Issuers seeking certification of their QHPs must meet CMS requirements for data interoperability as implemented by the Interoperability and Patient Access Final Rule. Issuers must attest to the organization’s compliance with the following requirements:

  • The implementation of an application programming interface (API) that enables enrollees to access their health data via a third-party application of the enrollee's selection.
  • The inclusion of claims, encounter, cost, and clinical data within timeframes detailed in the regulation.
  • The public posting of complete technical documentation to guide successful interaction with the API.
  • The public posting of educational resources for enrollees that advise on the protection of personal health information, which organizations are likely to be Health Insurance Portability and Accountability Act (HIPAA)-covered entities, and how to submit formal complaints.
Note: CMS has decided to exercise enforcement discretion not to take action against certain payer-to-payer data exchange provisions of the May 2020 Interoperability and Patient Access final rule. Further details are available on the Additional Regulatory Guidance webpage linked below. 

In addition to attesting to compliance, issuers must also supply 1-2 URLs where the public posting of technical documentation and educational resources for enrollees may be found. These URLs should lead to live, active webpages and include key terms indicating the issuer has included required technical information and education resources. Issuers are advised to refer to CMS URL guidance documents listed at the bottom of this webpage. 

Application Resources