Blockchain Development for Healthcare Insurance and Prior Authorizations

_Description: Hey there! If you’re making decisions at a startup or a large company, this guide is your go-to resource for building a rock-solid blockchain architecture. We're gearing up to completely automate medical prior authorizations from beginning to end. This will help us stay compliant with the new rules coming in for 2024-2027 in the U.S.
The CMS and ONC regulations are really designed to help reduce those annoying denials, delays, and audit costs. It’s all about making things smoother for everyone involved! _.

Why this matters now

Time for Prior Authorization to Go Digital

Great news! Prior authorization (PA) is about to get a long-awaited makeover. Starting January 17, 2024, the CMS's Interoperability and Prior Authorization Final Rule is encouraging payers to really step into the digital age. It's about time, right? With this new rule, payers are going to have to start using FHIR-based APIs for a bunch of important things. We're talking about handling data for Patients, Providers, Payer-to-Payer transactions, and even Prior Authorization. Oh, and just a heads up - they need to make PA decisions pretty quickly, too. For expedited requests, they’ve got to get it done within 72 hours, and for standard ones, it’s up to 7 calendar days.

But wait, there’s even more exciting news! Starting March 31, 2026, we’ll get a glimpse of public reports on PA metrics for the year 2025.
Hey, just a quick reminder--the deadline for the API compliance dates is mostly set for January 1, 2027. If you want to dive into all the details, just hop over to cms.gov. Happy reading!

On a brighter note, HHS also announced some positive developments regarding enforcement discretion. Great news! If you’re a covered entity using the all-FHIR Prior Authorization API, you can now skip the outdated X12 278 transaction. How refreshing is that? This is a major leap forward in modernizing the electronic prior authorization (ePA) process and making it more compatible with APIs. Want to dive deeper into it? Head over to cms.gov for all the details!

The HL7 Da Vinci guides, including CRD, DTR, and PAS, now provide a reliable and well-tested roadmap for automating prior authorization requests right from your EHR workflows. You'll get quick responses in under 15 seconds whenever we can, plus regular updates if you’re subscribed. If you're curious and want to dive into all the details, you can find everything you need right here. Happy exploring!

With everything that's been happening lately, the 2024 Change Healthcare ransomware attack really drove home how one weak link can throw a wrench in authorizations and claims across the country. It’s crazy how much impact a single issue can have! This incident really highlighted that tricky issue of multi-party operational fragility, which is precisely what blockchains are designed to tackle. (aha.org).

In this post, I’m excited to share a solid game plan for how we can combine FHIR, Da Vinci IGs, and permissioned blockchain. The goal? To really make a difference in PA from 2025 to 2027. Let’s dive in!

The regulatory floor you must engineer to

APIs You Need and When to Expect Them. Hey there! Just a heads up: the Patient Access API is expected to display non-drug prior authorization information by January 1, 2027. If you want to dive deeper into the details, just click here. You’ll find everything you need! By January 1, 2027, the Provider Access API and Payer-to-Payer API are set to roll out, giving us access to claims and encounters, USCDI elements, and a bit of prior authorization info. It’s going to be a game-changer! If you’d like to dive deeper into the details, just click here. Happy reading! The Prior Authorization API should definitely have a list of covered items and services, plus any documentation you'll need. Also, it needs to be able to handle requests and responses that explain why something might get denied. For urgent requests, we need to make decisions within 72 hours. For everything else, we have a week to sort things out. Find out more here. So, by March 31, 2026, we’ve got to share the PA metrics for the calendar year 2025. And guess what? We’ll be doing this every year after that, too. Get the details here.
What CMS expects or suggests. When it comes to automating prior authorization (PA), CMS is really leaning into FHIR R4.

0. 1 and USCDI. They also suggest taking a look at the implementation guides for Da Vinci CRD, DTR, and PAS. If you're looking for more details, you can check it out here. So, here's the deal: right now, there’s some leeway when it comes to enforcement. You can actually use FHIR-only PA APIs instead of the typical X12 278 formats. Pretty neat, right? If you're looking for more info, check it out here!

