State of Provider Directory APIs 2024

Background and Purpose of Analysis

In July 2021, CMS required payers with CMS-regulated health plans to publish Provider Directory APIs. In the 3 years since, Defacto has collaborated with payers in evaluating their APIs, identifying issues, testing resolutions, and querying the APIs on an ongoing basis. Defacto previously published statistics in 2022 on payer API availability and an analysis of issue patterns, and this post is an update.

The purpose of this updated analysis is to include all payers with greater than 100k public sector covered lives (the top 137 CMS-regulated payers), provide updates on API compliance for each of the payers, and identify issue patterns among payers and their vendors. Defacto will regularly update a public spreadsheet on payer and vendor compliance, as Provider Directory API issues are resolved. We invite questions, feedback, and corrections.

If you want to skip straight to the spreadsheet of payers, vendors, and their scores, you can access it here.

Use Cases and Usage of Directory Data

At Defacto, we say that data and APIs ‘do a job‘, and it’s important to understand the definition of the jobs Provider Directory APIs should do. The best Directory APIs are purpose-built. In CMS’s original language in its 2020 Final Rule, it considers these jobs related to the Provider Directory API:

  1. Provider Selection: “identify which providers are within a given plan’s network in a way that is simple and easy for enrollees to access and understand, and thus find the providers that are right for them.”
  2. Health Plan Comparison: “innovation in applications … that help enrollees and prospective enrollees to more easily compare provider networks while they are considering their options for changing health plans.”
  3. Directory Data Cleansing: “collect the publicly available directory data, clean these data, supplement these data, and offer this enhanced data product back to payers and providers”
  4. Reducing Provider Data Submission Burden: “making provider directory data accessible could reduce provider burden by enabling payers to more widely share basic information about the providers in their networks, such as provider type, specialty, contact information, and whether or not they are accepting new patients.”

In its 2024 Interoperability Rule, CMS considers these additional jobs for Provider Directory API:

  1. Granting access to Provider Access API: ‘Authenticating the identity of the provider will include confirming that the requesting provider is in-network or enrolled with the payer.’
  2. Supporting prior authorization workflows: ‘network information from payers’ to clarify the ‘distinction in-network and out-of-network providers’.

We heard from one payer that they are not resolving issues due to ‘lack of demand’ for the APIs. They made an assumption that since only Defacto was requesting access to its API, that there was limited demand. Defacto, however, is an intermediary for several organizations interested in using data from the APIs but not interested in the overhead of discovering, testing, and querying them. These organizations include a doctor finder platform, a physician social network, referral and care navigation companies, and data analytics platforms supporting payers, providers, and life sciences companies. The data impacts millions of patients, hundreds of thousands of providers, and hundreds of payers. Payers should know that there is high demand for this data, and it does many jobs.

National Coverage

Intense collaboration between payers and Defacto Health since July 2021 has resulted in functioning APIs for a majority of payers (when adjusted for their share of public sector covered lives). Across Medicare fee-for-service and Medicare Advantage, available Provider Directory APIs results in 97% of all Medicare lives being able to access their provider directories via API. Exchange payers are doing moderately well at 63% (the 37% gap is explained by state-based exchanges where qualified health plans are not required to publish machine-readable files). State Medicaids and Medicaid managed-care organizations (MCOs) are all required to publish Provider Directory APIs, and this segment of payers is lagging at 59% in compliance relative to their Medicare counterparts. The largest Medicaid MCO with a non-functioning API is Centene, which represents half of the coverage gap. 

Total CMS-Regulated: 167,423,775 covered (74%)

Some payers are also making available information on commercial networks and plans via their APIs. Defacto has record of at least 18 payers making available Provider Directory APIs that include commercial business, which includes 3 national payers and 9 state blues payers. In addition, the Department of Veterans Affairs is also publishing their own Provider Directory API adding to national coverage beyond CMS-regulated lives.

* Medicare FFSMedicare AdvantageMedicaid, and ACA enrollment stats from Kaiser Family Foundation.

Payer Scoring Rubric

For each payer with over 100k public sector lives, we assessed the status of their API. If their API has issues, we listed the primary issue category. See below for tables of the status and issue categories and descriptions. The purpose of categorization is to demonstrate patterns of non-compliance to regulators and vendors. Specific issue observation and reproduction steps are left out of this report, but can be made available to vendors and payers upon request. 

API Statuses and Descriptions

API Issue Categories and Descriptions

To view the complete spreadsheet of payers, vendors, and their respective scores, access it here.

