Healthcare Interoperability Platform

The fabric beneath every
compliant FHIR exchange.

FHIRFabric is the production-grade interoperability platform that turns CMS rules, prior authorization mandates, and clinical data exchange into a calm, observable, governable operating layer — for payers and providers alike.

Request a Briefing See Production Evidence
// Production Footprint
FHIR API calls / month, sustained71M
Lives on largest live deployment3.1M
Bulk exchange ingest success rate99.6%
Patient duplicate rate post-EMPI0.4%
Missed CMS enforcement deadlines0
P1 incident MTTR56m
Implementation Guides & Mandates Supported
CMS-9115-F
CARIN Blue Button 2.0
Da Vinci PDex
US Core 6.1.0
SMART App Launch 2.0
Da Vinci PAS
CRD & DTR
CMS-0057-F
USCDI v3
Bulk FHIR / Flat FHIR
TEFCA
QHIN Exchange
CMS-9115-F
CARIN Blue Button 2.0
Da Vinci PDex
US Core 6.1.0
SMART App Launch 2.0
Da Vinci PAS
CRD & DTR
CMS-0057-F
USCDI v3
Bulk FHIR / Flat FHIR
TEFCA
QHIN Exchange
Built for both sides of the exchange

One fabric. Two operating realities,
served natively.

Payers and providers live on opposite ends of the same data flows — different mandates, different stakes, different risk surfaces. FHIRFabric speaks both languages without forcing either side into the other's workflow.

For Payers

Compliance that runs itself,
not a perpetual fire drill.

Patient Access, Provider Directory, Provider Access, Payer-to-Payer, and Prior Authorization APIs — operated as a single observable platform with the governance auditors expect to see.

  • Patient Access & Provider Directory APIs — CARIN Blue Button 2.0 and US Core 6.1.0 endpoints with version-pinning so onboarded apps don't break on IG upgrades.
  • Prior Authorization API — Da Vinci PAS, CRD, and DTR with the orchestration to reach CMS-0057-F compliance ahead of January 2027.
  • Payer-to-Payer exchange — Bulk FHIR over mutually authenticated TLS with consent verification and resource-level provenance.
  • Member identity resolution — Enterprise Master Person Index with deterministic and probabilistic matching, plus historical identifier crosswalks for transitioning lives.
  • Third-party app governance — Attestation-gated SMART on FHIR onboarding with behavioral telemetry to catch misuse before regulators do.
Explore payer capabilities
For Providers

The data layer your EHR was never built to be.

USCDI v3 compliance, payer Prior Auth interoperability, patient access endpoints, and bulk clinical data exchange — wired into your EHR without forcing a clinical workflow rebuild.

  • USCDI v3 & US Core compliance — Profile-conformant Patient, Encounter, Condition, Observation, and Medication resources sourced directly from your clinical systems.
  • CRD & DTR integration — CDS Hooks 2.0 cards delivered to the ordering clinician at the moment of care, with documentation templates that auto-populate from the chart.
  • Bulk clinical exchange — Flat FHIR exports for payer Provider Access requests, ACO reporting, and quality measure submissions.
  • Patient identity reconciliation — EMPI across EHR, registration, billing, and ancillary systems so the longitudinal record is finally one record.
  • SMART on FHIR app launch — App Launch 2.0 with the IAM, consent, and governance that lets clinicians safely use third-party tools at the point of care.
Explore provider capabilities
71M
FHIR API calls
per month
99.6%
Bulk exchange
ingest success rate
387K
Duplicate member
records resolved
56 min
P1 incident
MTTR
CMS Compliance Rules & APIs

Every mandate. Every API.
Operationalized.

FHIRFabric ships native support for every CMS interoperability rule in force or on the horizon — with the IG versions, governance, and observability that turn a "compliance project" into a steady-state operating capability.

CMS-9115-F
Enforced July 1, 2021
Status: In Production
Interoperability & Patient Access Final Rule

The foundational CMS interoperability mandate. Requires impacted payers to expose claims, encounter, clinical, formulary, and provider directory data through standards-based FHIR APIs to members and the public.

Patient Access APIFHIR R4
CARIN BB 2.0.0 · US Core 6.1.0 · SMART App Launch 2.0 · USCDI v3
Provider Directory APIFHIR R4
Da Vinci PDex Plan Net · Public unauthenticated · Refreshed daily
Formulary & Drug PricingFHIR R4
Da Vinci US Drug Formulary · RxNorm-bound · Per-plan tier mapping
Payer-to-Payer ExchangeBULK
Da Vinci PDex · Bulk FHIR · Member-authorized · 5-year history
CMS-0057-F
Compliance Jan 1, 2027
Status: Implementation Ready
Interoperability & Prior Authorization Final Rule

Finalized January 17, 2024. Expands CMS-9115-F with a Prior Authorization API and stricter Patient Access response requirements — applying to Medicare Advantage, state Medicaid and CHIP FFS, and QHP issuers.

Prior Authorization APIFHIR R4
Da Vinci PAS 2.0.1 · X12 278 wrapping · Status & decision endpoints
Coverage Requirements DiscoveryCRD
Da Vinci CRD 2.0.1 · CDS Hooks 2.0 · EHR-embedded at point of order
Documentation Templates & RulesDTR
Da Vinci DTR 2.0.0 · SMART App + FHIR Questionnaire · Auto-populates from chart
Provider Access APIFHIR R4
Da Vinci PDex · In-network provider access to member data · Consent-gated
ONC / 21st Century Cures
USCDI v3 in effect
Status: In Production
Information Blocking & USCDI v3

ONC Cures Act Final Rule prohibits information blocking and establishes USCDI as the minimum data set for certified health IT. FHIRFabric exposes USCDI v3 data classes through US Core 6.1.0 profiles with full audit trails to demonstrate non-blocking.

USCDI v3 Data AccessFHIR R4
US Core 6.1.0 · All v3 classes · SDOH · Gender Identity · Sexual Orientation
EHI ExportBULK
EHI Export · Single-patient electronic health info export
Information Blocking AuditAUDIT
FHIR AuditEvent · Every denial logged · Exception attestation
SMART App LaunchOAUTH
SMART App Launch 2.0.0 · PKCE · Granular Scopes · Refresh tokens
TEFCA
QHIN Exchange Live
Status: In Production
Trusted Exchange Framework & Common Agreement

The national trust framework for nationwide health information exchange. FHIRFabric brokers TEFCA Exchange Purposes through QHIN connectivity with full provenance, consent, and treatment-purpose attestation.

QHIN FHIR ExchangeFHIR R4
TEFCA FHIR IG · Treatment · Payment · Healthcare Ops · Public Health
Individual Access ServiceIAS
TEFCA IAS · Identity-proofed individual access via QHIN intermediaries

Want the full CMS readiness matrix?

Capability-by-capability mapping of every rule to FHIRFabric components, IG versions, validator coverage, and our production attestation evidence. Available on request.

Request the matrix
The Platform

Eight operating capabilities,
woven together.

Not a FHIR server with marketing around it. The operating substrate — identity resolution, source integration, governance, observability, regulatory change management — that determines whether your interoperability program survives the next audit.

01 / Identity
Enterprise Identity Resolution
Deterministic + probabilistic EMPI with historical crosswalks. Duplicate rate below 0.4% required before Patient Access goes live.
02 / Ingest
Source Integration & Normalization
Claims, eligibility, EHR ADT, PBM, ancillary, directory — normalized through JSON Schema contracts and dbt transformations.
03 / FHIR
FHIR R4 API Layer
US Core 6.1.0 native. CARIN BB, Da Vinci PDex, PAS, CRD, DTR. SMART App Launch 2.0. Version-pinned so upgrades don't break onboarded apps.
04 / Auth
Authorization & App Governance
Attestation-gated SMART on FHIR onboarding. Behavioral telemetry, per-app scope enforcement, and Privacy Officer SLA workflows.
05 / Bulk
Bulk & Payer-to-Payer Exchange
FHIR Bulk Data ($export/$import), Flat FHIR, mutually authenticated TLS, consent verification, and resource-level provenance tracking.
06 / Obs
Observability & SRE
Synthetic monitors that mirror real third-party app behavior. 14 compliance KPIs. 56-minute P1 MTTR. CMS audit reporting automated.
07 / Gov
Data Governance & Quality
95% IG conformance required before FHIR UAT. Data quality as a P0 gating workstream. Survivorship rules across 2.4M+ member plans.
08 / Reg
Regulatory Change Management
Dedicated Regulatory Affairs from contract signing. Federal Register notices, sub-regulatory guidance, and IG version updates tracked as steady-state operations.
By the Numbers

Operational metrics that
auditors ask about.

