The Data Readiness Roadblock, and What Health Plan CEOs Must Do Now 

By Vincent Tumminello, AVP Solutions and Strategy, Abacus Insights

As health plans race to meet the Jan. 1, 2027 deadline for CMS-0057 compliance, CEOs need to stop asking their compliance teams if they’re ready and instead start probing for IT readiness.

The core challenge of 0057 implementation is not standing up the FHIR servers or building consent and access frameworks around APIs. Rather, it’s organizing and wrangling large amounts of siloed data residing in legacy, transactional databases.

Whether you’ve chosen to build it internally, take a hybrid approach, or outsource everything, it’s now time to work with IT to:

• Get a brutally honest assessment from your data team about progress to date. Even if you’re working with a vendor, in our experience, your data team must do 80% of the clean-up in advance.
• Ask vendors for verifiable evidence of progress tied to 0057 requirements such as patient access expansion, provider access, and payer-to-payer data sharing.
• Get an independent expert to assess progress, remediate, and build on what you’ve done to keep momentum going.

Take a deeper dive into the three different transformation paths health plans are following for 0057 compliance and what leaders must do to stay on track.

Model One of CMS-0057 Compliance: Build‑It‑All‑Yourself

Health plans that choose to build compliance solutions internally tend to be larger, multi-state, multi-line of business payers. They have:

• Robust information technology and data management functions
• Expertise in cloud technology and FHIR
• Already mastered the requirements of the earlier mandate, CMS Interoperability and Patient Access Final Rule (CMS-9115-F)

These plans prefer to control all aspects and are less impacted by resource capacity or cost constraints than their smaller contemporaries.

Common Internal Build Challenges

Despite the significant talent and resources that large plans enjoy, the CMS mandate carries significant IT and data management challenges that even internal builds can’t avoid:

• Data must be made available within 24 hours of “receipt”– a standard many payers struggle to meet even for their own internal business units.
• The sheer volume of historical data involved–records to 2016 for long-tenured enrollees–makes handling vendor changes, carve outs, and siloed data time-consuming and tedious.
• All data must be linked to a central “patient” (person) entity–meaning payers need to consider robust master data management (MDM) capabilities in order to truly see usable data.
• The evolving nature of the FHIR data model. New implementation guides, dictating requirements and relational structures, go live every six to 12 months.

How “Build-It-Yourself” Plans Can Meet the Deadline

Understanding the challenges your plan faces is the first step. If your plan has chosen to internalize the entire responsibility for 0057 compliance, now is the time to:

• Ask your data team for a ground-level assessment of progress to date. For example, what is their inventory of source systems, data quality gaps, and FHIR resource coverage? Are they able to handle conversion of multiple data sets into a FHIR-JSON payload that meets the required and recommended data guides.
• Lock in a cut-through plan for the high-effort mappings and attribution logic that can stall provider access and payer-to-payer flows.
• Convene the executive team to define what compliance looks like, by what date, for your organization.
• Consider adding experienced hands to reduce financial and operational risk.

Model Two of CMS-0057 Compliance: Buy-and-Build

Health plans that choose a hybrid approach keep their data engineering in-house while working with a commercial platform to accelerate FHIR and API infrastructure readiness.

These are often large- to mid-sized plans that want to:

• Focus on data readiness and integration of their existing digital engagement portfolio.
• Leverage a “starter kit” to bring their CMS compliance and other strategic FHIR solutions to market, while building internal capabilities.
• Limit infrastructure and data spend as many of these solutions are deployed within their own cloud.

Common Buy-and-Build Challenges

Despite an effort to share the workload with an external vendor(s), the buy-and-build approach does not erase the central challenge of CMS 0057 compliance: data management.

What’s more, in an effort to save costs and make the deadline, buy-and-build plans risk building a data platform for a singular use case that may not have related ROI.

How “Build and Buy” Plans Can Succeed

If you’ve taken a hybrid approach and are concerned about deadlines slipping and investment value, now is the time to ask yourself:

• Is this a multi-million-dollar investment or a check-the-box exercise?
• Is there a way to make this data provide value in other use cases, such as digital HEDIS or risk adjustment?
• What progress is my data team making?
• Confirm data readiness and your data’s ability to conform to your platform’s expectations—before you push bulk loads.
• Consider adding a specialist data partner to accelerate transformation, validation, and population into your FHIR store so your platform shows value quickly.

Model Three of CMS-0057 Compliance: Outsource Everything

Health plans are facing multiple regulatory mandates and costs pressures beyond 0057 compliance.

In these cases, organizations may choose to keep internal IT teams focused on core initiatives and fully partner with a third party to manage compliance delivery end‑to‑end. These plans typically prioritize predictability and risk transfer over direct ownership of implementation.

Challenges with the Outsourcing Model

Even in fully outsourced models, data preparation and management often remain a significant burden. Here are a few challenges:

• Some vendors require data uploads in flat files (for example, CSVs), effectively pushing much of the FHIR modeling and normalization work upstream.
• Oversight can be difficult without strong analytics and reporting from vendors.
• Many solutions lack clear visibility into coverage, data freshness, and overall compliance health.
• Security posture varies widely. Moving large volumes of sensitive data into third‑party SaaS environments can introduce additional exposure if modern security standards and controls are not consistently applied.

How “Outsource Everything” Plans Can Meet the Deadline

If your plan has taken this approach, now is the time to:

• Request clear, verifiable evidence of progress mapped directly to the 0057 requirements, including Patient Access expansion, Provider Access, Payer‑to‑Payer exchange, and Prior Authorization APIs.
• Assess how compliance health is measured and monitored, including data completeness, latency, and FHIR resource coverage.
• If milestones begin to slip, consider bringing in an independent interoperability team to stabilize delivery and maintain momentum while you evaluate whether to stay the course or adjust your approach.

No Matter Where You Are in Your Interoperability Journey, It’s Not Too Late

At Abacus Insights, we’ve spoken with dozens of plans at many stages and models of CMS 0057-F compliance. Our approach, focused on data transformation, can help any plan of any size.

Whether you’re building, buying, or outsourcing, our team engages with your data engineering at the seams—data mapping, normalization, FHIR population, and API readiness.

We’ve seen (almost) everything. Across 30+ implementations, we’ve gone deep in the intricacies of payer data environments. No two are alike, but patterns (and pitfalls) repeat. That experience lets us move quickly and avoid the avoidable challenges.

Finally, we’re recognized for our responsiveness. In Flexpa’s November 2025 State of the Payer Patient Access API Report, Abacus Insights earned a shoutout:

That’s the experience we aim to deliver every day.