Issuers seeking certification of their QHPs must meet CMS requirements for data interoperability as implemented by the Interoperability and Patient Access Final Rule. Issuers must attest to the organization’s compliance with the following requirements:

  • The implementation of an application programming interface (API) that enables enrollees to access their health data via a third-party application of the enrollee's selection.
  • The inclusion of claims, encounter, cost, and clinical data within timeframes detailed in the regulation.
  • The public posting of complete technical documentation to guide successful interaction with the API.
  • The public posting of educational resources for enrollees that advise on the protection of personal health information, which organizations are likely to be Health Insurance Portability and Accountability Act (HIPAA)-covered entities, and how to submit formal complaints.
Note: CMS has decided to exercise enforcement discretion not to take action against certain payer-to-payer data exchange provisions of the May 2020 Interoperability and Patient Access final rule. Further details are available on the Additional Regulatory Guidance webpage linked below. 

In addition to attesting to compliance, issuers must also supply 1-2 URLs where the public posting of technical documentation and educational resources for enrollees may be found. These URLs should lead to live, active webpages and include key terms indicating the issuer has included required technical information and education resources. Issuers are advised to refer to CMS URL guidance documents listed at the bottom of this webpage. 

Key Changes for PY2024:
  • If you are applying to certify Medical QHPs, you must still respond to the Interoperability Attestations, however justifications will be submitted via the Interoperability Justification Form uploaded in MPMS rather than in a free text box as in PY2023.

Tips for the Interoperability Section

  • Respond to all questions on the web-based form to attest to compliance with each requirement. If you respond “No” to any attestation, you must submit the Interoperability Justification Form. Verify that submitted URLs are live and active.
  • Verify that sign-in or registration are not required to access API documentation to ensure submitted URLs meet the public accessibility requirements.

Application Resources