Interoperability

Issuers seeking certification of their QHPs must meet CMS requirements for data interoperability as required by the Interoperability and Patient Access Final Rule. Issuers must attest to their compliance with the following requirements:

  • The implementation of an application programming interface (API) that enables enrollees to access their health data via a third-party application of the enrollee's selection.
  • The inclusion of the enrollee’s health data -- claims, encounter, cost, and clinical data -- within timeframes specified in the regulation.
  • The public posting of complete technical documentation to guide successful interaction with the API.
  • The public posting of educational resources for enrollees on the protection of personal health information, which organizations are likely to be Health Insurance Portability and Accountability Act (HIPAA)-covered entities, and how to submit formal complaints.
Note: On December 8, 2021, CMS announced its decision to exercise enforcement discretion on certain payer-to-payer data exchange provisions of the May 2020 Interoperability and Patient Access final rule (CMS-9115-F) until identified implementation challenges could be addressed in future rulemaking. The CMS Interoperability and Prior Authorization final rule (CMS-0057-F), released on January 17, 2024, rescinded those earlier payer-to-payer data exchange provisions, and addressed their challenges with its Payer-to-Payer API policies. Certain provisions in the Interoperability and Prior Authorization final rule take effect January 1, 2026, but impacted payers have until January 1, 2027, to meet its API requirements. For additional information on the 2024 final rule, please refer to the final rule and fact sheet at https://www.cms.gov/priorities/key-initiatives/burden-reduction/policies-and-regulations/cms-interoperability-and-prior-authorization-final-rule-cms-0057-f

In addition to attesting to compliance, issuers must also supply: one (1) URL where the public posting of API technical documentation (required by 45 CFR 156.221(d)) will be found and one (1) URL where educational resources for enrollees (required by 45 CFR 156.221(g)) will be found. These URLs should lead to live, active webpages. These URLs should not require any special effort to access, including requirements to sign in, register, or create an account. Issuers should refer to the “URL Guidance” under the “Application Resources” section, below.  

Key Changes for PY2025:
  • Revised Correction Codes for the Interoperability URLs related to the accessibility and required content specified at 45 CFR 156.221(d) and 45 CFR 156.221(g).
  • Issuers can provide only one URL in response to Question 3.
  • Issuers can provide only one URL in response to Question 4.
  • Issuers must use the updated Interoperability Justification Form if answering “No” to any question.

Tips for the Interoperability Section

  • Verify that URLs for Questions 3 and 4 are active and link to the required content.
  • Ensure that the content available via the URL submitted for Question 3 meets the requirements of 45 CFR 156.221(d). The presence of keywords is not sufficient to meet the regulatory requirements. 
  • Ensure that the content available via the URL submitted for Question 4 meets the requirements of 45 CFR 156.221(g).
  • Provide URLs that link directly to the required content for Question 3 and Question 4.
  • Verify that any links within the URLs submitted for Questions 3 and 4 are active if the issuer relies on those links to meet regulatory requirements.
  • Check that special effort, such as a sign-in or registration, is not required to access the content specified in Question 3 and Question 4.
  • Submit the Interoperability Justification Form if answering “No” to any question.
            Application Resources