MEET CMS & ONC Interoperability and patient access requirements quickly With Minimal Disruption and Maximum Long Term Benefits

Offer secure data access to all your members through a universal data platform that reduces IT overhead, while protecting and leveraging your valuable data assets.

September 2021

1. Quick Start Guide to Rapid Compliance with CMS & ONC Requirements

New rules from the CMS & ONC under HHS aim to get more payment and clinical data in the hands of patients when and where they need it. Among other requirements, payers will need to share member information using open data standards, especially Fast Healthcare Interoperability Resources (FHIR). This guide provides: a) technology requirements to reach compliance and b) a roadmap of implementation considerations. To comply with regulatory milestones, payers operating plans under CMS authority must implement a system using FHIR to provide:

  • Patient Access API ( the most technically demanding requirement)
  • Provider Directory API
  • Payer to Payer Data Exchange
CMS Interoperability_Altered effects

While the rules present a graduated approach to enforcement, achieving successful compliance in a timely and cost effective manner will be a challenge for most payers. Payers will face a host of largely unfamiliar challenges including:

  • Patient matching: matching claims/EOB Blue Button data to correct clinical information/USCDI (including new incoming data in 2022) from multiple disparate systems. Suboptimal matching could result in a HIPAA violation or other potential associated risks.
  • Authenticating users via OAuth2 and Authorizing users via Open ID Connect protocols.
  • Leveraging SMART on FHIR applications to manage multiple identities, define a digital-engagement competitive advantage, and anticipate future requirements.
  • Consent management mechanisms to ensure only the right users view the right data to maintain patient privacy and consent.
  • Data availability and scalability, including data migration options which provide alternatives for ensuring compliance with requirements that claims data be available through the Patient APIs within one (1) business day of adjudication.
  • Exposing data assets to untrusted 3rd party applications.
  • Mapping legacy enterprise systems which often use older (e.g. X12) and/or proprietary data models to FHIR.
  • Allocating internal resources for compliance with regulations and providing ongoing business and technical maintenance to remain in compliance.

Key Takeaway: Payers should be looking for FHIR solutions that address their
near term requirement for compliance without compromising their ability to meet growing demands for data sharing. By implementing an enterprise-class data platform, payers can meet this requirement while realizing the full benefits of FHIR.

2. Compliance Today and in the Future

To gain compliance, payers must act quickly to meet CMS & ONC timelines. This will require a solution with built-in tooling and expertise in order to realize the “Fast” in FHIR.

Smile is FHIR to its core—not just as an interface but as an underlying data model—enabling you to fully take advantage of FHIR’s benefits.

As an enterprise-class FHIR server and services platform, Smile is designed to enable fast deployment with our robust and proven tooling, with the added flexibility to grow with your needs as compliance requirements evolve.

Additionally, Smile is recognized as the leader in enterprise FHIR implementations and has created a compliance program designed to help payers meet CMS & ONC regulations quickly and cost effectively.

With a development environment that can be set up in days and a Proof-of-Technology (PoT) model designed to jump-start implementation, payers can both meet compliance with CMS & ONC regulations and create a standardized data platform that delivers significant future business value.


As part of your PoT we provide apps for conformance testing and to help validate compliance.

PayersProvidersPatients Triangle

Smile is built on HAPI FHIR - the reference implementation of the full FHIR specification as appointed by HL7, the standards body behind FHIR.

As such, Smile supports the complete FHIR ecosystem from claims to labs to full longitudinal patient health records with the most complete implementation of the FHIR specification, meaning every FHIR resource is supported.

As Smile is also the maintainer of the community HAPI FHIR server, new and updated FHIR resources will become available to your Smile server as soon as they’re added to the standard—ensuring you’re able to take advantage of the latest and greatest innovations in FHIR, while maintaining coverage of previous versions.

Smile provides unlimited scalability and flexibility to meet current and emerging CMS & ONC requirements, in addition to your evolving business requirements.

