AuthMatch · Issue briefJune 29, 2026For Engineering

A FHIR R4 surface engineered for CMS-0057-F. Read it, run it, route to it.

Da Vinci PAS / CRD / DTR endpoints shipped, conformant CapabilityStatement, SMART Backend Services, and a public corpus-freshness API. The brief below is the verify-it-yourself recipe.

§IFHIR surface

Every Da Vinci IG that CMS-0057-F names is implemented as a real FastAPI router, gated by SMART Backend Services client_credentials and BAA-attestation chain. /fhir/r4/metadata carries the canonical IG URLs, the supported resource interactions, the named operations, and a SMART-on-FHIR security service entry with the oauth-uris extension pointing at our token endpoint — no out-of-band discovery required.

IGEndpointOperation
PAS 2.0.1POST /fhir/r4/Claim/$submitClaim-submit
PAS 2.0.1GET /fhir/r4/ClaimResponse/{id}read
CRD 2.0.1POST /fhir/r4/CoverageEligibilityRequest/$inquireCER-inquire
DTR 2.0.0GET /fhir/r4/Questionnaire/{id}read
DTR 2.0.0POST /fhir/r4/QuestionnaireResponse/$applyQR-apply
SMARTGET /.well-known/smart-configurationdiscovery
SMARTPOST /oauth/tokenclient_credentials
§IIMatcher precedence walk
  1. Tier 1

    NCD

    National coverage determinations — top of the Medicare hierarchy

  2. Tier 2

    LCD

    MAC-jurisdiction-scoped to the member’s state of service on the DOS

  3. Tier 3

    Article

    Companion to LCDs; same MAC scope. Some HCPCS have only an Article.

  4. Tier 4

    Custom (tenant)

    Tenant-internal supplements. Lowest tier, never centrally held.

First hit short-circuits. Pinned to the case at intake — subsequent CMS revisions never retroactively change a case’s controlling guideline.

§IIICorpus refresh cadence
Production cron jobs (UTC)
NCD + LCD daily refresh03:00pg_cron → /v1/admin/guidelines/refresh
Articles daily refresh03:15separate cron, same admin endpoint
NCCI weekly refreshSun 03:30PTP + MUE + Add-on advisory
IO Manual weekly refreshSun 03:45CMS Internet-Only Manuals
§IVVerify it yourself
# 1. CapabilityStatement
curl https://your-host/fhir/r4/metadata | jq '.rest[0].security'

# 2. SMART configuration
curl https://your-host/.well-known/smart-configuration | jq

# 3. Mint a backend-services token
curl -X POST https://your-host/oauth/token \
  -d 'grant_type=client_credentials' \
  -d 'client_id=...' -d 'client_secret=...' \
  -d 'scope=system/Claim.read system/Claim.write'

# 4. Submit a Da Vinci PAS bundle (synthetic — start from
#    api/tests/fixtures/davinci-pas-official/SurgicalRequestBundleExample.json)
curl -X POST https://your-host/fhir/r4/Claim/\$submit \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/fhir+json" \
  -d @synthetic_pas_bundle.json
§VWalk it through

Reply to this brief and we will send a synthetic Da Vinci PAS request bundle, the expected ClaimResponse, and a 30-minute call slot to walk through the round-trip on a screen-share.

Conformance §WholePAS STU 2.0.1CRD STU 2.0.1DTR STU 2.0.0SMART Backend Services v1.0.0