Blog/Platform Updates

The Highway from CMS 9115F to CMS 0057

A comprehensive guide to how payers can leverage their existing CMS 9115F infrastructure to efficiently implement the upcoming CMS 0057 requirements for interoperability and prior authorization.

April 15, 2025Angela Liu
The Highway from CMS 9115F to CMS 0057

As the healthcare industry continues its journey toward greater interoperability, the path from CMS 9115F (Patient Access API) to CMS 0057 (Interoperability and Prior Authorization Final Rule) represents a critical evolution in how payers share and manage health data. Far from being separate regulations, these rules form a clear progression—with 9115F establishing the foundation upon which the more complex requirements of 0057 will be built.

The Technical Foundation: Why 9115F Infrastructure Investments Matter

Payers who have thoughtfully invested in robust 9115F infrastructure will find themselves at a significant advantage when implementing 0057 requirements. The Patient Access API mandated by 9115F established the base FHIR infrastructure that 0057 expands upon in several important ways:

  1. FHIR Server Capabilities: Payers who implemented high-quality, scalable FHIR R4 servers for 9115F can extend these same systems to support the additional endpoints required by 0057.

  2. API Management: The API governance, monitoring, and security practices established for 9115F provide the operational backbone needed for the more complex API ecosystem mandated by 0057.

  3. Data Processing Pipelines: 9115F required payers to build data extraction and transformation pipelines from legacy systems to FHIR formats—these same pipelines will need to be leveraged and expanded for 0057 compliance.

Payers who took shortcuts or implemented minimal 9115F solutions may face significantly higher costs and technical challenges when adapting to 0057 requirements, as they'll need to rebuild core infrastructure rather than extend existing capabilities.

Authentication and Consent: Increasing Complexity

Perhaps the most significant evolution from 9115F to 0057 is in the realm of authentication and consent:

  1. Beyond Patient-Mediated Access: While 9115F focused primarily on patient authentication through OAuth 2.0 flows, 0057 introduces new authentication patterns for payer-to-payer and provider-to-payer data exchange that require server-to-server authentication mechanisms.

  2. Digital Consent Management: 0057 significantly expands consent requirements, particularly for the Payer-to-Payer API. Payers must implement sophisticated digital consent workflows that track patient permissions across organizational boundaries and data types.

  3. Consent Persistence: Unlike the simpler authorization flows in 9115F, 0057 requires maintaining consent records over time and across multiple data exchange scenarios.

Payers who have built flexible authentication systems and thoughtful consent management for 9115F will be better positioned to adapt these systems for 0057's more complex requirements.

Resource Scope Expansion: More Data, More Complexity

The scope of FHIR resources required by 0057 substantially expands on what was mandated by 9115F:

  1. Prior Authorization Data: 0057 adds entirely new categories of data related to prior authorizations that weren't included in 9115F.

  2. Provider Directory Information: More comprehensive provider data must be made available through 0057 APIs.

  3. Clinical Data Expansion: The clinical data requirements expand beyond what was required under 9115F.

Payers who designed their FHIR implementations with flexibility and extensibility in mind will have an easier time adding these new resource types to their existing systems.

Operational Readiness: Learning from 9115F Implementation

The implementation of 9115F has provided valuable lessons that directly apply to 0057 readiness:

  1. Developer Support: Payers who invested in robust developer documentation, sandbox environments, and support systems for 9115F will have established practices that directly translate to 0057 implementation.

  2. Performance Optimization: The experience gained in optimizing FHIR API performance for 9115F will prove invaluable as the more complex 0057 APIs come online.

  3. Monitoring and Observability: Systems built to monitor 9115F API usage, performance, and errors provide the foundation for the more extensive monitoring needed for 0057.

Network Effects: Leveraging Existing Connections

One often overlooked advantage of strong 9115F implementation is the network effect it creates:

  1. Ecosystem Familiarity: Third-party developers who have integrated with a payer's 9115F APIs will have an easier time adopting their 0057 APIs.

  2. Standards Alignment: Payers who have actively participated in HL7 and other standards bodies during 9115F implementation will be better positioned to influence and quickly adopt the evolving standards that will support 0057.

  3. Trusted Partner Networks: Relationships established with technology vendors, consultants, and implementation partners during 9115F projects can be leveraged for more efficient 0057 implementation.

The Business Case for Continuity

Beyond the technical arguments, there's a compelling business case for viewing 9115F as the foundation for 0057:

  1. Cost Efficiency: Extending existing 9115F infrastructure is significantly more cost-effective than building parallel systems for 0057 compliance.

  2. Risk Reduction: Payers who have already solved key technical challenges in 9115F implementation face fewer unknowns and lower implementation risks for 0057.

  3. Competitive Advantage: Organizations that provide superior developer and patient experiences with their 9115F implementations can extend this advantage to their 0057 APIs, potentially differentiating themselves in areas like prior authorization efficiency.

Looking Ahead: Preparing for 2027

With the 0057 implementation deadline of January 1, 2027 approaching, payers should be evaluating their 9115F implementations with an eye toward how they'll support 0057 requirements:

  1. Gap Analysis: Identify aspects of current 9115F infrastructure that may need enhancement to support 0057.

  2. Authentication Modernization: Ensure authentication systems can support the expanded patterns required by 0057.

  3. Consent Management: Begin designing or extending consent management systems to handle the more complex requirements of 0057.

  4. Resource Expansion Planning: Map out how existing FHIR resource implementations will need to be extended to support new data types.

The path from 9115F to 0057 represents not just a regulatory progression but an opportunity to build upon existing investments to create truly modern, interoperable health data infrastructure. Payers who recognize this continuity and plan accordingly will find themselves better positioned for both compliance and competitive advantage in the evolving healthcare data ecosystem.

Ready to talk about your 0057 strategy and how Flexpa can help? Let's get in touch.

More platform updates

View All
Launching NPI Enrichment and Provider Directory

Launching NPI Enrichment and Provider Directory

Announcing two powerful new features - automatic NPI enrichment for claims data and a comprehensive Provider Directory API powered by NPPES data

March 31, 2025Joshua Kelly
Flexpa Adds VA Connectivity to our Network

Flexpa Adds VA Connectivity to our Network

Flexpa is now connected to the Department of Veterans Affairs, serving 9.1 million veterans through secure, patient-authorized access to claims records

April 7, 2025Flexpa Team
Scaling FHIR Data Processing with Promise Pools and Redis

Scaling FHIR Data Processing with Promise Pools and Redis

How Flexpa built a scalable system to process healthcare data from multiple providers using Promise Pools for controlled concurrency and Redis for distributed job processing.

April 21, 2025Joshua Kelly

Get fresh insights on patient access

Unsubscribe anytime

Newsletter illustration