Where existing operational systems are currently strained or at risk of declining performance due to onboarding new/external data requests, Smile offers functionality enabling you to segregate and protect your existing core data assets.

You can also confidently share your data, as per the requirements, knowing that Smile has several layers of security and data privacy controls built-in and can integrate with your existing security systems.

Smile is the choice of 50 enterprise clients and governments across ten countries—and growing. Our approach allows you to integrate once and then enjoy the benefits without worrying about maintaining the integrations as FHIR evolves.

Designed for enterprises, we provide out-of-the-box tooling to manage growth and reduce implementation efforts and costs, while aligning with your enterprise’s IT infrastructure.

Payer Compliance Program Overview

payer icons1324x3225

Multiple layers of security


  • Load balancer (dynamic scaling, resiliency, minimal downtime)
  • Multiple interfaces to ingest data from your existing systems
  • CMS compliant interfaces to meet Patient API, Provider directory, and payer-to-payer requirements; in addition to flexibility for future growth

Payer Compliance Program Toolkit

Accelerated Data Acquisition
  • Both the API and the FHIR Repository use the same data definitions, enabling faster implementation and simplified testing.
  • Smile comes out-of-the-box with rich tooling, such as interfaces and translations, and features that reduce project risks and accelerate implementation for payers.
  • Leverage the expertise of our FHIR team’s experience, including global leadership in FHIR servers, Blue Button implementation guides, and FHIR vendor certification.
Built-In Identity and Access Management
  • Smile works with your enterprise identity and authentication systems (i.e. Active Directory, LDAP, Okta, Forgerock, MitreID Connect, RedHat Keycloak, Microsoft Identity Platform, etc.) or with our built-in OAuth server.
  • Smile works with your internal authorization server or with our built-in OpenID (OIDC) server.
  • Built in SMART on FHIR server underpins an integrated user experience through seamless context switching.
  • Smile’s admin console enables finely-grained access control driven by role and scope.
Enable Secure Consumer and 3rd-Party App Access
  • Smile natively supports SMART on FHIR, meaning that SMART apps can both retrieve and/or put data into connected data sources.
  • Constrain what lives in the FHIR Repository to allow secure 3rd party app functionality while limiting access to sensitive information and protecting internal production systems.
  • Rich consent management and filtering functionality.
  • Comprehensive monitoring, audit and transaction logging.
  • Replicated and segregated data for ransomware resiliency.
  • Data and identity are decoupled from the application, enabling distinct SMART applications to appear as a seamless experience to the user.
Integrated EMPI
  • Native integration with existing EMPIs or use Smile’s internal EMPI.
  • This capability enables matching claims/EOB Blue Button data to clinical information/USCDI beyond attributes offered by traditional EMPIs. Where available, using more attributes to match reduces the likelihood of errors and potential HIPAA violations.
Enterprise Notification
(Message Queue) System
  • Event streaming via FHIR subscriptions and notifications can power internal customers with real time triggers/alerts.
  • Unleash internal innovation with real time access to focused data feeds and a canonical enterprise data model.
Enterprise-Class FHIR Server with Proven Scalability and Flexible Deployment Models
  • Smile is designed to be clustered in horizontal clusters of any size, so Docker, Kubetnetes and master node design all help with scaling that can be deployed on-prem on in your virtual cloud.
  • Data access and storage flexibility are among the most important considerations. The Smile FHIR Server supports Facade (real time data delivery from existing data sources), a FHIR repository storage, and a hybrid model.
  Facade Repository
  • Leverages existing investments in
    SOA /microservices
  • A single source of truth
  • Native FHIR repositories support most FHIR features out of the box e.g. new search parameters, includes, chaining, etc.
  • A FHIR repository often instantly becomes a valuable enterprise asset
  • Performance: Often times existing sources are not
    (and can not be) tuned for arbitrary online transactions
  • Existing systems need
    to support additional performance load from third parties
  • Can be hard to support
    “bare minimum” FHIR features, very difficult
    (possibly prohibitively so) for more advanced FHIR features
  • Exposes corporate assets to potentially untrustworthy third party apps
  • Converting data up-front takes non-trivial effort as it has a higher threshold for “getting it right the first time”
  • Duplicating large volumes of data has storage implications
FHIR Facade

In addition to being the solution to meet your immediate compliance needs, Smile is also the platform to underpin your growth and transformation into a data-driven organization prepared for the future.

