California AB 3030 and FHIR: How Provider Data Standards Are Changing

California AB 3030 and FHIR: How Provider Data Standards Are Changing

California has historically been at the forefront of healthcare regulation. AB 3030, which takes full effect in 2026, represents a significant step forward in standardizing how provider directory data is shared and accessed. If you operate in California or work with California-based practices, understanding this law is critical.

AB 3030 is different from other directory accuracy laws because it focuses specifically on how data is shared—through standardized APIs using FHIR (Fast Healthcare Interoperability Resources). This shift from proprietary formats to open standards has profound implications for healthcare data interoperability and patient access.

What AB 3030 Requires

California AB 3030 mandates that health plans, hospital systems, and large healthcare entities maintain and publish provider directory information via a FHIR-compliant API. Specifically:

1. FHIR Compliance — Directory data must be exposed through a FHIR API that conforms to the HL7 FHIR standard (version R4 or later), supporting standard resources: Practitioner, Organization, PractitionerRole, Location, and Endpoint.

2. Required Data Elements — Provider name, NPI, credentials, specialties, contact information, hospital affiliations, insurance plan participation, office hours, languages spoken, board certifications, accepting new patients status, and last update timestamps.

3. API Accessibility — The API must be publicly accessible, support standard REST patterns, return data in JSON format, support filtering and search parameters, and meet performance benchmarks (typically 2 seconds for searches).

4. Update Frequency — Updates should be reflected within 48 hours of change. High-priority information (license suspension, credential loss) should be reflected within 24 hours.

Why FHIR Matters

Before FHIR, each vendor had proprietary ways of sharing data. If you wanted to integrate with five payers, you built five integrations. FHIR standardizes this—one integration can work with any FHIR-compliant system. This lowers integration costs and enables the healthcare ecosystem to move data more freely.

For provider directories, FHIR means your directory API can be consumed by third-party apps, payers don't need custom integrations, data format is consistent, and real-time access becomes feasible.

Compliance Timeline

Phase 1 (January 1, 2026): Health plans must have a FHIR API available exposing Practitioner, Organization, and Location resources with basic search functionality.

Phase 2 (January 1, 2027): Advanced search functionality, PractitionerRole and Endpoint resources, performance standards, and real-time update capability.

Implementation Approaches

Option 1: Vendor Solution — Many EHR vendors are building FHIR-compliant directory modules ($500-$2,000/month).

Option 2: Third-Party FHIR Directory Platform — Specialized directory vendors offering FHIR-compliant solutions ($1,000-$5,000/month).

Option 3: Build Your Own — Highest upfront cost but maximum flexibility. Best for organizations with sophisticated IT infrastructure.

Actionable Takeaways

1. If You're in California, Act Now — Phase 1 compliance requires having a FHIR API.
2. Evaluate Your Current Infrastructure — Audit your provider data systems and integration requirements.
3. Consider Vendor Solutions — Typically faster and lower-risk than building from scratch.
4. Start with Data Quality — Ensure your underlying data is accurate before worrying about the API.
5. Engage Your IT and Compliance Teams — FHIR API implementation involves technical, operational, and compliance considerations.
6. Monitor Regulatory Guidance — Stay informed on the California Department of Managed Health Care guidance.

AB 3030 is a significant regulatory change, but it also reflects the healthcare industry's evolution toward openness and interoperability.