CMS API Implementation Contract Boosts Data Sharing, Fraud Detection

An API implementation at CMS’ Center for Program Integrity (CPI) aims to boost data sharing for improved Medicare and Medicaid fraud detection.

The Centers for Medicare & Medicaid Services’ (CMS) Center for Program Integrity (CPI) has awarded a five-year, $34.4 million application programming interface (API) implementation contract that is set to boost data sharing for fraud detection.

The contract with health IT vendor CGI for its product API Gateway will create a streamlined, data sharing solution to advance CPI’s mission of exposing and combating fraud, waste, and abuse in the Medicare and Medicaid programs.

The health IT implementation will enable system users, such as law enforcement officials and the Office of the Inspector General (OIG), to access and analyze real-time data to expose Medicare and Medicaid fraud, waste, and abuse.

Access to such information is set to improve CMS CPI officials’ ability to proactively reduce waste and address fraud and abuse, which could potentially save CMS and taxpayers millions of dollars in unnecessary resources, CGI officials noted.

This is a major shift from the agencies previous “pay and chase” model, where Medicare and Medicaid would routinely pay every bill and investigate cases only when it’s obvious that something is awry, CGI officials said.

“Implementing the API Gateway will enable real-time data sharing between Medicare and state Medicaid, while reducing redundant screening checks and operational costs,” Steve Sousa, senior vice president of consulting services for CGI Federal, said in a public statement.

“We are pleased to provide this solution and continue our long-standing partnership with CMS,” Sousa continued. “CGI is proud to contribute to the HHS/CMS team for API Life Cycle Management.”

CMS also recently awarded two other contracts to CGI: a $33 million Medicare Appeals System (MAS) support contract and a $100 million CMS Provider Enrollment, Chain, and Ownership System (PECOS) 2.0 redesign and modernization task order.

APIs are widely leveraged across business sectors. When someone checks the weather on her phone, uses a website to search for a flight, or sends a direct message, she is using an API. Put simply, an API sends information back and forth between a user and a website or app.

While healthcare has lagged behind other business sectors in terms of API adoption, new regulations are increasing the use of the health IT. 

Many provider organizations are implementing APIs to comply with the CMS Interoperability and Patient Access final rule.

The rule, which went into effect on July 1, 2021, requires payers and providers to remove the industry siloes that prevent seamless patient data exchange across the care continuum.

To ensure the security of patient health data through APIs, CMS adopted Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) Release 4.0.1 as the foundational data exchange standard.  

“Patients have a right under HIPAA to access their health information,” CMS officials noted in a fact sheet. “We believe they also have a right to know their health information is exchanged in a way that ensures their privacy and security. We are working to balance these important issues in a way that empowers patients to be in charge of their healthcare.”

Next Steps