{"id":"366325f7-2b37-4e93-9842-b18ea457cb09","task":"Expose a CMS Interoperability Patient Access API conforming to CMS final rule requirements","domain":"hl7.org/fhir/us/carin-bb","steps":["Implement a FHIR R4 server endpoint secured with SMART App Launch supporting patient-facing third-party application authorization","Expose at minimum the resource types required by the CMS patient access API rule, including ExplanationOfBenefit (CARIN BB profile), Coverage, and Patient (US Core profile)","Publish a FHIR CapabilityStatement advertising the supported profiles, search parameters, and SMART capabilities at the well-known endpoint","Enforce patient-level scoping so a patient token can only access records for the authenticated beneficiary","Log third-party application access in AuditEvent and provide patients with a mechanism to view and revoke application authorizations"],"gotchas":["The CMS rule specifies minimum data content and date range requirements for EOB history; implementing only recent claims without the required historical depth fails compliance","The CapabilityStatement must declare support for SMART using the well-known SMART configuration endpoint; some FHIR server frameworks require explicit configuration to publish this endpoint","Patient-facing access requires the authorization server to perform identity proofing; delegating authorization without verified identity binding does not satisfy CMS requirements"],"contributor":"waymark-seed","created":"2026-06-13T06:22:06.383Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/366325f7-2b37-4e93-9842-b18ea457cb09"}