FedRAMP
Moderate ATO maintained with continuous monitoring artifacts available under NDA
47s / 19m
Measured RPO / RTO from the most recent quarterly DR exercise
56min
P1 incident MTTR, beating the 60-minute SLA target on a real production outage
1.2%
Residual data-quality exception rate at CMS-9115-F go-live, disclosed proactively
Why FHIRFabric

Five things our clients say
changed everything.

Not capability claims — lessons earned across seven prior interoperability implementations on both the payer and provider side, now baked into how every engagement starts.

01 — Critical Path
Source data quality before FHIR APIs, always.

One early implementation discovered 41% of resources failing IG validation at UAT — caused by upstream gaps. Now data quality is a P0 gating workstream from week one. 95% IG conformance required before FHIR UAT begins.

02 — Onboarding
Third-party governance live before the first sandbox endpoint.

One client launched APIs without the attestation workflow operational — a 14-week review backlog and a regulatory inquiry followed. We won't expose a sandbox until the Privacy Officer SLA, attestation pack, and credential workflow are documented and running.

03 — Monitoring
Synthetic monitors that mirror real third-party behavior.

Idealized API calls don't catch retry storms, large-bundle pagination failures, or refresh-token defects. Every onboarded app contributes a call pattern that our monitors replay in production-shadow mode — without exposing real patient data.

04 — Identity First
EMPI completion is a prerequisite to FHIR exposure.

When patients see fragmented records, the support center absorbs the cost. We require duplicate rate below 1% on the active population before Patient Access goes live. Non-negotiable.

05 — Regulatory Cadence
Regulatory change is continuous. Staff for it.

Federal Register notices, CMS sub-regulatory guidance, IG version updates, state overlays — the cadence never stops. Dedicated Regulatory Affairs from contract signing, treating readiness as steady-state operations, not a project.

Architecture

Six layers,
one observable system.

FHIRFabric's architecture is built bottom-up from source systems through to API delivery — with observability, governance, and regulatory change management woven across every layer.

  • Source systems: Claims, Eligibility, EHR, ADT, PBM, Ancillary, Directory
  • Ingest: AWS DMS · Kafka · dbt · JSON Schema contracts
  • EMPI: Deterministic + probabilistic matching · Stewardship queue
  • FHIR R4 API layer: US Core 6.1.0 · Da Vinci suite · SMART 2.0
  • Consumer layer: Patient, Provider, Payer, and Public APIs
  • Cross-cutting: 14 KPIs · Compliance Attestation Packs · FedRAMP ATO
Full Platform Overview
06 / CONSUMER APIS Patient · Provider · Payer-to-Payer · Public · Prior Auth 05 / FHIR R4 API LAYER US Core 6.1.0 · Da Vinci PDex/PAS/CRD/DTR · SMART App Launch 2.0 04 / AUTH · GOVERNANCE · APP MANAGEMENT Attestation-gated SMART · Behavioral telemetry · Privacy Officer SLA 03 / EMPI · GOLDEN RECORDS · LINEAGE Deterministic + probabilistic matching · Stewardship queue · <0.4% dup rate 02 / INGEST · NORMALIZATION · SURVIVORSHIP AWS DMS · Kafka · dbt · JSON Schema contracts · Quality gates 01 / SOURCE SYSTEMS Claims · Eligibility · EHR · ADT · PBM · Ancillary · Directory ⊕ OBSERVABILITY · GOVERNANCE · REGULATORY CHANGE Cuts across every layer · 14 KPIs · Compliance Attestation Packs · FedRAMP ATO
Talk to us

Talk to the people who would
actually run it.

A 30-minute briefing with the implementation team, not a sales rep. Bring your worst data-quality problem, your most-feared audit question, or your shakiest vendor.

Request a Briefing Explore the Platform
support@fhirfabric.com · +1 (312) 985-6684