Payer Compliance: Provider Directory APIs in the first six months since CMS Final Rule enforcement

The CMS Final Rule on Interoperability and Patient Access requires payers to publish provider directory APIs and has been enforceable since July 1, 2021. CMS issued the rule to increase provider network transparency and to encourage third-party developers to leverage machine-readable provider network data from payers to develop new experiences around in-network provider search, health plan shopping, and other use cases related to patient access.

Early pre-enforcement publishers of provider directory APIs

Defacto Health started monitoring payers and their APIs in May 2021, three months ahead of the enforcement date. There were already a handful of payers publishing their provider directory APIs early in May. Included in this list are Aetna, Blue Cross Blue Shield Kansas City, CDPHP, Sharp Health Plan, Humana, and United Healthcare. These organizations took the hint when CMS said they would “strongly encourage payers to make their Provider Directory API public as soon as possible to make and show progress toward meeting all the API requirements being finalized in this rule.” Many of these early payers’ APIs are the most standards-conformant and issue-free of provider directory APIs that Defacto has evaluated, likely benefitting from a longer testing and feedback period relative to other payers.

Proportion of payers publishing provider directory APIs since May 2021

The graph above shows the % of payers publishing discoverable provider directory APIs from May 2021 onward. Defacto searched for these APIs using search engines, navigating health plan web sites, and reviewing publicly available endpoint directories. If results were not found publicly, Defacto reached out to payers’ interoperability support teams to inquire on API status, but these were not counted unless the information was subsequently published. The percentage of payers is adjusted for the size of the health plan in terms of the number of enrollees covered by the plan (e.g., a health plan with 1M enrollees would count more towards overall % than one with 100k enrollees). The percentage a health plan contributes to the total when publishing their API also considers the lines of business included (i.e., just Medicare and Medicaid or also commercial). By the July 2021 enforcement date, around 25% of payers were publishing their provider directory APIs. Between July and October 2021, an increasing rate of payers began publishing their APIs, and the rate of payers adding their provider directory APIs starts to level off beyond September. Since October 2021, on a monthly basis, Defacto has observed one or two Blues, an occasional state Medicaid agency, and a larger volume of smaller payers publishing their APIs.

January 2022: 67% of payers are now publishing provider directory APIs

We are now observing 67% of payers publishing their provider directory APIs. Defacto expects compliance to level off at between 70-80% in 2022 as around half of payers are publishing data for their commercial plans. We gave credit to Medicare FFS for publishing their provider flat file and also to a handful of State Medicaids who are doing the same (although they are not exactly conforming to the recommended Plan Net implementation guide). Many payers (including most state Medicaid agencies) who have yet to publish their provider directory APIs are in progress of implementing, having procured services from interoperability and provider data management vendors and are expecting to launch in 2022.

Six Months In: A majority of payers are complying and the remaining payers are making efforts to launch their APIs. All things considered (including a range of regulatory-related initiatives and a pandemic), this is decent progress for six months after the enforcement date and demonstrates a good faith effort on behalf of most payers to comply.

In our next post, we’ll share what we’ve seen in the provider directory APIs among the top 50 payers (all payer identities masked), including our experiences registering for access, reporting issues, and the mix of issues that we’ve observed.