Here are some ONC rules that influence your setup. So, HTI-1, which is rolling out in 2024, is really focused on making things more transparent when it comes to AI and predictive decision support in certified health IT. It's a step towards clearer insights and better decision-making in healthcare! Hey, just a heads up--this is really crucial if you're relying on algorithmic adjudication for prior authorization. If you want to dig deeper into the details, just click here. Happy exploring! So, here’s the deal: TEFCA’s FHIR Roadmap, combined with the FAST UDAP Security Implementation Guide, is set to make UDAP an essential security profile for FHIR under TEFCA. And mark your calendars - this all kicks in on January 1, 2026! Just be sure to sketch out your registration and authorization processes the right way!
If you’re looking for more details, just check out this link. It’s got everything you need!

So, the pharmacy benefit ePA is a little unique. So, here’s the scoop on medications: Starting October 1, 2025, ONC's HTI-4 is going to sync up certification with NCPDP SCRIPT 2023011, along with Formulary & Benefit v60 and RTPB v13. It’s all about making things smoother and more efficient! Hey, just a quick heads-up: the compliance dates from CMS for 2027 and 2028 are going to align with that too. Just a quick reminder: you'll want to steer clear of applying the Da Vinci PAS to the pharmacy ePA. (healthit.gov).

What blockchain adds (and what it shouldn’t do)

What Should You Record On-Chain?
Make sure there's a permanent record of every interaction with the PA. When you submit the request, make sure to note the date and the hash of the PAS Bundle. After that, keep an eye out for when it gets marked as “pended.” If there’s any additional information needed, that’ll come up too. Lastly, don’t forget to check if it gets approved or denied, along with the reason code. It’s all important stuff to keep track of! Hey, just a quick reminder to make sure you add those timestamps and SLA clocks! They’re super important. Thanks!
Make sure to include statements about the versions of the policy and algorithms that were used during the decision-making process. This way, we can stick to HTI-1's transparency guidelines while still keeping the model details under wraps. (healthit.gov).
What should you keep off-chain? Just a heads up: all that sensitive health info and clinical documents really need to stay within the payer and provider systems. It’s best to transfer them using FHIR (that’s CRD/DTR/PAS for those in the know) instead of putting them on the ledger. This way, everything stays secure and organized! Keep it simple--just use cryptographic digests and selective proofs on-chain.
How it Cuts Down on Friction.
It sets up a clear, tamper-proof audit trail that everyone--payers, providers, and intermediaries--can rely on together. This really helps clear up those annoying "he-said/she-said" scenarios, speeds up the whole appeals process, and makes it super easy to report on CMS metrics. So, with zero-knowledge proofs (ZKPs), a payer or auditor can basically verify that all the right documents were in place when decisions were made, and they can do it without revealing any personal health information (PHI). It's a pretty neat way to keep things private while still getting the job done! This method has already shown its worth in life-science networks, just like MediLedger. (mediledger.com).
What it won’t take the place of. So, we're talking about FHIR APIs, the Da Vinci workflows, and the important timelines that go along with them. Hey there! Just a heads up: blockchain isn’t trying to replace your API stack. Instead, it’s all about making it even better!

A reference architecture that passes real audits

Check out this great blueprint that 7Block Labs has created! They’ve made some adjustments specifically for payers and health systems that are getting ready for 2026-2027.

1) Front-Door Eventing (FHIR-First)

So, it all starts with the EHR firing up the CRD. This little tool helps us confirm coverage, figure out what documentation we need, and see if we need to get prior authorization (PA) before placing an order. (hl7.org). So, if prior authorization is needed, DTR goes ahead and accesses the FHIR Questionnaires provided by the payer. It uses some built-in CQL to pull up the relevant EHR data, making sure to only grab what’s really important. (hl7.org). So, in the world of PAS, when you hit that Claim/$submit button, it actually sends out a PAS Request Bundle. Pretty straightforward, right? If it doesn’t get sorted out in about 15 seconds, the server’s going to bounce back with a “pended” status. At that point, it’ll set up a PAS Subscription so you can get updates through a rest-hook. (build.fhir.org).

