What is your service?

We provide healthcare IT solutions.

How can I contact you?

You can contact us via our website.

Case Study: Prior Authorization

How a Regional Medicaid MCO shipped its Prior Authorization FHIR API in 28 weeks

28 Weeks

Kickoff to production
FHIR API go-live

265K

Medicaid & CHIP
members covered

3

State Medicaid contracts
brought into compliance

58%

Reduction in PA
decision cycle time

Client Overview: Regional Medicaid MCO

A regional Medicaid MCO serving 265,000 Medicaid and CHIP members across three southeastern states, covering physical health, behavioral health, and LTSS through a network of 6,800 providers.

As a CMS-0057-F impacted payer, our client needed all four FHIR APIs live by January 2027, with a public PA metrics report due March 31, 2026. They engaged CapMinds in late 2025 with a 28-week go-live target.

Regulatory context: CMS-0057-F compliance dates for Medicaid MCOs are tied to rating period start dates, not fixed calendar dates. The rule also cut standard PA turnaround from 14 days to 7 days and mandated annual public denial-rate reporting starting March 31, 2026.

The organization operates with an in-house lab and imaging services and maintains a strong commitment to CMS and HIPAA compliance. In 2024, they partnered with CapMinds to execute a large-scale health data migration, modernizing its EHR infrastructure for secure, real-time, and scalable data management across all locations.

CMS-0057-F Milestones for Medicaid Managed Care Plans

Jan 1, 2026
Operational mandates live: 7-day standard / 72-hr expedited PA; specific denial reasons required; metric collection begins.

Mar 31, 2026
First public PA metrics report due at the plan level, approval/denial rates, appeal outcomes, and average decision times for CY2025.

Jul 2026
Target Our Client · CapMinds go-live: all 4 FHIR APIs in production, 6 months before mandate.

Jan 1, 2027
Full FHIR API compliance is required for all impacted payers across PA, Provider Access, Patient Access, and P2P APIs.

Why 28 weeks? Two of our client’s three state contracts were up for renewal in Q4 2026, and state program offices made CMS-0057-F API compliance a renewal condition. Missing the July target risked a corrective action plan.

Challenges Faced Before Migration

Our client’s PA infrastructure had grown over 11 years into a fragmented, multi-state ecosystem with no unified FHIR layer in place.

Fragmented MMIS dependencies: Three state contracts, three different MMIS platforms, two accessible only via batch SFTP, not real-time API.
42 CFR Part 2 BH data complexity: 31% of PA volume was behavioral health, requiring consent-driven data segmentation with no existing FHIR infrastructure.
No FHIR precedent for LTSS authorization: LTSS PA workflows ran on a separate platform with no Da Vinci PAS-compatible profile to follow.
Low FHIR maturity among safety-net providers: 55 FQHCs and CMHCs lacked FHIR-capable EHRs, relying on phone and fax for PA submission.
PA turnaround cut from 14 to 7 days: CMS-0057-F halved the standard SLA, requiring simultaneous workflow redesign, not just a tech fix.
No PA metrics pipeline: CY2025 public reporting was due in 6 weeks, with data scattered across six disconnected systems.

The 28-Week Delivery Map

Five parallel workstreams across 14 two-week sprints, with the MMIS bridge and BH data segmentation layer started in Sprint 1 to protect the critical path.

Discovery & Metrics: Weeks 1–6 · Gap analysis, MMIS audit, metrics pipeline emergency build.
FHIR Infrastructure: Weeks 3–16 · HAPI FHIR, MMIS bridge, ETL, BH segmentation layer.
Prior Auth API (PAS): Weeks 7–22 · Da Vinci PAS v2.1, LTSS bridge, portal fallback.
Provider & Patient APIs: Weeks 13–24 · PDex, CARIN BB, DS4P, bulk FHIR export.
UAT & Go-Live: Weeks 23–28 · Provider UAT, EHR integration, Inferno testing, go-live.

Highlights:

Discovery:MMIS Audit & Emergency Metrics Pipeline (Weeks 1–6)

Audited 140+ PA service categories across three states and mapped each to FHIR resource types.
Built an emergency PA Metrics Pipeline in Python + Airflow, normalizing data from six disconnected sources.
Published our client’s CY2025 public PA metrics report by March 27, 2026, four days before the CMS deadline.
Produced a FHIR Gap Analysis Matrix identifying 41 fields requiring custom extension profiles.

Prior Authorization FHIR:API — Da Vinci PAS v2.1.0 with LTSS Bridge (Weeks 7–22)

Implemented the full Da Vinci CRD → DTR → PAS workflow with CDS Hooks v2.0 for Epic and athenahealth EHR systems.
Built a custom LTSS PA Bridge, the first of its kind under Da Vinci PAS v2.1.0, routing LTSS requests to Netsmart myAvatar via extended FHIR Claim profiles.
Deployed a FHIR Provider Portal fallback for 55 safety-net providers, eliminating phone/fax PA submission without requiring EHR upgrades.
Implemented a structured denial-reason taxonomy across 18 clinical categories, cutting unnecessary appeals from 41% to 18%.

UAT:EHR Integration Testing & Production Go-Live (Weeks 23–28)

UAT with 12 pilot provider organizations across all service categories and all three state contract configurations.
Achieved passing Inferno FHIR Testing Suite scores for all four APIs before production cutover.
Two-week parallel shadow run (Weeks 25–26) reconciling FHIR and legacy X12 decisions to validate parity.
Go-live in Week 27 with 30-day CapMinds hypercare: CloudWatch + Grafana SLA monitoring, PagerDuty alerting.

