Payerbox Docs

What is Payerbox

Payerbox is the CMS-0057-F and CMS-9115-F compliance layer for a US health plan. It sits between the payer's internal systems (claims, clinical data, eligibility, UM, auth) and the external consumers regulated under both rules — plan members through third-party apps, in-network providers, peer payers receiving a member's history.

Payerbox sits between payer internal systems (claims, clinical, eligibility, auth, UM) and Patient Access (members) plus Provider Access (providers) as the central CMS-0057-F layer. Built on PostgreSQL, with downstream use cases: risk adjustment, BI, AI/automation, applications, care management.

Payerbox publishes the four FHIR APIs the rules require, hosts the FHIR App Portal, runs the Da Vinci ePA stack, and stores the FHIR data its operations produce or expose.

What it provides

CapabilityAPI surfaceAnchored in
Members access their data through a third-party appPatient Access APICMS-9115-F (extended by CMS-0057-F)
In-network providers pull attributed-member dataProvider Access APICMS-0057-F
New payer pulls history from a member's prior payerPayer-to-Payer APICMS-0057-F (replaces 9115's suspended P2P)
Public read of the network directoryProvider Directory APICMS-9115-F
Discover coverage requirements at point of orderCRD (CDS Hooks)CMS-0057-F (Da Vinci CRD recommended)
Collect required documentation for a PADTRCMS-0057-F (Da Vinci DTR recommended)
Submit a prior authorization and receive the responsePASCMS-0057-F (Da Vinci PAS recommended)
Annual Patient Access usage report to CMS, public PA metrics on payer's siteReportingCMS-0057-F

What's built on top

The same FHIR data Payerbox publishes externally is available to the payer's own downstream uses through PostgreSQL or the same FHIR APIs:

  • Risk Adjustment and Stars analytics
  • AI / automation pipelines
  • BI and reporting (claims analytics, member dashboards)
  • Care management apps
  • Custom internal applications

Compliance dates

Two key deadlines:

  • January 1, 2026 — PA decision timeframes (72h expedited / 7d standard); first public PA metrics report due March 31, 2026.
  • January 1, 2027 — Provider Access, Payer-to-Payer, and Prior Authorization APIs go live; Patient Access adds prior-auth data.

Full timeline: Compliance / CMS-0057.

Implementation guides

Payerbox preconfigures the CMS-recommended IGs (FHIR R4, US Core, CARIN Blue Button, SMART App Launch, Bulk Data, Da Vinci PDex / Plan Net / CRD / DTR / PAS, CDS Hooks). Full version matrix: API Reference / Implementation Guides.

What's not included

  • Drug prior authorizations. Excluded from the CMS-0057-F Prior Auth API by regulation. CMS-0062-P (proposed) may bring drug PAs into scope.
  • The UM decision itself. Payerbox accepts PAS submissions and routes them to the payer's existing UM system. The authoritative authorization decision lives in UM.
  • The CRD coverage rules. Payerbox forwards CDS Hook payloads to an external decision service the payer configures.

Where to go next

RoleWhere to start
Platform engineerQuickstart: Run locallyRun Payerbox
Third-party app developerDemo: FHIR App PortalFHIR App Portal / Developer PortalAPI Reference / Authentication
Provider / EHR integratorInterop APIs / Provider Access and Prior Auth (ePA) APIs
Compliance officerCompliance

Last updated: