CMS (Centers for Medicare & Medicaid Services)

regulatory body regulatory healthcarecomplianceadministrative

Acronym for: Centers for Medicare & Medicaid Services

Source: CMS System: https://www.cms.gov Code: CMS Reviewed: 29/01/2026 License: CC-BY-4.0

CMS (Centers for Medicare & Medicaid Services)

One-sentence definition: CMS is the U.S. federal agency within the Department of Health and Human Services that administers Medicare, Medicaid, CHIP, and the health insurance Marketplaces, and that issues the interoperability regulations requiring covered payers to implement FHIR-based APIs for patient and provider data access.

Full Definition

The Centers for Medicare & Medicaid Services is the largest single healthcare payer in the United States, administering programs that cover over 160 million Americans through Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP). As the payer of last resort for the elderly, disabled, and low-income populations, CMS shapes the economics and standards of the entire US healthcare industry.

Beyond payer administration, CMS is a significant regulatory and policy body. It sets payment rates for hospitals and physicians through the Medicare Physician Fee Schedule and the Inpatient Prospective Payment System. It administers the ONC Health IT Certification Program jointly with ONC. And through its interoperability rulemakings — particularly CMS-9115-F (2020) and CMS-0057-F (2024) — it has become the primary driver of FHIR adoption in the US payer sector, mandating that covered health plans implement standardized FHIR-based APIs for patient access, provider access, prior authorization, and payer-to-payer data exchange.

CMS is an agency within HHS (the Department of Health and Human Services). It works closely with ONC (the Office of the National Coordinator for Health Information Technology) on digital health and interoperability policy. While ONC focuses on health IT developer obligations (certification, information blocking), CMS focuses on payer obligations under the health programs it administers.

For the technical detail of CMS interoperability mandates, covered payers, compliance timelines, and FHIR standards required under CMS-9115-F and CMS-0057-F, see CMS Interoperability Rules.

Context and Usage

Where This Term Appears

CMS appears throughout healthcare policy, payment, and technology contexts:

  • Regulatory documents: CMS publishes final rules in the Federal Register; rule numbers like “CMS-9115-F” and “CMS-0057-F” are standard shorthand in health IT
  • Compliance timelines: “CMS deadline” or “CMS compliance date” refers to the mandatory implementation dates in CMS final rules
  • API mandates: “CMS APIs” refers to the FHIR-based APIs covered payers must implement under CMS interoperability rules
  • Quality programs: CMS administers Merit-based Incentive Payment System (MIPS), Alternative Payment Models (APMs), and Promoting Interoperability (PI) — all of which create health IT requirements
  • Claims standards: CMS sets the claim formats (CMS-1500 for professional, UB-04 for institutional) that payers and providers use
  • ONC certification: CMS issues financial disincentives to providers who fail to meet ONC certification requirements

Common Usage Examples

In conversation: “We need to be compliant with the CMS interoperability rules by January 2027 — that’s the Provider Access API deadline.”

In documentation: “Covered payers under CMS-0057-F must implement a FHIR R4 Prior Authorization API by January 1, 2026.”

In technical contexts: References to “CMS-mandated APIs,” “CMS-required profiles,” or “CMS compliance deadlines” appear throughout FHIR implementation guide documentation for payer-side implementations.

Why CMS Exists

Medicare was established in 1965 under the Social Security Act to provide health insurance to Americans aged 65 and older and to certain disabled individuals. Medicaid was created at the same time to provide coverage to low-income populations. Both programs required a federal administrator, and the Bureau of Health Insurance and the Medical Services Administration were established for this purpose.

In 1977, the Health Care Financing Administration (HCFA) was created to consolidate Medicare and Medicaid administration. In 2001, HCFA was renamed to the Centers for Medicare & Medicaid Services — a name change intended to signal a broader mission beyond billing and claims administration to include quality improvement, patient safety, and care innovation.

CMS became central to health IT and interoperability when Congress passed the HITECH Act (2009) and the Affordable Care Act (2010), both of which created new incentive and mandate structures for healthcare technology adoption. The 21st Century Cures Act (2016) further expanded CMS’s interoperability authority, leading directly to the 2020 and 2024 interoperability rules.

