E2E Interoperability Testing with Flexpa for CMS-9115 and CMS-0057

Introduction

Flexpa operates the largest network of payer FHIR endpoints in the U.S., connecting to over 320 payers' CMS-9115 Patient Access APIs and covering over 211 million lives. Twice a year, we publish our findings in an industry report titled "State of the Payer Patient Access API Report". You can read the latest edition here. As we expand our comprehensive coverage across Medicare, Medicare Advantage, and ACA plans, we are the first public implementers of member consent management and records retrieval for CMS-0057 Payer-to-Payer.

What can you test with Flexpa?

In both sandbox and production environments, you can use Flexpa to test your:

1. Authorization flow
   1. Can members get through successfully?
   2. Do you provide password reset or registration flows?
   3. Does the authorization endpoint callback to our app correctly?
2. Token exchange flow
   1. Do you correctly send back a patientID in the access token?
   2. Is a refresh token with expiration information available?
3. Member eligibility rules
   1. Does your eligibility logic allow all supported members access?
4. FHIR resource retrieval
   1. Are the requests succeeding?
   2. Are resources available according to your cap statement?
5. FHIR server capabilities
   1. Does $everything operation work if implemented?
   2. Does pagination work if implemented?
   3. Do search parameters work as intended?
   4. Are API request responses timing out?
6. FHIR Resource Content
   1. Is the JSON bundle structured as you'd expect?
   2. Are all the required data elements present?
   3. Can resource references be resolved successfully?

Pre-requisites

1. A FHIR endpoint supporting the CMS-9115 Patient Access API

Self-service testing begins once we've configured your endpoints and received the necessary credentials. If you haven't configured with us yet, reach out to interop@flexpa.com.

Still implementing? No problem.

We're here to help. With the largest network of payer FHIR endpoints under our belt, our team has unparalleled expertise in implementing CMS-9115 Patient Access APIs. We can help you navigate implementation decisions and optimize for our 93% sub-minute data retrieval success rate. Contact us at interop@flexpa.com to accelerate your implementation.

2. Test members ready in the appropriate environment

While we strongly encourage payers to maintain test members in their production environment, we understand the associated security challenges. Flexpa has built a sophisticated patient panel of real users from health plans across the U.S., enabling comprehensive E2E testing in production environments while maintaining compliance and security.

Collaborate with Flexpa on CMS-0057

CMS-0057, the CMS Interoperability and Prior Authorization Final Rule will be effective as of January 1, 2027. It will add significantly more complicated API transactions such as the Payer-to-Payer API, Provider Access API, and Prior Authorization APIs to the mix. This will increase demand for mature FHIR servers, but also nuanced workflow software for the complexity of prior authorizations.

For those building on top of CMS-9115 implementations, now is the time to test and build a robust foundation before these new APIs are built on top. We want to be your testing partners in this effort.

Flexpa has already begun our research and development in this space, working with vendors on early implementation details. Reach out to us if your teams are thinking about CMS-0057 compliance at interop@flexpa.com.

Testing Guide for CMS-9115 Patient Access APIs

Step 0 - Open our app

MyFlexpa is a consumer facing application that allows payers and vendors alike to test the flow end to end at https://my.flexpa.com/test.

We support testing in both sandbox and production environments. Please select the environment you want to test with and click connect. Search for your health plan's name and proceed through our consent flow.

Step 1 - Authorization

Once you click on "Continue to health plan", we redirect to your authorization endpoint with the necessary header parameters. If the page immediately has an error, we were unable to resolve the authorization URL.

If the page renders, when you see a login screen, use your sandbox or production test user. These test users are created by the payer and not by Flexpa, however sharing test credentials with Flexpa helps us perform our own internal testing. After a successful log in, your servers should call our redirect URL https://api.flexpa.com/smart/callback with a public token.

Any error logging during the authorization flow should be resolved between the payer, FHIR server, and IDP teams as Flexpa has no visibility into this workflow. We are happy to attend meetings as the voice of the member and implementer and share any patient support requests.

Step 2 - Token exchange

If authorization was successful, the payer's login page will automatically close and you'll be redirected back to MyFlexpa. We have taken that public token and sent it in the body of a POST request to your token endpoint.

If there is an error here, the error message will be displayed. This message can be expanded to show more details.

Step 3 - Find a Patient ID

If an access token was received, we will check for a usable PatientID. While we recommend sending this ID back in the fhirUser claim, we do look for a variety of claim names. If we don't find a Patient ID in the access token, we will perform an unqualified /Patient read request using the access token.

If no Patient ID was found through either of these paths, you will see an error message Missing Patient ID. If you believe this is in error, please contact us with the expected configuration details at interop@flexpa.com.

Step 4 - Retrieve FHIR resources

With a usable Patient ID, we will now attempt to fetch the FHIR resources listed in your capability statement. We expect your capability statement to be reached at the endpoint <BaseURL>/metadata and resources at <BaseURL>/<resourceName>.

If resource retrieval failed for any reason, you will see the error message Sync Failed. We are working on improving visibility of more detailed errors per FHIR request here. For now, please contact us for detailed error logs if not captured in your own systems.

Step 5 - QA FHIR Resource Content

If retrieving FHIR resources was successful, we will display the JSON bundle in a user friendly manner in our interface. You may click "View JSON" or "Download JSON" for your analytics purposes. Any references that could not be resolved, will display an error message. Feel free to email us for an in-depth analysis of any data elements that you need clarification on.

All information in the images below below are test data

Bonus: Inferno Test Suite

The Inferno Test Suite enables comprehensive testing of the Patient Access API for FHIR compliance, ensuring secure and standardized access to patient health information. This includes validating that your API implementation adheres to industry regulations and functions effectively within the healthcare ecosystem. For more details, visit the Inferno Patient Access API Test Suite.

Testing CMS-0057 Payer-to-Payer API

CMS-0057's Payer-to-Payer API requirement will be effective as of January 1, 2027 amongst other provisions for Provider Access API, Prior Authorization API, and more. This will increase demand for mature FHIR servers, but also nuanced workflow software for the complexity of prior authorizations.

For those building on top of CMS-9115 implementations, now is the time to test and build a robust foundation before these new APIs are built on top. We want to be your testing partners in this effort.

Flexpa is the first public implementer of the client role in the Payer-to-Payer API. We will be participating in the HL7 FHIR Connectathon 38 in January. Contact us at interop@flexpa.com if you'd like to schedule a demo or testing session.

As the leader in payer FHIR endpoint connectivity, we're committed to helping you succeed with your interoperability implementation. Whether you're just starting your implementation or looking to optimize existing endpoints, our team can help you achieve rapid, reliable data exchange that meets regulatory requirements. Reach out to our team at interop@flexpa.com to discuss how we can support your interoperability goals.