Research by Max · Feb 20 2026 · n=8 sources · Confidence: Medium-High
The FHIR infrastructure is real, live, and accessible. The 5 largest US insurers (UHC, Aetna, Cigna, BCBS, Humana) all have live FHIR R4 Patient Access APIs that third-party apps can register with today. Claims data including denial status is accessible. The critical gap: the CMS mandate only covers regulated insurance products — Medicare Advantage, Medicaid managed care, and ACA marketplace plans. Fully commercial employer-sponsored plans (ERISA) are NOT required to comply. This limits initial addressable market but still covers a large and high-value segment.
CMS Interoperability and Patient Access Rule (CMS-9115-F, 2021) Requires covered payers to expose patient data via FHIR R4 APIs. Covered payers: - Medicare Advantage organizations - Medicaid managed care plans - CHIP managed care entities - QHP issuers on Federally-Facilitated Exchanges (ACA marketplace)
CMS-0057-F (Jan 2024 — Prior Authorization Rule) - Jan 1, 2026: Payers must add prior authorization data to Patient Access API - Jan 1, 2027: Full Prior Authorization API compliance deadline
What's NOT covered: - Fully commercial employer-sponsored insurance (governed by ERISA, not CMS) - ~40% of commercially insured Americans are in self-funded ERISA plans - These employers can voluntarily adopt FHIR but are not required to
| Insurer | API Status | Developer Portal | Data includes claims/denials? | Notes |
|---|---|---|---|---|
| UnitedHealthcare / Optum | ✅ Live, mature | portal.flex.optum.com | ✅ Yes — claims, encounter, diagnoses, procedures | Largest insurer. Most mature API. SMART on FHIR. Requires app registration. |
| Aetna (CVS Health) | ✅ Live | Aetna developer portal | ✅ Yes | Prescription quantity + fill number included |
| Cigna | ✅ Live | Cigna developer portal | ✅ Yes — incl. prescription fill number | |
| Blue Cross Blue Shield | ✅ Live (varies by plan) | Per-plan portals (e.g. capbluecross.com/developer) | ✅ Yes | BCBS is federated — 36 independent plans. Each has own developer registration. |
| Humana | ✅ Live | Humana developer portal | ✅ Yes |
Also confirmed live: Capital Blue Cross, MVP Healthcare, HAP (Health Alliance Plan), and hundreds more via aggregators like 1upHealth.
Via ExplanationOfBenefit (EOB) FHIR resource: - Claim submission details - Claim status (paid, denied, pending) - Denial reason codes - Payment amounts - Prior authorization status (as of 2026 mandate)
Via Coverage resource: - Active plan details, member ID, group number
Via Patient resource: - Demographics for identity verification
What Upheld needs: EOB resource with denial status + reason codes. This is the core of the product. ✅ Available today for regulated plan types.
Standard stack: - FHIR R4 (resource format) - SMART on FHIR (authorization framework) - OAuth 2.0 / OpenID Connect (patient consent flow)
How it works: 1. Upheld registers as an app in each payer's developer portal (one-time) 2. Patient authorizes Upheld via OAuth flow (consent screen in their insurer's portal) 3. Upheld receives access token scoped to that patient's data 4. Upheld polls EOB endpoint for new claims + status changes 5. Detects denials → triggers appeal workflow
Per-payer registration required. No single universal registration. For MVP, targeting the top 3–5 payers covers most of the addressable market.
Rather than integrating with each payer individually, aggregators like 1upHealth and Flexpa handle multi-payer FHIR connections via a single API:
| Aggregator | Coverage | Relevance |
|---|---|---|
| 1upHealth | "Hundreds of health plans" incl. Aetna, Cigna | B2B platform — could dramatically accelerate Upheld's coverage |
| Flexpa | Built specifically for financial/benefits apps on FHIR | Strong fit — they handle the OAuth/registration complexity |
| Health Gorilla | Clinical + claims data aggregation | More clinical-focused |
Key insight: Using an aggregator like Flexpa or 1upHealth could compress 12+ months of payer-by-payer integration work into weeks. Worth evaluating as the MVP architecture.
~155M Americans are covered by employer-sponsored insurance. Of those: - ~60% are in fully-insured plans → administered by a carrier (UHC, Aetna, etc.) → FHIR mandate applies - ~40% are in self-funded ERISA plans → employer bears the risk, carrier just administers → FHIR mandate does NOT apply
What this means for Upheld: - Day 1 addressable: ~90M people in regulated plans (Medicare Advantage, Medicaid managed care, ACA marketplace, fully-insured commercial) - Self-funded ERISA: separate technical path, requires different integration strategy (not FHIR) - This is still a massive market. Don't let the ERISA gap kill the concept — it's a phase 2 expansion, not a fatal flaw.
| Question | Answer | Confidence |
|---|---|---|
| Is FHIR infrastructure real and live? | Yes — all major insurers have live APIs | High |
| Can we access denial data via FHIR? | Yes — EOB resource includes denial status + reason codes | High |
| Do we need per-payer registration? | Yes, or use an aggregator to skip most of it | High |
| Does ERISA limit the market? | Yes — ~40% of commercially insured not covered | High |
| Is the addressable market still large? | Yes — ~90M+ lives in FHIR-covered plans | High |
| Is anyone else doing this at scale? | No confirmed direct competitor doing full automation | Medium |
Bottom line: Technically feasible. Regulatory foundation exists. Market is real. ERISA gap is manageable as a phase 2 problem.
Sources: CMS.gov (CMS-9115-F, CMS-0057-F, Patient Access API FAQ), UHC/Optum developer portal, 1upHealth docs, healthsouse.com FHIR comparison, Capital Blue Cross developer portal, Firely blog (CMS-0057-F analysis) Confidence: Medium-High on technical feasibility. Medium on market sizing (40/60 ERISA split is approximate). Legal risk assessment requires a lawyer — not researched here.