CMS Programs and Initiatives

Medicare and Medicaid

Medicare covers Americans 65 and older, people with certain disabilities, and people with End-Stage Renal Disease. It is divided into Parts A (hospital insurance), B (medical insurance), C (Medicare Advantage — private plans), and D (prescription drug coverage). Medicare Advantage plans are the primary target of CMS FHIR API mandates.

Medicaid is a joint federal-state program covering low-income individuals and families, including children, pregnant women, elderly adults, and people with disabilities. Each state administers its own Medicaid program within federal guidelines. State Medicaid fee-for-service programs are subject to CMS interoperability rules; Medicaid managed care plans are subject to separate CMS managed care regulations.

CHIP (Children’s Health Insurance Program) provides low-cost health coverage to children in families that earn too much to qualify for Medicaid but cannot afford private insurance. CHIP fee-for-service programs are subject to the same CMS interoperability rules as Medicaid FFS.

Quality payment programs

CMS administers the Quality Payment Program (QPP), which includes:

  • MIPS (Merit-based Incentive Payment System) — a composite score affecting Medicare Part B payments for clinicians
  • APMs (Alternative Payment Models) — value-based care arrangements with different payment structures

The Promoting Interoperability (PI) category within MIPS creates financial incentives and disincentives for eligible clinicians based on their use of certified health IT. This is the mechanism by which CMS enforces ONC certification requirements at the provider level.

Interoperability and patient access

CMS’s two major interoperability rules are the primary source of FHIR adoption mandates in the US payer sector:

  • CMS-9115-F (2020): required covered payers to implement Patient Access API, Provider Directory API, and initial payer-to-payer exchange — all using FHIR R4
  • CMS-0057-F (2024): required Prior Authorization API, Provider Access API, enhanced payer-to-payer exchange, and PA data in the Patient Access API — with compliance deadlines in 2026 and 2027

These rules apply to Medicare Advantage organizations, state Medicaid fee-for-service programs, CHIP, and QHP issuers on Federally Facilitated Exchanges.

Relationship to Other Terms

  • FHIR — the technical standard CMS mandates for its interoperability APIs
  • HL7 — the standards body that produces FHIR and the Da Vinci implementation guides that CMS references

Contrasting Terms

  • CMS vs ONC: CMS regulates payers through the programs it administers (Medicare, Medicaid). ONC regulates health IT developers and providers through certification requirements and the information blocking rule. Both agencies report to HHS and collaborate on interoperability policy, but their levers and targets differ. A payer building a FHIR API is primarily subject to CMS rules; the EHR it interfaces with is primarily subject to ONC certification.

  • CMS vs HHS: HHS (the Department of Health and Human Services) is the cabinet-level department. CMS is one of several agencies within HHS. Other HHS agencies relevant to health IT include ONC, OCR (Office for Civil Rights — HIPAA enforcement), FDA, and CDC.

Common Misconceptions

Misconception 1: CMS only manages insurance

  • Incorrect belief: CMS is just a payer administrator; its relevance to health IT is limited to claims processing.
  • Reality: CMS is an active regulatory body that shapes health IT through interoperability rules, quality payment programs, and certification requirements. The FHIR mandates in CMS-9115-F and CMS-0057-F are among the most significant forces driving FHIR adoption in US payer-side implementations.
  • Why it matters: Health IT teams at covered payers need to treat CMS as a regulatory body with enforceable deadlines, not just as a claims destination.

Misconception 2: CMS rules only apply to government programs

  • Incorrect belief: CMS interoperability rules only matter to organizations that participate in Medicare or Medicaid; commercial payers are unaffected.
  • Reality: CMS rules apply to Medicare Advantage organizations, Medicaid FFS programs, CHIP, and QHP issuers on Federally Facilitated Exchanges — but many large payers operate across both CMS-covered and commercial lines of business. The technical infrastructure built for CMS compliance (Patient Access APIs, Provider Access APIs, payer-to-payer exchange) is increasingly extended to commercial populations as a business decision. The industry standard is being set by CMS mandates even for non-covered populations.
  • Why it matters: Health IT architects at large payers should design their FHIR infrastructure for CMS-compliance requirements even when some populations are not yet covered by the mandate.

Cross-References

  • FHIR — the technical standard CMS mandates for interoperability APIs
  • HL7 — the standards body producing FHIR

Last reviewed: January 29, 2026 Definition authority: CMS Content status: Canonical reference