Every InsureLytix tenant ships with the same compliance posture. There is no "premium" tier for being CMS-conformant — there is no other tier.
The FHIR Plan-Net API CMS requires, with bulk export and secure machine access. Live in production today.
Coverage scored by county and specialty, weighted by real care patterns and the 65-plus population. Exports the HSD table you file in CMS's HPMS system.
Keyboard navigation, screen-reader support, semantic structure, and contrast checked across the whole member experience. VPAT available.
Every request logged with a trace ID, every plan's data isolated, encrypted in transit and at rest, with time-limited signed downloads.
All seven Plan-Net resources implemented to the spec — not FHIR-flavored REST, actual FHIR.
We map your member site against the current CMS website and directory requirements — scored, cited, and prioritized — and run the layer that keeps it compliant. A readiness assessment, not a certification: you stay the responsible party; we make compliance the default.
Each line below is marked by who owns it: green where we run it end to end, blue where the platform enforces the rule using your inputs, and grey where you provide the content and we post and date-stamp it.
Run end-to-end by InsureLytix on your white-labeled directory.
The whole-site requirements — platform-enforced, your content posted and date-stamped.
Directory accuracy goes public, FHIR comes due, and accuracy scores get published. We ship production-tested today — ahead of every date below.
Submit directory data to CMS, update within 30 days of any change, and attest annually that it's accurate.
42 CFR §422.111(m)
Verify every provider's directory record at least once every 90 days — required since Jan 2026 (REAL Health Providers Act).
CMS-4208-F2
Your provider directory goes public on Medicare Plan Finder — accuracy becomes a competitive signal.
CMS-4208-F2
Provider Access, Payer-to-Payer, and Prior Authorization APIs come due (the public FHIR Provider Directory API is already required).
CMS-0057-F
MA organizations must prominently display their provider-directory accuracy score; CMS publishes it too.
CMS-4208-F2
Strip out the citations and CMS wants four things from a Medicare Advantage plan: a directory that's accurate and stays accurate; that directory published as a machine-readable API; proof your network is large enough everywhere you sell; and a member website that's accessible to everyone. InsureLytix delivers all four in production today. The detail below maps each one to the rule it satisfies.
CMS-0057-F
Impacted payers — MA, Medicaid managed care, CHIP, QHPs on FFEs — must publish a DaVinci PDex Plan-Net (R4) Provider Directory API. We implement the seven required resources, $export, SMART Backend Services, and a CapabilityStatement that mirrors what's actually deployed.
42 CFR §422.116
Time-and-distance and minimum-provider-count by specialty and county type. Our gap engine produces the HSD table HPMS expects — from the same dataset that powers the executive dashboard. No drift between operations and compliance.
Section 508 / ADA
WCAG 2.1 AA compliance across the full member experience. ARIA landmarks, keyboard navigation, focus management, contrast checked. VPAT 2.5 available on request. The accessibility posture is part of the product, not a remediation phase.
HIPAA §164.312
We treat the directory as ePHI-adjacent. Per-tenant isolation enforced at the middleware layer; per-request audit log with HIPAA §164.312(b) request-ID propagation; TLS in transit; encryption at rest; signed URL egress with TTLs.
FHIR R4
We don't build FHIR-flavored REST. We build FHIR. The seven Plan-Net resources are conformant; SearchParameter declarations match the IG; the CapabilityStatement is generated from the live deployment.
Yes. The same county × specialty × disease coverage scoring that drives the executive dashboard exports as the HSD table CMS expects in HPMS. The numbers don't drift between the dashboard the CFO sees and the file the regulator sees.
Ready when you are
We share the VPAT, our control overview, and the data-handling architecture under NDA. One email gets it started.