---
description: CMS-9115-F established the Patient Access API and the Provider Directory API. Published May 1, 2020; both APIs have been in production since January 1, 2021.
---

# CMS-9115-F

The 2020 CMS Interoperability and Patient Access final rule was [published in the Federal Register on May 1, 2020](https://www.federalregister.gov/documents/2020/05/01/2020-05050/medicare-and-medicaid-programs-patient-protection-and-affordable-care-act-interoperability-and). It established two FHIR APIs that impacted payers have been required to maintain since January 1, 2021.

## APIs in scope

| API | Payerbox doc |
|---|---|
| Patient Access | [Patient Access](../interop-apis/patient-access.md) |
| Provider Directory | [Provider Directory](../interop-apis/provider-directory.md) |

## Patient Access API

Member-authorized access via SMART App Launch / OAuth 2.0; returns USCDI clinical data, adjudicated claims (with remittances and enrollee cost-sharing), encounters with capitated providers, and lab results.

| Property | Value |
|---|---|
| Compliance date | January 1, 2021 |
| Update SLA | No later than one business day after the payer adjudicates a claim or receives encounter data |
| Authentication | Member-authorized (SMART App Launch, OAuth 2.0, OpenID Connect) |
| Service-date floor | January 1, 2016 |
| End-user authentication required? | Yes — member must authorize each app |

### Citations

| Payer type | CFR section |
|---|---|
| Medicare Advantage | 42 CFR 422.119 |
| Medicaid FFS | 42 CFR 431.60 |
| Medicaid MCO | 42 CFR 438.242(b)(5) |
| CHIP FFS | 42 CFR 457.730 |
| CHIP MCO | 42 CFR 457.1233(d) (incorporates 438.242(b)(5) by reference) |
| QHP on FFE | 45 CFR 156.221 |

## Provider Directory API

Public, unauthenticated FHIR API exposing contracted providers, pharmacies, networks, and plans.

| Property | Value |
|---|---|
| Compliance date | January 1, 2021 |
| Update SLA | No later than 30 calendar days after the payer receives directory information or an update |
| Authentication | None for end-users; app-key registration permitted for traffic management |
| Required data elements | Provider names, addresses, phone numbers, specialties (plus pharmacy name/address/phone/network count/type for MA-PD) |

### Citations

| Payer type | CFR section |
|---|---|
| Medicare Advantage | 42 CFR 422.120 |
| Medicaid FFS | 42 CFR 431.70 |
| Medicaid MCO | 42 CFR 438.242(b)(6) |
| CHIP FFS | 42 CFR 457.760 |
| CHIP MCO | 42 CFR 457.1233(d) (incorporates 438.242(b)(6) by reference) |
| QHP on FFE | Exempt — 45 CFR 156.221(i) already requires a machine-readable directory |

## What CMS-0057-F changed

CMS-0057-F kept the Provider Directory API intact and **extended** the Patient Access API: from January 1, 2027, impacted payers must also expose prior-authorization request and decision data through Patient Access, with a 1-business-day SLA after the payer receives the prior-auth event. See [CMS-0057](cms-0057.md).

## References

- [Federal Register: CMS-9115-F (May 1, 2020)](https://www.federalregister.gov/documents/2020/05/01/2020-05050/medicare-and-medicaid-programs-patient-protection-and-affordable-care-act-interoperability-and)
- [CMS — Patient Access API FAQ](https://www.cms.gov/priorities/burden-reduction/overview/interoperability/frequently-asked-questions/patient-access-api)
- [CMS — Provider Directory API FAQ](https://www.cms.gov/priorities/burden-reduction/overview/interoperability/frequently-asked-questions/provider-directory-api)
