FHIR Chat · Compliance Question · Da+Vinci+PDex+Plan-Net

Stream: Da+Vinci+PDex+Plan-Net

Topic: Compliance Question

view this post on Zulip Saul Kravitz (Jan 21 2021 at 17:06):

I received the following question regarding compliance:
We are currently working towards building provider directory for Interoperability and trying to determine For CMS compliance which are the resources we need to work on. Will practitioner, Organization and Location be enough?

view this post on Zulip Saul Kravitz (Jan 21 2021 at 19:26):

As far as I know CMS has not published compliance requirements. The details in the interoperability rule call for a small number of fields, as well as the ability to provide a report on the mix of pharmacies by type. The implementation guide requires support for all profiles, and their associated search parameters, specified includes/rev_includes, and chaining and so forth. See http://hl7.org/fhir/us/davinci-pdex-plan-net/STU1/CapabilityStatement-plan-net.html

Beyond just 'checking the box', the purpose of the IG is to make the information in a payer's directory searchable by members through 3rd party applications. The full collection of profiles is necessary to achieve searchability.

view this post on Zulip Josh Lamb (Jan 23 2021 at 19:34):

You need practitioner role and organizational affiliation as well. This will allow you to represent network and specialty/role.

view this post on Zulip Josh Lamb (Jan 23 2021 at 19:34):

At a minimum, based upon my understanding.

view this post on Zulip Nirmal Fernando (Jun 19 2021 at 08:51):

CMS says - "The Provider Directory API must be publicly available and exclude the security protocols related to user authentication and authorization and any other protocols that restrict the availability of this information to particular persons or organizations" - how do you expose these APIs? Do you keep it fully open without any security measurements?

view this post on Zulip Josh Mandel (Jun 19 2021 at 14:52):

Public access (just like the FHIR reference servers)

view this post on Zulip Nirmal Fernando (Jun 19 2021 at 16:29):

Thanks @Josh Mandel

view this post on Zulip Corey Spears (Jul 14 2021 at 20:42):

That is right, though I can't imagine you would run afoul if you implemented measures to avoid Dos/DDoS or bad actors. Just no auth, no need to sign up for access or to get the endpoint address and the documentation posted publicly and openly.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -