Regulations last checked for updates: Feb 07, 2026

Title 45 - Public Welfare last revised: Jan 28, 2026
All TitlesTitle 45Chapter APart 170Subpart B - Subpart B—Standards and Implementation Specifications for Health Information Technology
View all text of Subpart B [§ 170.200 - § 170.299]
§ 170.215 - Application Programming Interface Standards.

The Secretary adopts the following standards and associated implementation specifications as the available standards for application programming interfaces (API):

(a) API base standard. The following are applicable for purposes of standards-based APIs.

(1) Standard. HL7® Fast Healthcare Interoperability Resources (FHIR®) Release 4.0.1 (incorporated by reference, see § 170.299).

(2) [Reserved]

(b) API constraints and profiles. The following are applicable for purposes of constraining and profiling data standards.

(1) United States Core Data Implementation Guides—(i) Implementation specification. HL7® FHIR® US Core Implementation Guide STU 3.1.1 (incorporated by reference in § 170.299). The adoption of this standard expires on January 1, 2026.

(ii) Implementation Specification. HL7® FHIR® US Core Implementation Guide STU 6.1.0 (incorporated by reference, see § 170.299).

(2) [Reserved]

(c) Application access and launch. The following are applicable for purposes of enabling client applications to access and integrate with data systems.

(1) Implementation specification. HL7® SMART Application Launch Framework Implementation Guide Release 1.0.0, including mandatory support for the “SMART Core Capabilities” (incorporated by reference, see § 170.299). The adoption of this standard expires on January 1, 2026.

(2) Implementation specification. HL7® SMART App Launch Implementation Guide Release 2.0.0, including mandatory support for the “Capability Sets” of “Patient Access for Standalone Apps” and “Clinician Access for EHR Launch”; all “Capabilities” as defined in “8.1.2 Capabilities,” excepting the “permission-online” capability; “Token Introspection” as defined in “7 Token Introspection” (incorporated by reference, see § 170.299).

(d) Bulk export and data transfer standards. The following are applicable for purposes of enabling access to large volumes of information on a group of individuals.

(1) Implementation specification. FHIR® Bulk Data Access (Flat FHIR®) (v1.0.0: STU 1), including mandatory support for the “group-export” “OperationDefinition” (incorporated by reference, see § 170.299).

(2) [Reserved]

(e) API authentication, security, and privacy. The following are applicable for purposes of authorizing and authenticating client applications.

(1) Standard. OpenID Connect Core 1.0, incorporating errata set 1 (incorporated by reference, see § 170.299).

(2) [Reserved]

(f) API-based workflow triggers. The following are applicable for purposes of initiating calls to decision support services or initiating interactions that can be presented to users synchronously in their workflows.

(1) Implementation specification. HL7 FHIR® CDS Hooks Implementation Guide, Version 2.0.1—STU 2 Release 2 (incorporated by reference in § 170.299).

(2) [Reserved]

(g) [Reserved]

(h) API-based event notifications. The following are applicable for the purposes of supporting proactive notifications from a server to a client when new information has been added or existing information has been updated.

(1) FHIR Subscriptions: Implementation specification. HL7® FHIR® Subscriptions R5 Backport Implementation Guide, Version 1.1.0—Standard for Trial Use (incorporated by reference in § 170.299).

(2) [Reserved]

(i) [Reserved]

(j) Prior authorization—(1) Coverage requirements discovery—(i) Implementation specification. HL7 FHIR® Da Vinci—Coverage Requirements Discovery (CRD) Implementation Guide, Version 2.0.1—STU 2 (incorporated by reference in § 170.299).

(ii) [Reserved]

(2) Prior authorization documentation—(i) Implementation specification. HL7 FHIR® Da Vinci—Documentation Templates and Rules (DTR) Implementation Guide, Version 2.0.1—STU 2 (incorporated by reference in § 170.299).

(ii) [Reserved]

(3) Prior authorization submission—(i) Implementation specification. HL7 FHIR Da Vinci Prior Authorization Support (PAS) FHIR Implementation Guide, Version 2.0.1—STU 2 (incorporated by reference in § 170.299).

(ii) [Reserved]

(k) Payer data exchange—(1) Blue button—(i) Implementation specification. HL7 FHIR® CARIN Consumer Directed Payer Data Exchange (CARIN IG for Blue Button®) Implementation Guide, Version 2.0.0—STU 2 US (incorporated by reference in § 170.299).

(ii) [Reserved]

(2) Payer data exchange—(i) Implementation specification. HL7 FHIR® Da Vinci Payer Data Exchange (PDex) Implementation Guide, Version 2.1.0—STU 2.1 (incorporated by reference in § 170.299).

(ii) [Reserved]

(l) [Reserved]

(m) Drug formulary—(1) Implementation specification. HL7 FHIR® Da Vinci Payer Data Exchange (PDex) US Drug Formulary Implementation Guide, Version 2.0.1—STU 2 (incorporated by reference in § 170.299).

(2) [Reserved]

(n) Directory information—(1) Implementation specification. HL7 FHIR® Da Vinci Payer Data Exchange (PDex) Plan Net Implementation Guide, Version 1.1.0—STU 1.1 US (incorporated by reference in § 170.299).

(2) [Reserved]

[89 FR 1428, Jan. 9, 2024, as amended at 90 FR 37208, Aug. 4, 2025]
authority: 42 U.S.C. 300jj-11; 42 U.S.C 300jj-14; 5 U.S.C. 552.
source: 75 FR 2042, Jan. 13, 2010, unless otherwise noted.
cite as: 45 CFR 170.215
© 2014 CustomsMobile | Disclaimer | Privacy | About