As CMS continues to gather feedback from users on the Data at the Point of Care (DPC) pilot, we will likely add more FAQs to this page. If you have a question that is not listed below, please reach out through the DPC Google Group.

About DPC:

We've paused on taking applications for production data and onboarding existing applicants. This is temporary while we make improvements to our ID verification and onboarding process. We'll refresh our updates page when onboarding and applications resume. We'll also post an announcement in our Google Group. In the meantime, the sandbox environment is still available for testing.

  • Technical documentation is available in the API Documentation.
  • A DPC Google Group has been created to provide answers to questions and to support providers and developers who are implementing Data at the Point of Care.

  • Blue Button 2.0 provides FHIR-formatted data for one individual Medicare beneficiary at a time, to registered applications with beneficiary authorization. See
  • BCDA provides FHIR-formatted bulk data files to Medicare Shared Savings Program Accountable Care Organizations (MSSP ACOs) for all of the beneficiaries assigned to a given ACO. See
  • Data at the Point of Care provides FHIR-formatted bulk data files to fee-for-service providers for their active patients as needed for treatment purposes under HIPAA. With DPC, providers identify their own rosters of patients to track, and no action is required from the beneficiary to authorize sharing of data. Data is shared between covered entities for treatment purposes as defined under HIPAA.

  • Usefulness of the data to evaluate how helpful CMS claims data is for impacting treatment, provider burden, and quality of care for Fee-for-Service (FFS) providers at the point of care
  • Ease of implementation for vendors and providers to evaluate how easy it is to configure and get started with requesting and receiving claims data
  • Practicality and effectiveness of attribution logic that determines which providers can request and receive claims data for which patients and for how long
  • Ease and effectiveness of ways that vendors and providers can collaborate to access the data
  • Measure of the frequency of use and an evaluation of performance in different use cases to determine infrastructure decisions
  • Any other feedback, additions, or changes

  • Data at the Point of Care secures Protected Health Information (PHI) and Personally Identifiable Information (PII) and has multiple layers of protection, such as encryption in transit and at rest, security certification requirements of connecting vendors, auditing and analytics to look for suspicious activity, terms of service restrictions, public and private security keys, and IP address restriction.
  • Data at the Point of Care is built based on privacy requirements defined by HIPAA.

There is no cost for the data.

About Sandbox:

  • Fee-for-Service (FFS) providers who treat Medicare patients
  • Providers who already receive claims from other payers and who have successfully integrated the information into existing clinical workflows
  • Providers who have experience using Blue Button 2.0 or the Beneficiary Claims Data API project
  • Providers who already use or test with FHIR, especially Bulk FHIR

  • Any Fee-for-Service provider or Health IT vendor can request access to synthetic data via our sandbox