Onboarding
As per the CMS Mandate for the Patient Access APIs, upon your submission of your registration and application information, the health plan will conduct a thorough assessment your application’s risk and security protocols. This assessment will be conducted on an annual basis to ensure the application’s security and risk protocols remain aligned with the health plan’s requirements. For your knowledge and preparation purposes, the following components and items will be reviewed during the assessment :-
Consent Management
OAuth 2.0 and OIDC protocols
Terms and Conditions
Application Architecture
Developer Credentials
PHI Storage Locations
Secondary Data Usage