Port FHIR compliance checker to C# and add compliance-status endpoint#481
Merged
aurelianware merged 2 commits intomainfrom Mar 15, 2026
Merged
Conversation
Port src/fhir/compliance-checker.ts to C# as Cms0057ComplianceChecker service with full resource validation (ServiceRequest, ExplanationOfBenefit, Claim, Patient) against CMS-0057-F Prior Authorization Rule requirements. Add GET /fhir/compliance-status controller endpoint that returns a structured report of which CMS-0057-F requirements are met/unmet for the current tenant: - Patient Access API enabled with FHIR R4 - Provider Directory API enabled - Prior Authorization API with required operations - Payer-to-Payer data exchange configured - Required SMART on FHIR scopes registered https://claude.ai/code/session_01DPvEvpu9zvaxiRoRmiYLyg
Contributor
There was a problem hiding this comment.
Pull request overview
Ports the existing CMS-0057-F compliance checking logic into the .NET FHIR service and adds a new endpoint intended to report a tenant’s CMS-0057-F compliance posture.
Changes:
- Added
Cms0057ComplianceCheckerservice to validate key FHIR R4 resources (ServiceRequest, EOB, Claim, Patient) against CMS-0057-F-oriented rules. - Registered the compliance checker in DI for fhir-service.
- Added
GET /fhir/compliance-statusendpoint returning a structured, config-driven CMS-0057-F requirements report.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 9 comments.
| File | Description |
|---|---|
src/services/fhir-service/Services/Cms0057ComplianceChecker.cs |
Introduces resource validators and reporting DTOs for CMS-0057-F-style compliance evaluation. |
src/services/fhir-service/Program.cs |
Registers the compliance checker service in the fhir-service DI container. |
src/services/fhir-service/Controllers/ComplianceController.cs |
Adds a new endpoint to expose a tenant compliance-status report based on configuration signals. |
Comment on lines
+9
to
+20
| /// for the current tenant — a key differentiator for CHO health plans. | ||
| /// </summary> | ||
| [Route("fhir")] | ||
| public class ComplianceController : FhirControllerBase | ||
| { | ||
| private readonly IConfiguration _config; | ||
| private readonly ICms0057ComplianceChecker _complianceChecker; | ||
|
|
||
| public ComplianceController(IConfiguration config, ICms0057ComplianceChecker complianceChecker) | ||
| { | ||
| _config = config; | ||
| _complianceChecker = complianceChecker; |
| if (!enabled) | ||
| issues.Add("Provider Directory API is not enabled"); | ||
|
|
||
| var hasNppesIntegration = !string.IsNullOrEmpty(_config["Nppes:BaseUrl"]); |
Comment on lines
+143
to
+152
| var requiredOperations = new[] { "$submit", "$inquire" }; | ||
| var supportedOperations = _config.GetSection("Cms0057:PriorAuthorizationApi:Operations") | ||
| .GetChildren().Select(c => c.Value).ToList(); | ||
|
|
||
| if (supportedOperations.Count > 0) | ||
| { | ||
| var missing = requiredOperations.Except(supportedOperations!, StringComparer.OrdinalIgnoreCase).ToList(); | ||
| if (missing.Count > 0) | ||
| issues.Add($"Missing required operations: {string.Join(", ", missing)}"); | ||
| } |
Comment on lines
+121
to
+124
| if (resource.AuthoredOn is null) | ||
| issues.Add(new("warning", "MISSING_AUTHORED_ON", "ServiceRequest.authoredOn should be present for timeline tracking", Requirement: "CMS-0057-F Timeline")); | ||
| else | ||
| requiredPresent++; |
Comment on lines
+495
to
+502
| var withinUrgentWindow = hoursDiff <= 72; | ||
| var deadline = withinUrgentWindow ? "72 hours" : "7 calendar days"; | ||
| var maxAllowedHours = withinUrgentWindow ? 72.0 : 168.0; | ||
| var compliant = hoursDiff <= maxAllowedHours; | ||
|
|
||
| return new TimelineCompliance( | ||
| Applicable: true, | ||
| Requirement: $"CMS-0057-F: Response within {deadline} for {(withinUrgentWindow ? "urgent" : "standard")} requests", |
Comment on lines
+11
to
+30
| [Route("fhir")] | ||
| public class ComplianceController : FhirControllerBase | ||
| { | ||
| private readonly IConfiguration _config; | ||
| private readonly ICms0057ComplianceChecker _complianceChecker; | ||
|
|
||
| public ComplianceController(IConfiguration config, ICms0057ComplianceChecker complianceChecker) | ||
| { | ||
| _config = config; | ||
| _complianceChecker = complianceChecker; | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// GET /fhir/compliance-status | ||
| /// Returns a structured report of CMS-0057-F compliance posture for the current tenant. | ||
| /// </summary> | ||
| [HttpGet("compliance-status")] | ||
| [Produces("application/json")] | ||
| [ProducesResponseType(typeof(Cms0057ComplianceReport), 200)] | ||
| public IActionResult GetComplianceStatus() |
Comment on lines
+27
to
+64
| [HttpGet("compliance-status")] | ||
| [Produces("application/json")] | ||
| [ProducesResponseType(typeof(Cms0057ComplianceReport), 200)] | ||
| public IActionResult GetComplianceStatus() | ||
| { | ||
| var tenantId = TenantId; | ||
|
|
||
| var patientAccessCheck = CheckPatientAccessApi(); | ||
| var providerDirectoryCheck = CheckProviderDirectoryApi(); | ||
| var priorAuthCheck = CheckPriorAuthorizationApi(); | ||
| var payerToPayerCheck = CheckPayerToPayerExchange(); | ||
| var smartScopesCheck = CheckSmartOnFhirScopes(); | ||
|
|
||
| var requirements = new List<Cms0057Requirement> | ||
| { | ||
| patientAccessCheck, | ||
| providerDirectoryCheck, | ||
| priorAuthCheck, | ||
| payerToPayerCheck, | ||
| smartScopesCheck | ||
| }; | ||
|
|
||
| var metCount = requirements.Count(r => r.Met); | ||
|
|
||
| var report = new Cms0057ComplianceReport( | ||
| TenantId: tenantId, | ||
| OverallCompliant: requirements.All(r => r.Met), | ||
| RequirementsMet: metCount, | ||
| TotalRequirements: requirements.Count, | ||
| CompliancePercentage: (int)Math.Round(100.0 * metCount / requirements.Count), | ||
| Requirements: requirements, | ||
| AssessedAt: DateTimeOffset.UtcNow, | ||
| FhirVersion: "4.0.1", | ||
| RuleName: "CMS-0057-F", | ||
| RuleDescription: "CMS Interoperability and Prior Authorization Final Rule"); | ||
|
|
||
| return Ok(report); | ||
| } |
Comment on lines
+175
to
+178
| if (resource.Priority == RequestPriority.Urgent) | ||
| { | ||
| uscdiClasses.Add("Clinical Notes"); | ||
| requiredPresent++; |
Comment on lines
+511
to
+520
| var issues = new List<ComplianceIssue> | ||
| { | ||
| new("warning", "UNSUPPORTED_RESOURCE", | ||
| $"Resource type {resource.TypeName} is not specifically validated for CMS-0057-F") | ||
| }; | ||
|
|
||
| return new ComplianceResult( | ||
| Compliant: true, | ||
| Issues: issues, | ||
| Warnings: [], |
1. Use injected ICms0057ComplianceChecker to expose supported resource types in the compliance report (was unused dead code) 2. Fix NPPES config check — Program.cs supplies a default base URL, so only flag when explicitly disabled to avoid false negatives 3. Flag missing Prior Auth operations config as non-compliant instead of silently assuming all operations are supported 4. Move warning-severity items from Issues to Warnings collection consistently across all validators (ServiceRequest, EOB, Claim, unsupported fallback) 5. Determine urgent vs standard timeline from ServiceRequest.priority field instead of inferring from elapsed time since authoring 6. Add [Authorize] attribute and move endpoint to /fhir/r4/compliance-status so it requires authentication and SMART scope enforcement https://claude.ai/code/session_01DPvEvpu9zvaxiRoRmiYLyg
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Port src/fhir/compliance-checker.ts to C# as Cms0057ComplianceChecker service
with full resource validation (ServiceRequest, ExplanationOfBenefit, Claim,
Patient) against CMS-0057-F Prior Authorization Rule requirements.
Add GET /fhir/compliance-status controller endpoint that returns a structured
report of which CMS-0057-F requirements are met/unmet for the current tenant:
https://claude.ai/code/session_01DPvEvpu9zvaxiRoRmiYLyg