Growing With Smile

3. Smile Digital Health is Your Premier Implementation Partner

Why Smile?

  • Most reliable, lowest risk option for an enterprise FHIR solution
  • Leaders in providing enterprise scale and reliability in FHIR server technology
  • Maintainers of the most used open source FHIR server in the world (HAPI FHIR), on which Smile is built
  • Rich implementation experience helping payers stand up enterprise-grade FHIR servers quickly & cost effectively and integrating into existing environment
  • End-to-end services—from product to implementation to leveraging our ecosystem of partners for additional best-of-breed tooling

Payers are now faced with the task of standing up significant new infrastructure with new partners and data access pathways using a standard many payers have yet to develop expertise in, and all on a tight timeline. They also must adjust to a shifting regulatory landscape and capitalize on new data flows to ensure they remain competitive. How should this process be started and what should payers prioritize?

How Smile Accelerates Implementation

Applications of Customer Choice Icon
  • Preconfigure adapters to rapidly ingest data into enterprise class FHIR repository or integrate with existing data stores to enable data consumption through readily accessible FHIR APIs
Security Icon
  • OAuth 2.0 & OIDC ensure HIPAA compliance to mitigate impact of inefficient SMART on FHIR apps or malicious actors
  • Successfully passed security and privacy assessments
Scalability Icon
  • Designed to be vertically and horizontally scalable
  • Deployable in all major data centre and cloud service providers through cluster and Kubernetes technologies
EnrollingPatient Matching
  • Can integrate with existing EMPI solutions or provide internally to prevent patient mismatch of claims/EOB Blue Button data that may otherwise result in HIPAA violations
Performance Icon
  • Payer proven solution
  • Can handle current and future system demands

Working with Smile

Our engagement kicks off with a Proof of Technology (PoT). Together with your team we will cover:

  • Requirements definition and scoping
  • Architectural and solution design
  • Implement PoT in your sandbox that will include sample apps for testing and conformance
  • Testing and validation of your APIs
  • Knowledge transfer

From here you will have a proven business case and will be ready to graduate to the next step. Along the way your team will develop FHIR expertise.

We take a phased and measured approach that minimizes impact to existing systems and mitigates risk as you invest in this endeavour.

Our team brings unparalleled experience with enterprise FHIR implementations:

  • We’ve implemented Global 1000s and government projects in 10 countries including US, Canada, Mexico, Costa Rica, UK, Netherlands, Germany, Norway, Australia, New Zealand.
  • Smile is used by two of the ten largest payers in the US—with more to come.
  • Maintainers of HAPI FHIR, which is the most widely deployed FHIR implementation globally with more than 20,000 downloads monthly.
  • We have extensive experience with CARIN Blue Button, and participated in the development of the implementation guide.
  • Members of the FHIR Core team with a role in standards governance.
  • Member of ONC FHIR at Scale Team (FAST) vendor certification program.

Smile has the technology to meet CMS & ONC rules and provide a strategic FHIR platform that can provide significant business value well beyond compliance.

No other FHIR platform in the world has the needed enterprise-ready tooling and features listed here. And no other FHIR platform vendor has Smile’s proven experience and technical foundation to confidently ensure success with large scale implementations.

4. Next Steps

Get in touch to set up a needs assessment and Proof-of-Technology and let us show you how quickly your organization can achieve a compliant, enterprise-grade FHIR implementation.

Get the FHIR Started!