For Healthcare Payers

Board-defensible evidence that your FHIR APIs still match the rule.

Tessara produces signed, hash-chained verdicts on every CMS-0057-F endpoint — independently re-verifiable, ready to hand an auditor without lawyer translation. Co-aligned to CMS-9115-F's Provider Directory.

Request audit packet See methodology
Preparing for CMS-0057-F · Enforcement: January 1, 2027
Spec Baseline a7f3 f1a2 b3c4 d5e6 7f8a Observed API e1x9 f1a2 b3c4 x2y1 q3r4 DRIFT = ● monitoring
Methodology Patent-pending detection
Evidence Cryptographically signed verdicts
Validated against 1,304-payer public scorecard
Architecture Zero-PHI by design

Find Your Path to Compliance

Building APIs Now

Catch drift during development before ONC certification

Learn More →

Already Certified

Stay conformant from certification to enforcement

Learn More →

Behind Schedule

Urgent assessment and remediation support

Get Help →

Five-Stage Pipeline

01

Ingest

Parse FHIR Implementation Guide into structural baseline

02

Probe

Query live API for CapabilityStatement and resource types

03

Compare

Merkle hash comparison detects structural drift

04

Verdict

Generate Ed25519-signed compliance verdict

05

Evidence

Store in tamper-evident hash-linked chain

Your API passed certification. What happens next?

CMS-0057-F (and its predecessor CMS-9115-F) require 5,000+ healthcare payers (per CMS estimates) to operate five FHIR APIs — four under CMS-0057-F plus the CMS-9115-F Provider Directory — by January 2027. Most are focused on passing initial certification. Nobody's asking what happens when a deploy silently changes the data model.

A single code deploy can remove a mandatory element, alter cardinality constraints, or change authentication requirements. Tessara complements your existing testing by continuously validating conformance to the Implementation Guide.

Tessara answers the question your test suite can't: is your API still conformant to the published specification, right now?

0+
payers under CMS-0057-F
0
drift categories monitored
< 0s
time to detection

Six Categories of Drift

Cat-1 CRITICAL

Mandatory Element Removal

Required element no longer served by the API

Cat-2 CRITICAL

Type/Cardinality Change

Data type or occurrence constraints differ from spec

Cat-3 INFO

Structural Extension

Non-specified elements present in observed API

Cat-4 HIGH

Auth Deviation

Security or authorization mechanisms differ

Cat-5 MEDIUM

Behavioral Change

Structure intact but endpoint behavior changed

Cat-6 HIGH

Version Mismatch

Self-reported FHIR version doesn't match specification

Where Tessara Fits in Your Compliance Stack

Tessara complements ONC-certified testing tools like Inferno and Touchstone. Use those tools for initial certification. Use Tessara for continuous monitoring after certification and during development.

Feature comparison between Tessara and competing FHIR conformance tools
Feature Tessara Inferno Touchstone FHIR Validator
Best used for... Production monitoring Initial certification Conformance testing Development validation
Continuous Monitoring
Structural Drift Detection
Signed Verdicts
Evidence Chain
Regulatory References
Zero Config
What happens if your API drifts? Early detection with cryptographic proof Hope you catch it before audit Hope you catch it before audit Manual review required

Built on cryptographic standards trusted across regulated industries

Ed25519 Signatures SHA-256 Merkle Trees RFC 8785 Canonicalization

Security & Compliance Status

SOC 2 Type I

Engagement begins with first pilot revenue
Target: Q3 2026

HIPAA Posture

Zero-PHI architecture; draft BAA template (counsel review pending)
See /compliance for details

TLS 1.3 Encryption

All data in transit
Enabled

On-Premises Option

No cloud dependency
Available

Full vendor risk & security details →

Ready to monitor your FHIR APIs?

Join the early access program. Be audit-ready before the January 2027 deadline.

Get a Free Conformance Assessment

Questions? hello@tessara.us