Are network-adequacy thresholds care-pathway-weighted?

Yes. A diabetic Medicare patient sees a PCP first (family medicine, internal medicine), then potentially endocrinology, podiatry, ophthalmology, nephrology, and cardiology. Our coverage scoring weights specialties by the share of patients who see them — not the legacy 1:1 mapping that says 'no endocrinologists in the county = critical gap' when 50 PCPs manage diabetes daily.

Do you use Medicare-aged population denominators?

Yes. We use CDC PLACES age-adjusted prevalence and Census ACS 65+ population, not all-age BRFSS. That keeps ratios honest — a county doesn't look 3–5× more underserved than it actually is.

Is the FHIR Plan-Net API hosted on the plan's domain?

Yes. Next.js rewrites under each plan's white-label host (e.g. providersearch.{your-plan}.com/fhir/r4). The plan owns its surface area; we own the conformance.

How fast can a new tenant go live?

Roughly one week, once the customer's data is ready. Compliance certification (508/ADA, FHIR conformance, audit logging) runs in parallel — not as a follow-on phase.

Compliance, by design

The standards your regulator now requires — production-tested, not on a roadmap.

Every InsureLytix tenant ships with the same compliance posture. There is no "premium" tier for being CMS-conformant — there is no other tier.

CMS-0057-FLive

Provider-directory API

The FHIR Plan-Net API CMS requires, with bulk export and secure machine access. Live in production today.

42 CFR §422.116Live

Network adequacy

Coverage scored by county and specialty, weighted by real care patterns and the 65-plus population. Exports the HSD table you file in CMS's HPMS system.

Section 508 / ADALive

Accessibility

Keyboard navigation, screen-reader support, semantic structure, and contrast checked across the whole member experience. VPAT available.

HIPAA §164.312Live

Audit & data safeguards

Every request logged with a trace ID, every plan's data isolated, encrypted in transit and at rest, with time-limited signed downloads.

FHIR R4Live

Standards conformance

All seven Plan-Net resources implemented to the spec — not FHIR-flavored REST, actual FHIR.

Compliance, as a service

Not just the directory — the whole website.

We map your member site against the current CMS website and directory requirements — scored, cited, and prioritized — and run the layer that keeps it compliant. A readiness assessment, not a certification: you stay the responsible party; we make compliance the default.

Each line below is marked by who owns it: green where we run it end to end, blue where the platform enforces the rule using your inputs, and grey where you provide the content and we post and date-stamp it.

Provider directory

Run end-to-end by InsureLytix on your white-labeled directory.

Searchable by every CMS model directory element
Printable / PDF provider & pharmacy directory
FHIR R4 Plan-Net Provider Directory API
90-day verification + annual attestation workflow
Medicare Plan Finder data submission (PY2027)
Accuracy-score display ready (PY2029)
Network adequacy / HSD export (§422.116)
Section 508 / WCAG 2.1 AA, EN/ES

Member website

The whole-site requirements — platform-enforced, your content posted and date-stamped.

Required postings: EOC, ANOC, SB, formulary
Auto last-updated stamps + 30-day change rule
Grievance/appeals + Medicare.gov complaint link
Notice of Privacy Practices, TTY, address
Leaving-site notices + required disclaimers
Multi-Language Insert + language access
Appointment-of-Representative + enrollment forms
MA/PDP content separated from other lines of business

We run itPlatform-managedYou supply, we post

Run the 2-minute readiness check Request the full CMS checklist

The compliance clock

The deadlines you're measured against.

Directory accuracy goes public, FHIR comes due, and accuracy scores get published. We ship production-tested today — ahead of every date below.

