across different systems.
• APIs: FHIR APIs facilitate real-time data exchange and interoperability between healthcare systems. They support various types of health data, including patient records, claims, and clinical information.

Health Level Seven International (HL7) Standards

• Data Formats: HL7 standards provide guidelines for the exchange, integration, sharing, and retrieval of electronic health information. FHIR is a more modern standard that builds on HL7 principles.
• APIs: HL7 messaging protocols support data exchange but are being gradually supplanted by FHIR for its greater flexibility and ease of use.

Application Programming Interfaces (APIs)

• Standardized APIs: Payers must use standardized APIs to provide access to health information in a secure and interoperable manner. The rule specifies the use of FHIR-based APIs for accessing and sharing data.
• API Specifications: The APIs must comply with specific FHIR specifications for different types of data, such as patient access APIs and provider directories.

X12 Standards

• Data Formats: X12 standards, including those for electronic data interchange (EDI) such as X12 837 (for claims) and X12 270/271 (for eligibility and benefits), are used for claims and administrative transactions. These are essential for standardizing data exchange in a structured format.
• Integration with FHIR: While X12 is widely used for transactions, FHIR APIs can be used in conjunction to support more modern data access and interoperability needs.

Health Information Technology for Economic and Clinical Health (HITECH) Act

• Standards and Certification: Compliance with the HITECH Act involves using certified electronic health record (EHR) systems that support interoperability standards, including FHIR.

OAuth 2.0 and OpenID Connect

• Authentication and Authorization: OAuth 2.0 is used for secure authorization, while OpenID Connect is used for authentication. These protocols ensure secure access to health information through APIs.

These standards and APIs are designed to promote interoperability, ensure that data can be easily shared across different systems, and facilitate a more integrated and efficient healthcare system.