Learn how payers can be CMS-9115-F compliant leveraging Innovaccer’s one-stop CMS Compliance solution

In the past year, payers have been confronted with laws that change the way their data is accessed by members (or patients) and other stakeholders. Under these new regulations, payers need to make technological shifts to increase interoperability and make it easier for members to securely access their data. The most recent law directly impacting payers is the Interoperability and Patient Access final rule (CMS-9115-F) .

The new regulations will require payers to focus on member access and provider directory APIs and set up payer-to-payer data exchange processes that meet OAuth 2.0 protocol. Because many payers operate on legacy IT systems, deploying infrastructure that helps comply with these regulations can be costly and time consuming.

Innovaccer makes it easy with a one-stop solution

Innovaccer’s CMS Compliance solution makes it possible for payers, administrators, developers, and members to securely access data, helping organizations comply with the new regulations. Here, we discuss what payers need to do to meet the CMS-9115-F compliance requirements and how Innovaccer can help.

Set up patient access APIs

Payers must make claims, clinical, and encounter data available electronically through a standards-based (HL7 FHIR Release 4.0.1) API.

• What’s required
• Payers will need a microservices architecture to support the implementation of API gateways. They will also need to configure and maintain the security of the API and establish an end-to-end API operating model.

• How Innovaccer can help
• Payers can use Innovaccer’s Member Portal to enable members to access their clinical, claims, and encounter information. Built with standard FHIR APIs, the Member Portal authenticates every member and keeps all their data in one place.


• And if a payer already has a member portal, Innovaccer’s solution can connect to other applications via APIs that are compliant with CMS-9115-F.

Establish provider directory APIs

Payers need to maintain and publish provider directory information through up-to-date, standards-based APIs. This will make it easier for third parties to build apps that help patients find providers.

• What’s required
• Payers will need to establish an FHIR-based provider directory—including names, addresses, phone numbers, and specialties—to boost engagement and enable members to find providers.

• How Innovaccer can help
• Innovaccer offers InAPI—built on the latest FHIR versions (4.0.1)—which powers applications that allow payers, providers, and vendors to streamline and share data to improve directory management.

Payer-to-payer data exchange

Payers have historically struggled to maintain and share data in common formats. So, payer-to-payer data exchange is necessary to establish uniformity in the member data. This will allow patients to share their information with new payers and easily update records. When sharing data, payers are required to meet security standards from the CMS-9115-F rule.

• What’s required
• Payers need third-party applications to drive payer-to-payer data exchange that complies with the USCDI standard and the OAuth 2.0 security standard (proposed by the ONC under CMS-9115-F rule).

• How Innovaccer can help
• To streamline data exchange, payers can use Innovaccer’s third-party applications via APIs. Innovaccer uses OAuth 2.0—a secure, open data sharing standard—in every application. OAuth 2.0 enables authentication and authorization, providing security for the patient data exposed on a member portal or in third-party applications. It allows users to access the data without revealing the user’s identity.

Future-ready CMS Compliance solution

The new CMS regulations require payers to make swift—yet sustainable—changes in their IT infrastructure. Payers also have to keep other regulations in mind, including:

CMS-9915-F: This rule requires payers to maintain pricing transparency.

CMS-9123-P: This rule aims to streamline the PA (prior authorization) process through automation and standardization.

Most importantly, payers must allow members and providers to securely access critical information.

With Innovaccer’s complete CMS Compliance solution—integrated within the Innovaccer Data Activation Platform—it’s easier than ever to increase interoperability and data accessibility while complying with FHIR and OAuth 2.0 standards. Connected applications like the Member and Provider Portals—along with end-to-end capabilities for consent, pricing, and prior authorization management—can help you comply with current CMS regulations and prepare for future changes.

Visit our website to learn more about Innovaccer’s CMS Compliance solution.