Offer secure data access to all your members through a universal data platform that reduces IT overhead, while protecting and leveraging your valuable data assets.

1. Quick Start Guide to Compliance with CMS & ONC Requirements

New rules from the CMS & ONC under HHS aim to get more payment and clinical data in the hands of patients when and where they need it. Among other requirements, payers will need to share member information using open data standards, especially Fast Healthcare Interoperability Resources (FHIR).

This guide provides: a) technology requirements to reach compliance and b) a roadmap of implementation considerations.

To comply with regulatory milestones, payers operating plans under CMS authority must implement a system using FHIR to provide:

  • Patient Access API ( the most technically demanding requirement)
  • Provider Directory API
  • Payer to Payer Data Exchange
milestones timeline

While the rules present a graduated approach to enforcement, achieving successful compliance in a timely and cost effective manner will be a challenge for most payers. Payers will face a host of largely unfamiliar challenges including:

  • Patient matching: matching claims/EOB Blue Button data to correct clinical information/USCDI (including new incoming data in 2022) from multiple disparate systems. Suboptimal matching could result in a HIPAA violation or other potential associated risks.
  • Authenticating users via OAuth2 and Authorizing users via Open ID Connect protocols.
  • Leveraging SMART on FHIR applications to manage multiple identities, define a digital-engagement competitive advantage, and anticipate future requirements.
  • Consent management mechanisms to ensure only the right users view the right data to maintain patient privacy and consent.
  • Data availability and scalability, including data migration options which provide alternatives for ensuring compliance with requirements that claims data be available through the Patient APIs within one (1) business day of adjudication.
  • Exposing data assets to untrusted 3rd party applications.
  • Mapping legacy enterprise systems which often use older (e.g. X12) and/or proprietary data models to FHIR.
  • Allocating internal resources for compliance with regulations and providing ongoing business and technical maintenance to remain in compliance.

No new data needs to be collected in 2021, but existing data must be converted to FHIR resources to meet the rules.

FHIR CARIN Alliance Project Blue Button® 2.0 Spec (BB 2.0)

Maintained Clinical Data→
FHIR United States Core Data for Interoperability (USCDI)

Key Takeaway: Payers should be looking for FHIR solutions that address their near term requirement for compliance without compromising their ability to meet growing demands for data sharing. By implementing an enterprise-class data platform, payers can meet this requirement while realizing the full benefits of FHIR.

Watch: Understanding the Benefits and Value of Health Information for Payers

2. Compliance Today and in the Future

To gain compliance, payers must act quickly to meet CMS & ONC timelines. This will require a solution with built-in tooling and expertise in order to realize the “Fast” in FHIR.

Smile CDR is FHIR to its core—not just as an interface but as an underlying data model—enabling you to fully take advantage of FHIR’s benefits .

As an enterprise-class FHIR server and services platform, Smile is designed to enable fast deployment with our robust and proven tooling, with the added flexibility to grow with your needs as compliance requirements evolve.

Smile CDR's app gallery

Additionally, Smile is recognized as the leader in enterprise FHIR implementations and has created a compliance program designed to help payers meet CMS & ONC regulations quickly and cost effectively.

With a development environment that can be set up in days and a Proof-of-Technology (PoT) model designed to jump-start implementation, payers can both meet compliance with CMS & ONC regulations and create a standardized data platform that delivers significant future business value.

HL7 FHIR Payers Patients Providers Triangle

Smile CDR is built on HAPI FHIR - the reference implementation of the full FHIR specification as appointed by HL7, the standards body behind FHIR.

As such, Smile supports the complete FHIR ecosystem from claims to labs to full longitudinal patient health records with the most complete implementation of the FHIR specification, meaning every FHIR resource is supported.

As Smile is also the maintainer of the community HAPI FHIR server, new and updated FHIR resources will become available to your Smile server as soon as they’re added to the standard—ensuring you’re able to take advantage of the latest and greatest innovations in FHIR, while maintaining coverage of previous versions.

Smile provides unlimited scalability and flexibility to meet current and emerging CMS & ONC requirements, in addition to your evolving business requirements.

Where existing operational systems are currently strained or at risk of declining performance due to onboarding new/external data requests, Smile offers functionality enabling you to segregate and protect your existing core data assets.

You can also confidently share your data, as per the requirements, knowing that Smile has several layers of security and data privacy controls built-in and can integrate with your existing security systems.

Smile is the choice of 50 enterprise clients and governments across ten countries—and growing. Our approach allows you to integrate once and then enjoy the benefits without worrying about maintaining the integrations as FHIR evolves.

Designed for enterprises, we provide out-of-the-box tooling to manage growth and reduce implementation efforts and costs, while aligning with your enterprise’s IT infrastructure.

Payer Compliance Program Overview

Technical Diagram of Overview

Payer Compliance Program Toolkit

Accelerated Data Acquisition

  • Both the API and the FHIR Repository use the same data definitions, enabling faster implementation and simplified testing.
  • Smile CDR comes out-of-the-box with rich tooling, such as interfaces and translations, and features that reduce project risks and accelerate implementation for payers.
  • Leverage the expertise of our FHIR team’s experience, including global leadership in FHIR servers, Blue Button implementation guides, and FHIR vendor certification.

Built-In Identity and Access Management

  • Smile works with your enterprise identity and authentication systems (i.e. Active Directory, LDAP, Okta, Forgerock, MitreID Connect, RedHat Keycloak, Microsoft Identity Platform, etc.) or with our built in OAuth server.
  • Smile works with your internal authorization server or with our built in OpenID (OIDC) server.
  • Built in SMART on FHIR server underpins an integrated user experience through seamless context switching.
  • Smile’s admin console enables finely-grained access control driven by role and scope.

Enable Secure Consumer and 3rd-Party App Access

  • Smile natively supports SMART on FHIR, meaning that SMART apps can both retrieve and/or put data into connected data sources.
  • Constrain what lives in the FHIR Repository to allow secure 3rd party app functionality while limiting access to sensitive information and protecting internal production systems.
  • Rich consent management and filtering functionality.
  • Comprehensive monitoring, audit and transaction logging.
  • Replicated and segregated data for ransomware resiliency.
  • Data and identity are decoupled from the application, enabling distinct SMART applications to appear as a seamless experience to the user.

Integrated EMPI

  • Native integration with existing EMPIs or use Smile’s internal EMPI.
  • This capability enables matching claims/EOB Blue Button data to clinical information/USCDI beyond attributes offered by traditional EMPIs. Where available, using more attributes to match reduces the likelihood of errors and potential HIPAA violations.

Enterprise Notification (Message Queue) System

  • Event streaming via FHIR subscriptions and notifications can power internal customers with real time triggers/alerts.
  • Unleash internal innovation with real time access to focused data feeds and a canonical enterprise data model.

Enterprise-Class FHIR Server with Proven Scalability and Flexible Deployment Models

  • Smile CDR is designed to be clustered in horizontal clusters of any size, so Docker, Kubetnetes and master node design all help with scaling that can be deployed on-prem on in your virtual cloud.
  • Data access and storage flexibility are among the most important considerations. The Smile FHIR Server supports Facade (real time data delivery from existing data sources), a FHIR repository storage, and a hybrid model.
  Facade Repository
  • Leverages existing investments in SOA / microservices
  • A single source of truth
  • Native FHIR repositories support most FHIR features out of the box e.g. new search parameters, includes, chaining, etc.
  • A FHIR repository often instantly becomes a valuable enterprise asset
  • Performance: Often times existing sources are not (and can not be) tuned for arbitrary online transactions
  • Existing systems need to support additional performance load from third parties
  • Can be hard to support "bare minimum" FHIR features, very difficult (possibly prohibitively so) for more advanced FHIR features
  • Exposes corporate assets to potentially untrustworthy third party apps
  • Converting data up-front takes non-trivial effort as it has a higher threshold for "getting it right the first time"
  • Duplicating large volumes of data has storage implications
FHIR Facade

In addition to being the solution to meet your immediate compliance needs, Smile is also the platform to underpin your growth and transformation into a data-driven organization prepared for the future.

Growth Path and Use Cases for Smile CDR

3. Smile is your Premier Implementation Partner

Payers are now faced with the task of standing up significant new infrastructure with new partners and data access pathways using a standard many payers have yet to develop expertise in, and all on a tight timeline. They also must adjust to a shifting regulatory landscape and capitalize on new data flows to ensure they remain competitive. How should this process be started and what should payers prioritize?

Why Smile

  • Most reliable, lowest risk option for an enterprise FHIR solution
  • Leaders in providing enterprise scale and reliability in FHIR server technology
  • Maintainers of the most used open source FHIR server in the world (HAPI FHIR), on which Smile is built
  • Rich implementation experience helping payers stand up enterprise-grade FHIR servers quickly & cost effectively and integrating into existing environment
  • End-to-end services⁠—from product to implementation to leveraging our ecosystem of partners for additional best-of-breed tooling
Ways to accelerate your implementation with Smile CDR

Working with Smile

Our engagement kicks off with a Proof of Technology (PoT). Together with your team we will cover:

  • Requirements definition and scoping
  • Architectural design and solutioning
  • Implement PoT in your sandbox that will include sample apps for testing and conformance
  • Testing and validation of your APIs
  • Knowledge transfer

From here you will have a proven business case and will be ready to graduate to the next step. Along the way your team will develop FHIR expertise.

We take a phased and measured approach that minimizes impact to existing systems and mitigates risk as you invest in this endeavour.

Our team brings unparalleled experience with enterprise FHIR implementations:

  • We’ve implemented Global 1000s and government projects in 10 countries including US, Canada, Mexico, Costa Rica, UK, Netherlands, Germany, Norway, Australia, New Zealand.
  • Smile is used by two of the ten largest payers in the US—with more to come.
  • Maintainers of HAPI FHIR, which is the most widely deployed FHIR implementation globally with more than 20,000 downloads monthly.
  • We have extensive experience with CARIN Blue Button, and participated in the development of the implementation guide.
  • Members of the FHIR Core team with a role in standards governance.
  • Member of ONC FHIR at Scale Team (FAST) vendor certification program.

Smile has the technology to meet CMS & ONC rules and provide a strategic FHIR platform that can provide significant business value well beyond compliance.

No other FHIR platform in the world has the needed enterprise-ready tooling and features listed here. And no other FHIR platform vendor has Smile’s proven experience and technical foundation to confidently ensure success with large scale implementations.

4. Next Steps

Get in touch to set up a needs assessment and Proof-of-Technology and let us show you how quickly your organization can achieve a compliant, enterprise-grade FHIR implementation.

Get the FHIR Started!


Navigate the road to compliance.

Our roadmap to the future of healthcare data covers each step on the journey ahead. 

Get the Payer Roadmap to Compliance