What CMS-0057-F requires of a Provider Directory API
Impacted payers (MA organizations, Medicaid, CHIP, QHPs on FFEs) must implement and maintain a Provider Directory API conformant with the HL7 FHIR DaVinci PDex Plan-Net implementation guide, R4. Public access, no authentication required for read, with documented endpoints.
The seven resources
- Practitioner — the individual provider's identity and credentials.
- PractitionerRole — the link from a Practitioner to an Organization, Location, specialty, and network.
- Organization — the group practice, hospital system, or plan.
- Location — physical address, hours, geographic position.
- HealthcareService — what services the organization or practitioner provides.
- InsurancePlan — the plan's product itself, with associated networks.
- Endpoint — the technical contact for electronic exchange (used for Endpoint references in Organization).
Endpoints regulators actually probe
- /.well-known/smart-configuration — the SMART Backend Services discovery document. If this 404s, expect a finding.
- /metadata — the CapabilityStatement. It must enumerate every supported resource and search parameter.
- /Practitioner?name=… — the textbook search; SearchParameter conformance is the easiest place to fail.
- /Practitioner/$export — Bulk Data Export. NDJSON streaming, async polling, signed URLs with TTLs.
Test it before they do
Run ONC Inferno's PDex Plan-Net suite against the deployed endpoint, not a staging environment that drifts. We do this on every release and ship the report to the customer.