Now
Submit, update, attest.
Submit directory data to CMS, update within 30 days of any change, and attest annually that it's accurate.
42 CFR §422.111(m)
In effect
90-day verification.
Verify every provider's directory record at least once every 90 days — required since Jan 2026 (REAL Health Providers Act).
CMS-4208-F2
PY2027
Public on Plan Finder.
Your provider directory goes public on Medicare Plan Finder — accuracy becomes a competitive signal.
CMS-4208-F2
Jan 2027
Interoperability APIs.
Provider Access, Payer-to-Payer, and Prior Authorization APIs come due (the public FHIR Provider Directory API is already required).
CMS-0057-F
PY2029
Published accuracy score.
MA organizations must prominently display their provider-directory accuracy score; CMS publishes it too.
CMS-4208-F2

In plain terms

What CMS is actually asking for.

Strip out the citations and CMS wants four things from a Medicare Advantage plan: a directory that's accurate and stays accurate; that directory published as a machine-readable API; proof your network is large enough everywhere you sell; and a member website that's accessible to everyone. InsureLytix delivers all four in production today. The detail below maps each one to the rule it satisfies.

CMS-0057-F

Provider Directory API.

Impacted payers — MA, Medicaid managed care, CHIP, QHPs on FFEs — must publish a DaVinci PDex Plan-Net (R4) Provider Directory API. We implement the seven required resources, $export, SMART Backend Services, and a CapabilityStatement that mirrors what's actually deployed.

Practitioner, PractitionerRole, Organization, Location, HealthcareService, InsurancePlan, Endpoint
Bulk Data Export ($export) with NDJSON streaming, async polling, signed URLs
/.well-known/smart-configuration discovery + JWT bearer auth on protected paths
ONC Inferno PDex Plan-Net suite run on every release against the deployed endpoint

42 CFR §422.116

MA Network Adequacy.

Time-and-distance and minimum-provider-count by specialty and county type. Our gap engine produces the HSD table HPMS expects — from the same dataset that powers the executive dashboard. No drift between operations and compliance.

County × specialty × disease coverage scoring, pre-computed
Care-pathway-weighted thresholds (PCP, specialist, complication-manager)
Medicare-aged population denominators (CDC PLACES + Census ACS 65+)
HSD table export ready for HPMS upload

Section 508 / ADA

Accessibility.

WCAG 2.1 AA compliance across the full member experience. ARIA landmarks, keyboard navigation, focus management, contrast checked. VPAT 2.5 available on request. The accessibility posture is part of the product, not a remediation phase.

Semantic landmarks (header, main, nav, aside, footer) on every member page
Keyboard-only navigation through all search and filter flows
Screen reader-tested with NVDA + VoiceOver
Color contrast 4.5:1 minimum for body text, 3:1 for UI components

HIPAA §164.312

Technical safeguards.

We treat the directory as ePHI-adjacent. Per-tenant isolation enforced at the middleware layer; per-request audit log with HIPAA §164.312(b) request-ID propagation; TLS in transit; encryption at rest; signed URL egress with TTLs.

Workspace-scoped queries on every read and write — cross-tenant isolation enforced server-side
Per-request audit log including request ID, user, action, resource, IP
TLS 1.2+ in transit; AES-256 at rest in MongoDB Atlas + S3
Rate limits and concurrency caps per IP and per workspace; 1-hour TTL on signed URLs

FHIR R4

Standards conformance.

We don't build FHIR-flavored REST. We build FHIR. The seven Plan-Net resources are conformant; SearchParameter declarations match the IG; the CapabilityStatement is generated from the live deployment.

Resources: Practitioner, PractitionerRole, Organization, Location, HealthcareService, InsurancePlan, Endpoint
Search parameters per the IG — name, specialty, address, network, identifier, location
Conformant CapabilityStatement at /metadata
Inferno PDex Plan-Net suite green on every release

FAQ

Frequently asked, plainly answered.

Yes. The same county × specialty × disease coverage scoring that drives the executive dashboard exports as the HSD table CMS expects in HPMS. The numbers don't drift between the dashboard the CFO sees and the file the regulator sees.

Ready when you are

Want the long-form compliance brief?

We share the VPAT, our control overview, and the data-handling architecture under NDA. One email gets it started.

Book a 30-min demoRun the free readiness check