CMS-0057-F is not one API. It is four FHIR APIs, plus an ePA stack, plus reporting metrics, plus a renewal moment that catches most US health plans by surprise. The deadline is January 1, 2027, for production traffic across all four endpoints. The WEDI February 2026 survey found that only 16 percent of payers expect to be 75 to 100 percent ready by the deadline, and 35 percent are at 25 percent or less complete on the Patient Access API alone. The gap between where plans are and where CMS requires them to be is wide, and the time to close it is short. This guide lays out the four APIs, what each one actually requires, and the practical decisions that drive vendor selection across the payer interoperability hub.
The Four APIs in Plain Terms
The Patient Access API exposes claims, EOBs, clinical data, drug formulary, and now Prior Authorization decisions to members through SMART-on-FHIR-authorized third-party apps. It is the evolution of the CMS-9115-F Patient Access endpoint with additional data scope.
The Provider Directory API exposes the payer's network providers via a no-auth public endpoint conformant to the PDex Plan Net IG. It is a refinement of the existing CMS-9115-F Provider Directory requirement.
The Provider Access API is new under CMS-0057-F. It lets in-network providers retrieve member data without per-request consent, through a FHIR Bulk Data export pattern with payer-maintained attribution.
The Payer-to-Payer Data Exchange API is new under CMS-0057-F. It transfers a five-year member record between payers when a member switches plans, with member opt-in and a one-day response window after the request.
The Prior Authorization API completes the set with the Da Vinci ePA stack covered separately in this site's Prior Auth FHIR coverage.
What Changed from CMS-9115-F
Health plans that signed Patient Access vendor contracts in 2021 under CMS-9115-F are encountering three changes under CMS-0057-F that the original contract did not cover. First, PA decisions now have to flow to the Patient Access API within one business day. Second, the Provider Directory must use PDex Plan Net IG v1.1.0 rather than the older version. Third, three new APIs (Provider Access, Payer-to-Payer, Prior Authorization) sit alongside, often requiring vendor extension or a parallel build. The contract that satisfied CMS-9115-F in 2021 does not, by default, satisfy CMS-0057-F in 2027.
Compliance Reporting That Did Not Exist Before
CMS-0057-F adds two reporting obligations on top of the API requirements. Annual API usage metrics (unique patients transferred, unique patients with repeat transfers) are due each March 31. Public PA reporting metrics (approval rate, denial rate, decision time, appeal rate) are due on the payer's public website. Both reports need the underlying API to capture the right resource-level audit data; vendors that ship the API without the reporting layer leave the work as a permanent engineering line item on the payer.
Architectural Choices That Drive Vendor Selection
Two architectural choices dominate 2026 vendor selection. The first is whether the FHIR data layer is a one-way gateway (data flows out to the APIs, nothing reusable downstream) or a reusable FHIR data store (the same data powers analytics, care management, and AI). The second is whether the vendor maintains FHIR IG conformance over time (US Core releases, Da Vinci updates, X12 changes) or leaves it as the payer engineering team's responsibility.
The choice shapes total cost of ownership more than the headline subscription price does. For a deeper walkthrough, the Top 5 Patient Access API Platforms for CMS-0057-F covers the leading options on the Patient Access side specifically.
The Renewal Decision
The natural decision point for most plans in 2026 is the renewal of the original CMS-9115-F vendor contract. The cmspriorauth.com RFP framework lists eight capability categories to test against the incumbent before signing for another year. The honest assessment is that few of the 2021 vendors clear all eight without significant extension work.
For the Provider Access side specifically, the Best Provider Access API solutions with Bulk Data export covers what production-grade looks like. For the Payer-to-Payer Data Exchange side, the Top 6 Payer-to-Payer Data Exchange tools covers the leading implementations.