CMS Patient Access Rule for Health Plans

1upHealth’s FHIR API Platform is the first true implementation of the ONC’s intent for healthcare interoperability.
Cool Vendor Report 2020

Integrated FHIR Platform as a Service

Meet all CMS Mandates

Patient Access APIs
Public Provider Directory API
Payer to Payer Data Exchange

Demonstrated Security

1st place in ONC’s Secure FHIR Server Challenge
HIPAA Compliant
SOC 2 Audited

Go live on time with ease

Solution is already built, in production
No additional integrations needed
Quick 9 week implementation
Fully, managed cloud deployment
Simple pricing (per member per year) without license fees

1up leads FHIR interop

1up is literally setting the standard with HL7
Built the CARIN FHIR App Gallery
Built the Bulk Data Analytics Reference
Founding members of FHIR Business Alliance

You'd be crazy to work with other vendors

Only 1up is in production for all CMS requirements
Only 1up has a patient app network
Only 1up has 1000s of direct FHIR connections to health systems
Only 1up received numerous FHIR awards from the US Government



FHIR Connected health centers



Healthcare companies on 1upHealth APIs



Transactions processed per second



Government awards in healthcare IT


10M +

Lives under contract


1upHealth solution for CMS Patient Access Final Rule through our FHIR platform

1upHealth is well positioned to support health plans in meeting the CMS Patient Access requirements for the July 2021 deadline. We have direct experience through our work with health plans and the Da Vinci Project, as well as our work with hundreds of health systems in meeting Meaningful Use 3 (MU3) requirements. We’ve now connected to over 10,000 hospital and allowing patients to authorize access to their EHR medical records with 3rd party applications. And our integrated FHIR platform and solutions have won numerous industry recognition and awards.

1upHealth Architecture CMS patient access diagram for payer

Health plans have flexibility and options with our modular platform and services – health plans can utilize one aspect, a la carte, or the full end-to-end use case, including:

  1. Data transformation > FHIR
  2. Scalable Cloud FHIR Server
  3. 3rd Party Access Management
  4. Developer & Member Support
  5. 1upHealth Platform Capabilities

1. Data transformation >FHIR

Jump to the top

1up has pre-built FHIR data adapters including those based on the CARIN Alliance Payer FHIR Profile which offers consensus-based mappings of claims data to FHIR. We can help you transform your existing clinical and claims information (X12 EDI, proprietary formats, etc.) to FHIR Release 4.0.1 (R4), including support for the required discrete data elements (called FHIR resources) such as ExplanationOfBenefit (claims), Coverage, Patient (demographic information), Encounters, etc.

2. FHIR Server

Jump to the top

Once your data has been normalized to FHIR, we store it on our HIPAA and SOC 2-compliant FHIR server. This enables interactions with your data on a fully managed, cloud hosted, instantly scaleable FHIR server. All clinical and claims data types (resources) are supported for FHIR R4 to meet the CMS mandate.

As we surveyed available options for FHIR servers we did not find them to be performant for over 100,000 patients. This, coupled with the fact that we don’t believe the future will be deploying FHIR servers on machines on premises, led us to create our own cloud-based FHIR Server. More information on our FHIR server is available here.

3. 3rd Party Access Management

Jump to the top

Manage user permissions Manage 3rd party application permissions to enable your members to share and access their data. Our developer-facing console manages API keys, OAuth tokens, application client id & secrets. This keeps data secure, and limits access to only explicitly approved applications. Patients can authorize applications and consent to share their claims data with 3rd party apps. 1up manages the API access, refresh tokens, and OAuth2 interfaces. We can also handle the 3rd party application attestation (an option allowed and recommended by CMS).

Member Consent Management
Allow your members to easily access and share their data with 3rd party applications. We can support the member-facing consent management processes required by the CMS mandate including consent declaration and tracking. Health plan option to have 1up co-develop a white-labeled application with your own branding and existing authentication processes for your members to authorize data sharing with approved 3rd party applications.

4. Developer + Member Support

Jump to the top

Provide 3rd party developers and members with quality documentation and support. We can help you develop clear, concise, developer-friendly API documentation as well as member-facing documentation on privacy and complaints in line with the CMS requirements. Additionally, we can offer 24/7 support including standard ticketing processes, issue resolution, etc.

5. 1upHealth Platform Capabilities

Jump to the top

Health plans also get access to our broader set of FHIR Platform capabilities beyond the CMS mandate requirements including:

Why 1upHealth

1upHealth is well positioned to support health plans in meeting the CMS requirements for the July 2021 deadline.

Direct Payer Experience

We have direct experience through our work with as one of the first approved Blue Button 2.0 apps, with health plans supporting millions of health plan members and the Da Vinci Project through workgroups and connectathons.

Extensive Clinical Data Network

We've worked with 100s of health systems across the US in meeting Meaningful Use 3 (MU3) requirements. We’ve now connected to 10,000+ hospital and health centers, allowing patients to authorize access to their EHR medical records with 3rd party applications.

We are FHIR Experts

Our team is comprised of leading FHIR experts who have presented alongside CMS and ONC leaders like Don Rucker, had led HL7 standard balloting, and participate in numerous FHIR connectathons

Proven Platform for Regulation

Because our award-winning FHIR solution is already in production, we can ensure timely deployment and meeting the requirements of the new rules.