Provider Directory API

The Provider Directory API allows payers to meet the CMS requirements for a public-facing directory of providers in the payer’s network. For more information on the Provider Directory API requirements, see the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F).

Contents

Directory Endpoint
Included Resources
Configuring Access

Directory Endpoint

The Provider Directory API has its own endpoint, separate from the Orchestrate Server’s main FHIR endpoints. For example:

https://yourorchestrateserver.careevolution.com/api/fhir/provider-directory/

Clients can access the directory using standard FHIR operations. For example, to search the directory for a practitioner by name:

[base endpoint]/Practitioner?name=Smith&_format=json

Included Resources

The Provider Directory API includes the following provider-related FHIR resources:

Practitioner
Location
Organization
HealthcareService
Endpoint
OrganizationAffiliation
PractitionerRole
InsurancePlan

An Orchestrate server will typically receive these kinds of resources from multiple sources. For example, Practitioner resources may come from the canonical provider directory source (in-network Practitioners), but they may also come through a HL7 clinical data feed (associated with other FHIR resources related to patient care). During the setup process, the Orchestrate team will work with you to identify which source to use for the provider directory. This ensures that the provider directory only includes network providers.

Configuring Access

Typically, the Provider Directory API is set up as a read-only open endpoint, meaning no access token is required.

The CMS requirements allow payers to optionally require registration to access the Provider Directory API. To do so, you will need to set up a registration form to gather the required information (including a public key, via JSON Web Key Set or certificate). When an app developer registers, contact Orchestrate support to configure an OIDC client for their app. They will then use the FHIR standard backend services authorization to obtain an access token.