FHIR Core Infrastructure: MMIS Bridge & BH Data Segmentation (Weeks 3–16)

Deployed HAPI FHIR Server v7. x on AWS EKS — HIPAA-compliant, multi-AZ, AES-256 encrypted.
Built a three-state MMIS Integration Bridge: FHIR requests trigger X12 278 submission; responses are cached in Redis for synchronous retrieval.
Implemented 42 CFR Part 2-compliant BH data segmentation (DS4P IG) — SUD PA data filtered at the API response layer without explicit patient consent.
Established SMART on FHIR 2.0 authorization with separate flows for patient apps, provider B2B, and payer exchange.

Provider Access: Patient Access & Payer-to-Payer APIs (Weeks 13–24)

Provider Access API: Bulk FHIR export for in-network providers with nightly 834-based attribution refresh and DS4P-gated BH data.
Patient Access API: Extended existing CMS-9115-F API to include PA status, denial reasons, and appeal data, with SUD data suppressed by default.
Payer-to-Payer API: TEFCA-aligned FHIR B2B exchange for member data continuity during plan transitions.
Deployed AWS API Gateway + Kong for unified OAuth validation, rate limiting, developer sandbox, and immutable audit logging.

Technology Stack & Standards

Technology Stack Table

Category	Technology / Standard / Version
FHIR Framework	HAPI FHIR Server v7.x (R4 / 4.0.1); US Core IG 6.1.0; Da Vinci PAS IG v2.1.0 (STU 2)
Da Vinci IG Suite	CRD STU 2.1 · DTR STU 2.1 · PAS STU 2.1 · PDex STU 2.1 · CARIN BB STU 2.1 · DS4P IG (BH data segmentation)
BH & LTSS Extensions	42 CFR Part 2 DS4P consent engine; custom FHIR Claim extension profiles for LTSS service authorization; Netsmart myAvatar REST bridge adapter (Java/Spring Boot)
MMIS Integration Bridge	X12 278 Request/Response via three-state MMIS SFTP; custom FHIR ↔ X12 mapping engine (Java); AWS ElastiCache (Redis) decision cache; FHIR Task subscription for async workflows
Authentication	SMART on FHIR 2.0 (OAuth 2.0 + OIDC); PKCE patient-app flows; Backend Services Authorization for provider B2B; Keycloak identity provider; AWS Cognito for member portal
ETL & Data Integration	Apache Spark + AWS Glue (MMIS batch files, Oracle adjudication DB); Apache Airflow (orchestration); Apache Kafka (real-time PA event streaming); Mirth Connect (HL7 v2 ADT from hospital partners)
FHIR Validation & Testing	Inferno FHIR Testing Suite; HL7 FHIR Validator CLI; CDS Hooks Sandbox v2.0; Postman/Newman API regression suite; Gatling load testing (10K concurrent PA submissions)
Provider Portal (Fallback)	React.js + TypeScript; FHIR Claim bundle construction client-side; AWS Amplify hosting; supports FQHC and CMHC, non-FHIR-capable providers
Cloud Infrastructure	AWS EKS (multi-AZ, auto-scaling); AWS RDS Aurora PostgreSQL (AES-256); S3 versioned encrypted staging; AWS KMS; VPC with private subnets + security groups; WAF for API gateway
API Management	AWS API Gateway + Kong; OAuth token introspection; rate limiting; developer sandbox + self-service portal; CloudTrail audit logging to immutable S3 archive
Monitoring & Compliance Tracking	AWS CloudWatch + Grafana PA SLA dashboard; PagerDuty alerting; Apache Kafka → Snowflake PA metrics warehouse; CMS Metrics Reporting Template (HTML/JSON publication)
Security & Compliance	HIPAA Security Rule; 42 CFR Part 2; SOC 2 Type II; NIST 800-53; CMS-0057-F; TEFCA; USCDI v3; 42 CFR § 438.210 (Medicaid MCO PA requirements)

Results & Outcomes

CapMinds’ structured and automation-driven approach delivered measurable outcomes across performance, compliance, and operational efficiency:

Weeks, from project kickoff to production FHIR API go-live, all 4 APIs live simultaneously.

Mar 27 CY2025 public PA metrics report published, 4 days ahead of the March 31, 2026, CMS plan-level deadline.

99.6%

FHIR conformance pass rate across Inferno testing suite, Prior Authorization, Provider Access, and Patient Access APIs.

58%

Reduction in average PA decision cycle time, from 11.2 days to 4.7 days across all service lines.

41%

41% → 18% Unnecessary appeal rate reduced after structured denial-reason taxonomy implementation.

FQHC and CMHC safety-net providers moved off phone/fax PA submission via the FHIR Provider Portal fallback.

Why CapMinds

Medicaid-Specific Program Expertise

Deep knowledge of Medicaid MCO-specific compliance structures, rating period dates, state reporting obligations, and OIG denial-rate requirements, not MA frameworks misapplied to Medicaid.

Speed Without Shortcuts, 28-Week Delivery

Parallel workstreams, a pre-built FHIR accelerator layer, and Sprint 1 critical-path decisions delivered all four APIs simultaneously, no scope cuts, no deadline misses.

42 CFR Part 2 & HIPAA Dual Compliance

DS4P-aligned SUD data segmentation at the API response layer, a production-ready capability most FHIR vendors simply don’t have.

Novel LTSS & Safety-Net Provider Coverage

Purpose-built LTSS bridge and FHIR Provider Portal ensured 100% of service categories and 100% of the provider network were operational on go-live day.

Final Outcome

The collaboration empowered the Texas practice to:

Consolidate fragmented patient data into a single, FHIR-native EHR
Improve reporting and analytics across seven locations
Enhance compliance and scalability for future growth

CapMinds continues to support the client with ongoing interoperability, RCM automation, and analytics optimization, driving digital transformation beyond migration.