About the DPC Pilot

The Centers for Medicare & Medicaid Services (CMS) Data at the Point of Care (DPC) API is currently in a pilot phase in which a limited number of customers can access Medicare Fee-For-Service claims data through the API once their solution has been approved for production. This pilot program promotes the industry-standard HL7 Fast Healthcare Interoperability Resources (FHIR), specifically the Bulk FHIR specification.
Since the pilot is a learning experience for both CMS and customers, participants in the pilot program may encounter breaking changes to code, iterations to regulations, and will be asked to participate in research sessions with CMS as the program continues to grow and evolve.
Healthcare Organizations:
Connect with your Health IT team
Health IT Implementers:
If interested in implementing DPC on behalf of healthcare organizations, please begin by following the steps below.

Test the API

  1. Request access to the DPC Sandbox Environment through Sandbox Sign Up / Login.
  2. Upload synthetic data from DPC’s public GitHub repository. More details included in this README file.
  3. Develop and test a solution in the sandbox environment using synthetic data.
Reference the following guides to get started:
  1. DPC Documentation
  2. HL7 FHIR Standards
  3. BB2.0 Implementation Guide

Apply for Production Credentials

After developing and testing a DPC solution in the sandbox environment, complete the steps below.

1. Request to Join the Production Pilot Queue

When you're ready to request production access, please email the DPC Team. You will receive a follow-up email from the DPC Team when it is your turn to onboard.

Please do not fill out the application unless your organization has tested your solution in sandbox and is able to share security documentation with CMS.

2. Schedule a Demonstration with the DPC Team

After you request production access, you will receive an email about scheduling a demonstration of your DPC solution with the DPC Team.

Please be prepared to answer the following questions:
  • Walk us through the end-to-end workflow.
    • How do you attribute patients to practitioners?
    • How will practitioners see the data in your system?
  • How frequently will your organization make requests to the API? How quickly will you need the data returned?
  • What is your retry logic for requests that fail?
  • What will you do if you do not receive data back for some of the requested patients? For example, data for patients outside of the 18-month lookback period for a given provider will not be returned during early phases of the pilot.
  • How will the data be used? For example, are you using the data for aggregate population reporting, or for insights into the needs of an individual patient? Or both?
  • Where does the application live?
  • Would there be a separate instance if you bring on another practice during the pilot?
  • During onboarding, we'll be providing keys directly to the practitioner organization to grant access to production via secure email - we will not be using the same web portal as our sandbox environment. Please consider how to best communicate with the practitioner to securely transfer secrets if necessary.
  • Are you ready for breaking changes during the pilot program?
  • As we introduce new features into the pilot program, how will you incorporate those changes into your solution?
  • How did you test your DPC solution? What documentation did you use the most?
  • How much time do you anticipate needing for testing and QA between obtaining production access and putting data in front of your providers?

3. Provide Security Certification

Prior to onboarding to the production environment, you must provide one of the accepted security certifications below:

  • Office of the National Coordinator for Health Information Technology (ONC) Health IT Certification
  • Active Health Information Trust Alliance (HITRUST) CSF Validated Assessment
    • Active HITRUST self-validation assessment (valid for one year from date of first implementation if currently pursuing the HITRUST validated assessment)
  • Electronic Healthcare Network Accreditation Commission (EHNAC) Accreditation
    • Accountable Care Organization Accreditation Program (ACOAP)
    • Data Registry Accreditation Program (DRAP)
    • DirectTrust Privacy & Security (DT P&S)
    • EHNAC Privacy & Security (EHNAC P&S)
    • Financial Services Accreditation Program for Electronic Health Networks (FSAP-EHN)
    • Financial Services Accreditation Program for Lockbox Services (FSAP-Lockbox)
    • Health Information Exchange Accreditation Program (HIEAP)
    • Healthcare Network Accreditation Program for Medical Billers (HNAP-Medical Biller)
    • Healthcare Network Accreditation Program- Third party administrator (HNAP-TPA)
    • Management Service Organization Accreditation Program (MSOAP)
    • Outsourced Services Accreditation Program (OSAP)
    • Practice Management System Accreditation Program (PMSAP)
    • Trusted Dynamic Registration & Authentication (TDRAAP) Comprehensive
    • Trusted Network Accreditation Program - Participant/Participant Member (TNAP - Participant/Member)
    • Trusted Network Accreditation Program (TNAP - QHIN)
  • System and Organization Controls (SOC) 2 certified
    • Type 1 certified (valid for one year from date of first implementation if currently pursuing type 2)
    • Type 2 certified
  • International Organization for Standardization (ISO): 27001, 27017, or 27018 certified

Onboard with DPC

The onboarding session will test your DPC solution with production Medicare Fee-For-Service claims data.
  1. After your successful DPC solution demonstration in the sandbox environment with the DPC Team, you will receive an email with information about the onboarding session. In the same email, you will also receive further instructions on production requirements prior to the onboarding date.
  2. After completing production requirements, you will receive production credentials for the healthcare organization for which you are implementing the DPC solution.
  3. During the live onboarding session with the DPC Team, you will receive real-time support from DPC engineers as you demonstrate the following:
    1. Submit a request for data.
    2. Receive requested data from DPC.

Share Your Feedback

  1. The DPC Team is always seeking feedback! Pilot partners will be requested to participate in research sessions where Health IT implementers and healthcare organizations will be asked, together or separately, to share their experiences, challenges, and recommendations regarding the design of the DPC API and its features.
  2. Join the DPC Google Group community to ask questions, share your thoughts, and hear about updates and upcoming events related to DPC.