Skip to main content
InsureLytix
Customers
Free readiness checkBook a demo
InsureLytix

Provider directory, FHIR Plan-Net, and network adequacy analytics for U.S. Medicare Advantage plans. CMS-compliant by default.

InsureLytix Inc. · Dover, Delaware

hello@insurelytix.com

Product

  • Provider search
  • FHIR Plan-Net API
  • Network gap analytics
  • All modules

Solutions

  • New & launching plans
  • Small & regional plans
  • Provider-led going payer
  • D-SNP plans
  • Medicare Advantage
  • All solutions

Resources

  • Compliance hub
  • Compliance readiness check
  • Customer stories
  • Blog
  • Network adequacy guide
  • FHIR Plan-Net checklist

Company

  • About
  • Contact
  • Security
  • Sign in

Legal

  • Privacy
  • Terms
  • Cookies
  • Accessibility
HIPAA-aligned CMS-0057-F FHIR R4 Plan-Net Section 508 / ADA
© 2026 InsureLytix Inc.. All rights reserved.
Back to blog
Compliance·7 min read

CMS-0057-F: a Provider Directory API checklist for plans

The seven FHIR Plan-Net resources, the four endpoints regulators actually probe, and what to test before a CMS reviewer points it out.

Published March 14, 2026 · InsureLytix Editorial

What CMS-0057-F requires of a Provider Directory API

Impacted payers (MA organizations, Medicaid, CHIP, QHPs on FFEs) must implement and maintain a Provider Directory API conformant with the HL7 FHIR DaVinci PDex Plan-Net implementation guide, R4. Public access, no authentication required for read, with documented endpoints.

The seven resources

  • Practitioner — the individual provider's identity and credentials.
  • PractitionerRole — the link from a Practitioner to an Organization, Location, specialty, and network.
  • Organization — the group practice, hospital system, or plan.
  • Location — physical address, hours, geographic position.
  • HealthcareService — what services the organization or practitioner provides.
  • InsurancePlan — the plan's product itself, with associated networks.
  • Endpoint — the technical contact for electronic exchange (used for Endpoint references in Organization).

Endpoints regulators actually probe

  • /.well-known/smart-configuration — the SMART Backend Services discovery document. If this 404s, expect a finding.
  • /metadata — the CapabilityStatement. It must enumerate every supported resource and search parameter.
  • /Practitioner?name=… — the textbook search; SearchParameter conformance is the easiest place to fail.
  • /Practitioner/$export — Bulk Data Export. NDJSON streaming, async polling, signed URLs with TTLs.

Test it before they do

Run ONC Inferno's PDex Plan-Net suite against the deployed endpoint, not a staging environment that drifts. We do this on every release and ship the report to the customer.

Ready when you are

Want to talk to the people who built this?

The blog is short. The conversation is longer. We come prepared with your stack in mind.

Book a 30-min demoRun the free readiness check