Top 10 payers with working APIs

These are the ten largest payers that have published functional Provider Directory APIs that are being regularly queried by Defacto Health. Their API teams (and vendors) are responsive to reported issues and questions. We are grateful for the interoperability teams, provider data teams (and their vendors) within these payers for prioritizing the availability and usability of Provider Directory data via FHIR APIs:

  1. UnitedHealthcare
  2. Elevance (Anthem)
  3. Humana
  4. Aetna
  5. Molina
  6. L.A. Care
  7. Amerihealth Caritas
  8. CareSource
  9. Kaiser Permanente
  10. Colorado Medicaid

In addition to the ten described above, Defacto Health is integrated with over 120 payers via their APIs or QHP machine-readable files. If you are interested in the full list of payers that Defacto is integrated with, please reach out to us to request the information.

Top 10 payers with non-functioning APIs 

These payers have been challenged to get their Provider Directory APIs working since the Final Rule effective date. Defacto has worked to understand the reasons that payers been unable to publish working Provider Directory APIs, and there are common patterns:

  • State Medicaids have procurement requirements that result in slow implementation timelines. Public solicitation documents show year-plus procurement and implementation durations. Nevertheless, 21 State Medicaids have successfully implemented Provider Directory APIs. 
  • Many payers have been challenged with upstream Provider Data Management issues that prevent the proper data from flowing into the APIs. Resolution requires coordination between the payer’s interop team, the payer’s provider data team, and their respective vendors.
  • Other payers, like HealthFirst and UPMC Health Plan, have chosen not to include the information in their APIs, rendering them unusable to answer the question: ‘Does this provider accept my insurance plan?’

These are the 10 largest payers that have been unable to publish usable Provider Directory APIs: 

Breakdown of Payer Compliance

While most payers (with greater than 100k enrollees) have published Provider Directory APIs, 12% are still in the process of procuring a vendor or implementing their API. Of the payers who have APIs, around a third of them have issues that prevent them from being queried, or from answering basic questions like ‘Does this provider accept my plan?’. The industry has made significant progress in the past 3 years, and while most members with CMS-regulated plans could access their data via standards-based APIs, there remains a long tail of payers that need to fix their APIs.

Breakdown of Payer Compliance

 * These percentages are not adjusted by covered lives, to better demonstrate the number of organizations in each issue category.

Breakdown of Payer Issue Types

While a variety of issues have been observed in payers’ APIs, the most prevalent issue is missing Practitioner-Plan relationships. It is important to remember that members subscribe to a named plan-product (e.g., ‘AARP Medicare Advantage (HMO-POS)’), not just with a carrier (e.g., ‘UnitedHealthcare’). A whopping 52% of payers with issues have this issue in their APIs. A cursory evaluation of APIs may not reveal this right away, as payers’ APIs can present both Practitioners (e.g., Dr. Larry Chen) and plans, but these APIs are missing the logical relationships between these two FHIR resources. The lack of these logical relationships is preventing members from answering the most basic directory question ‘Is this provider in network with my plan?’ 

It is also noteworthy that 13% of payers with issues have authentication or registration errors. CMS explicitly forbids gating Provider Directory APIs with a registration or approval process, as they are intended to be publicly available APIs. Missing NPIs and other data make up the remainder of the issues. We encourage payers and vendors to take these issues seriously when defining, building, and testing their Provider Directory APIs.

The Role of Vendors in Building Functioning Provider Directory APIs

API vendors have an important role to play in building and managing Provider Directory APIs on behalf of their vendors. In some cases, the vendor itself is responsible for the API issue and can resolve issues (e.g., lack of query parameters, API response times, some data issues). However, API vendors are dependent on upstream data (either from the payer’s own system or from the payer’s vendor-managed Provider Data Management system). When they report issues to the payers, the ability to load the correct data may not be entirely within the vendor’s control. 

We encourage API vendors to work as trusted advisors to their payers, presenting implementation readiness checklists and providing feedback to the payer on the questions their API can and cannot answer and the risk that non-functional APIs present. We encourage payers to be explicit about requirements and effectively manage multiple vendors (API and data) to establish the right solution that can answer basic directory questions.

Top API Vendors and % of payers by API status

Conclusion and Call to Action

If you are a payer on the above list, or in the attached spreadsheet, and would like to discuss/review our findings, we are happy to do so. We are committed to offering detailed reports, clear reproduction steps, and prompt testing for issue resolutions in partnership with health plans. We hope the information we’ve provided promotes better awareness of how directory data is being used and supports the growth of a healthier ecosystem of provider directory data. Let’s work together (payers, vendors, regulators, and the public) to ensure that all members of CMS-regulated plans are able to access their directory data via standards-based APIs.