The Provider Access API enables authorized healthcare providers to securely access their patients’ health data with the payer in compliance with the CMS Interoperability and Prior Authorization final rule. Provider Access API is designed to support streamlined, standards-based data exchange between payers and providers, improving care coordination, reducing administrative burden, and enhancing the quality of patient care. By leveraging the HL7® FHIR® standard, the Provider Access API allows payers to share relevant patient data—including claims, encounters, clinical data, and prior authorization information—with providers who have a current treatment relationship with the patient. This ensures that providers have a more comprehensive view of the patient’s health history, improving care quality, efficiency, and outcomes.

This document lays out functional overview, uses cases, authorization mechanisms, interaction patterns and FHIR resource profiles associated with the Provider Access API. It is intended for developers, compliance teams and integration partners seeking to implement FHIR-based data exchange within the payer-provider ecosystem.

Introduction to Provider Access API

The CMS Interoperability and Prior Authorization final rule requires CMS-regulated payers to establish and maintain a secure, standards-based Provider Access API using HL7^® FHIR^®   standards. Opala’s Provider Access API enables payers share data with in network providers for members based on treatment relationship where member has not opted out of data sharing. The Opala Provider Access API is built using SMART App Launch Framework for backend client authorization . The API follows HL7 FHIR Release 4 specification , Provider Access API – Da Vinci Payer Data Exchange  , CARIN for Blue Button® and for FHIR data capabilities. The Backend Services profile under the SMART App Launch Framework specification enables backend clients to securely connect and access resources from FHIR API where the clients have been pre-authorized with defined scope of access. The SMART on FHIR OAuth requirements is met by providing the FHIR Capability Statement and a Well-Known Uniform Resource Identifier JSON file. The Capability Statement is a key part of the overall conformance framework in FHIR. The Capability Statement documents a set of behaviors of a FHIR Server that may be used to identify actual server functionality or implementation. It also provides a set of launch capabilities for SMART on FHIR apps. The Well-Known Uniform Resource Identifier displays the SMART authorization endpoints that an application would use to authorize and access Opala’s FHIR resources.

• The URL for the metadata endpoint (used for retrieving Opala’s Capability Statement) is: https://opala.tech/provider-access/premera/v1/fhir-r4/metadata.
• The Well-Known Uniform Resource Identifier can be accessed using this URL: https://opala.tech/provider-access/premera/v1/fhir-r4/.well-known/smart-configuration.
• To learn more about FHIR APIs, see the topics in SMART on FHIR section in this documentation set.
• To request data from Opala’s Provider Access API, use this base URL: https://opala.tech/provider-access/premera/v1/fhir-r4
• For more information about Opala, including registering your app, see Opala’s Developers page on opala.com.

Registering with Opala

Access to Opala’s Provider Access API requires provider app registration to be submitted and approved by Opala. For more information, see the registering your application topic in the Getting Started section of this documentation.

Additional Resources

• SMART App Launch Framework
• HL7 FHIR Release 4 specification
• CARIN for Blue Button® Implementation Guide