Blockchain Orchestration (Permissioned)

Network: For your setup, I’d recommend checking out Hyperledger Fabric or maybe an enterprise EVM chain like Besu or Quorum. They’re solid options! These create private channels for payer-provider teams, which is great for keeping that valuable data secure.
Smart Contracts: So, we have this “PA Case” contract that really helps keep things running smoothly within a set framework. It’s like a well-oiled machine! It goes through different stages: first, it's Submitted, then it shifts to Pended. After that, they might request more info, and finally, you'll find out if it's Approved, Denied, or maybe even Expired. On top of that, it really keeps an eye on those SLA timers--so, you’ve got 72 hours for certain tasks and a full week for others. What happens if there's a denial? Well, you'll have to share some reason codes to explain it. It also sends out events that fit perfectly with your observability pipeline. Hey, just a heads up! When SLA expirations come up, they'll kick off some alerts. Plus, there's an optional auto-escalation feature that can be set up to match your internal policies.
If you want to dig deeper into this, take a look at this link: cms.gov. It's got all the details you need!
Evidence Anchoring: Whenever there’s a change in state, we make sure to save the hashes of the relevant FHIR Bundle(s) along with the version IDs for the adjudication policy or algorithm we’re using. It's a way to keep track of everything that matters! It's kind of like keeping tabs on the version of the DTR rule package or checking the SHA-256 model hash. You can easily connect this to off-chain storage by using signed URLs or API calls that are managed by consent.

3) Identity and Trust

Alright, so here’s the scoop: you've got providers, payers, and intermediaries all hopping on the W3C DIDs bandwagon. They make use of verifiable credentials (VC) to... 0) To support their roles, consider things like NPI ownership, plan or TPA identity, and CORE certification status. Alright, so here’s the deal: before we can dive into any PA events, we first need those presentations to pass a quick check by the smart contracts and API gateways. It's like getting the thumbs-up before we move forward! If you want to dive deeper into it, you can take a look here.

Hey there! If you’re aiming to join those TEFCA-aligned exchanges, make sure you keep FAST UDAP Security in mind. It’s super important for making client registration and authentication a breeze! Just a quick reminder: try to have everything wrapped up by January 1, 2026. If you want to dive deeper into the details, just check it out here.

4) Metrics and Transparency

The ledger is a reliable go-to for figuring out the public metrics CMS requires. It provides all the essential info, like how many approvals and denials there are, the average decision times, reasons behind those decisions, and any attachment requests. Just a heads up, make sure to get these posted by March 31 every year for the previous calendar year! If you want more details, feel free to hop over to cms.gov and check it out!

5) Resilience by Design

You know, when it comes to PA status changes, it can really get a bit tricky since there are so many people and systems working together. That's where a shared ledger really shines! It helps avoid hiccups at any single clearinghouse or gateway by keeping everything in sync. Plus, when the systems are back online, it makes catching up super smooth. One major lesson we learned from the 2024 Change Healthcare outage is just how much it disrupted authorizations and claims nationwide. It really caused a lot of headaches for everyone involved. If you want to dive deeper into this topic, check it out here. It's worth a look!

Practical, precise implementation details

Here’s what we need to tackle today: FHIR operations and notifications. Let’s get started!
Just go ahead and claim/submit your PAS request by bundling it with the Claim and any supporting documents you have.
You can usually expect to get a response right away, or see a “pended” status pop up in around 15 seconds. Once you're done with that, feel free to hit that subscribe button for the latest updates! If you want to dive into the specifics, just click here.
PAS Subscription Topic: Don’t forget to use the org-identifier filter! Make sure to set up rest-hook delivery. This way, you'll get the complete resource payload that includes the ClaimResponse along with any info requests you might need. It’s a handy way to keep everything in the loop! If you're looking for more details, you can check it out here. If you ever need to check the status, just go ahead and use Claim $inquire. Just a heads up though, it’s not a replacement for your subscriptions. If you’re looking for something specific, you can check it out right here. Hope you find what you need!
Where should you go to hash things out and anchor yourself? Hey there! So, when you’re ready to submit or finalize a PAS Request/Response Bundle, don’t forget to hash everything up, including the DTR QuestionnaireResponse. It's super important to include all of that! Hey, just a quick reminder to make sure you include the bundle IDs and timestamps in the smart contract event. It’s super important! If a payer comes back to you asking for "additional information," just go ahead and put together the Attachment bundle(s) and create a new event. So, when the provider gets back to you, make sure to highlight that again as well.
Patterns for minimizing data that comply with HIPAA standards.
Use Merkle roots to prove the authenticity of several documents without putting any personal health information (PHI) on the blockchain. Hey there! So, when it comes to handling those sensitive attachments, it’s a good idea to use some two-party zero-knowledge proof patterns. Basically, this means you can verify that a specific LOINC, CPT, or ICD element is included in the data you’ve submitted, without needing to show all the details. It’s kinda like what they do with MediLedger’s ZKP-enforced rules! This way, you can stay compliant with the policies while keeping those delicate bits under wraps. (mediledger.com).
Alright, let’s dive into security controls!
Make sure your FHIR gateways are synced up with TEFCA/FAST UDAP Security. This way, you'll have a seamless experience with dynamic registration and client authentication using JWT. Hey, just a quick reminder to check that you're following the UDAP Security IG 1 guidelines! It's important to stay updated on that.

1. 0 guidelines. Take a look at this link: (hl7.org). You’ll find some really interesting info there!

When it comes to the HTI-1 DSI transparency register, it's super important to keep tabs on your algorithm's backstory. So, make sure you're noting things like the model version, a brief overview of the training data, and how you plan to use it--all of this should be kept off-chain. Remember to anchor a hash on-chain when you deploy and each time you make a policy update. It's super important! If you're looking for more information on this topic, check it out here: healthit.gov. There’s a ton of helpful stuff over there!
Pharmacy ePA Separation
Let's keep moving forward with the pharmacy ePA on the SCRIPT 2023011 and RTPB v13 paths, sticking to the timelines set by HTI-4/CMS. Try not to force the PAS into pharmacy workflows. If you need to, go ahead and use blockchain for things like audits and pricing or benefit attestations from venture capitalists. Just remember to keep those transaction standards separate! (healthit.gov).

Quantifying the upside

Before we even dive into the savings from those CMS rules, it's pretty clear from surveys that doctors are really feeling the weight of prior authorization (PA) requirements. Typically, each doctor ends up dealing with about 43 prior authorizations each week. That adds up to around 12 to 16 hours of their staff's time! Also, those delays can really have a tough impact on patients. By reducing all the tedious back-and-forth that comes with computable rules and having a consistent, unchangeable status, we can save ourselves from a lot of expensive rework and appeals that usually pop up during this process. If you want to dive deeper into this topic, take a look at this AMA article. It’s got some really interesting insights!

In the realm of provider data management, payer-led blockchain groups like Synaptic are really starting to see some great returns on their investments. They're making strides in shared data usage, especially when it comes to keeping provider directories accurate and up-to-date. It’s pretty impressive how this tech is helping streamline things in such a crucial area! This kind of hints that keeping an eye on the status and metrics of prior authorizations probably brings a bunch of similar perks. (synaptichealthalliance.com).

Emerging best practices we see winning in 2025-2027

Let’s prioritize FHIR for now, and only turn to X12 if we absolutely have to.

Go ahead and put the Da Vinci CRD/DTR/PAS into action right away! If your trading partners are still using X12, make sure to take care of the translation right at the edge. If it’s cool under enforcement discretion, just stick with FHIR. It’ll make things a lot easier! (cms.gov).

Imagine policy as a kind of code. Make sure to store the DTR Questionnaire and CQL packages in a versioned registry. Hey, just a quick reminder to include version IDs in the on-chain events whenever we make a decision. It's an important detail! Thanks! This way, you can easily recreate the decision-making situation whenever you need to. (hl7.org).

Use verifiable credentials to create that instant trust vibe.
Think VC 2. You're all set to handle stuff like provider identity, which includes details like NPI numbers, licenses, and specialties. You can also take care of payer memberships and patient benefit credentials. Plus, don't forget about CORE certification and UDAP registration claims for organizations! Don't forget to check the API entrance and make sure you're logging everything on-chain! Take a look at this: W3C Announcement. It’s pretty interesting!
Set up some automation for CMS reporting directly from the ledger.
Get those smart contracts rolling so they can kick off some standardized metric events, like decision latency buckets, denial reasons, and request types. You can effortlessly whip up and publish your annual PA report by March 31. It’s super convenient! Take a look at this link: (cms.gov). It's got some good info for you!
Get ready for joining TEFCA. Hey there! If your network is getting ready to share data through TEFCA, just a heads up: it’s super important to double-check that your security measures meet UDAP guidelines. Better safe than sorry, right? Make sure to keep tabs on the FHIR Roadmap stages, and when you’re designing your PA APIs, aim for them to be easily integrated into TEFCA contexts. That way, you won’t have to completely redesign everything down the line. If you want to dive deeper into the details, you can find more info right here. Happy reading!

I'm an engineer focused on cyber resilience. Just a heads-up: don't be surprised if the gateways or clearinghouses end up crashing. It's something that can happen. Make sure to lean on the ledger for all your Pennsylvania state info. And when things start to go haywire, just replay those deltas to get everything back on track. Trust me, I learned this the hard way during the big disruption we faced in 2024! (aha.org).

Example: End‑to‑end flow with precise artifacts

Alright, so here’s the deal: when the doctor sends in an MRI request, that’s when the EHR system jumps into action and starts the CRD process. So, the CRD sends back a “PA required” notice along with a checklist for all the documents you need to gather. Plus, they throw in a useful link to the DTR package v2, which is super handy!

1. 0. (hl7.org).

The clinician takes a moment to fill out the DTR form. The SMART on FHIR app pulls in vital signs, problem lists, and past imaging data using US Core. After that, it whips up a QuestionnaireResponse and automatically fills in all the key details for you. (hl7.org).
The EHR just sent over the PAS request. So, we went ahead and sent the PAS Request Bundle to the POST Claim/$submit endpoint, and guess what? In just 8 seconds, the server responded saying it’s “pended”! Plus, we also received an org-scoped PAS Subscription. Pretty cool, right? (build.fhir.org).
Ledger anchoring: The gateway takes the PAS Request Bundle and the QuestionnaireResponse and runs them through a SHA-256 hash calculation. Next, it records a "Submitted" event on the blockchain. This includes links to the off-chain storage and details about the version of the DTR.
By the way, I’ve got some extra info you were curious about: Hey there! Just wanted to give you a quick heads-up about the PAS subscription notification. It comes with a ClaimResponse that includes a note saying, “additional documentation requested.” So, when the provider uploads a bunch of documents, that’s when the gateway triggers a new “InfoProvided” event.
Decision:

The payer usually gets back to you with a green light within about 5 days, along with a specific authorization number and an end date. After that, the ClaimResponse gets published, and we log an “Approved” event. This step lays out the reason and timing, making sure we’re all set for CMS reporting requirements. (cms.gov).

Public metrics: The contract sends out metric events, which include things like standard requests, MRI categories, and even those 5-day turnaround times. Every night, there's a job that collects all this information and puts it together into a dashboard, which is then shared publicly for the March 31 report. Take a look at this link: cms.gov. You'll find some great info there!

Governance and compliance guardrails

HIPAA/PHI Just a friendly reminder: always keep any PHI off the chain! Keep it simple on-chain--just store hashes, timestamps, and a handful of minimal pointers. It's really crucial to make sure we stick to the principle of least-privilege access when it comes to off-chain content. Just think about FHIR OAuth scopes and UDAP client trust - they’re great examples of how this works in practice! If you want to dive deeper into the details, feel free to check it out here.
Information Blocking and Transparency.

You know how sometimes getting your hands on information can feel like pulling teeth? Well, that's a huge issue with information blocking. It's all about making sure that patients and healthcare providers can access the information they need without any unnecessary hurdles. Transparency is key, right? When everyone shares data openly, it just makes the whole system work better. After all, knowledge is power!

If you're relying on algorithmic decisions, don’t forget to keep your HTI-1 DSI transparency records current. This covers everything you need to know about how it's meant to be used, how it’s been validated, and the potential risks involved. Oh, and just a quick reminder: whenever you tweak those models, make sure to anchor their hashes. It’s super important! Want to dive deeper? Just head over to healthit.gov for more info!
Operating rules Hey, you know you can include the CAQH CORE PA operating rules in your contract SLAs? For instance, there's that two-day timeline for when you need to get any extra info and wrap up final determinations once everything is submitted. Just a handy tip! By doing this, you’ll keep yourself in line with industry standards, even if they aren’t exactly mandatory. (prnewswire.com).

Rollout plan and effort

0-90 days
Kickstart a PAS-capable FHIR gateway and get it up and running. Set up the Claim/$submit feature and the PAS subscriptions. Let’s also take a look at the top 20 services people order and map those to the DTR rules. Don’t forget to create a solid ledger data model and establish some event schemas. Lastly, we need to connect with one pilot payer and one pilot provider to get the ball rolling. (build.fhir.org).
90-180 days
Let’s expand the CRD coverage a bit! It would be great to include some ZKP patterns for those sensitive attachment attestations. Also, we should definitely bring in UDAP Security. And hey, setting up a public metrics pipeline along with some dashboards for our internal reviews sounds like a smart move! (hl7.org).
6-12 months
Alright, here’s the plan: we need to kick off those payer-to-payer migration events, and let’s make sure we roll out the March 31 metrics from the ledger. Also, we’ve got to get the pharmacy eRx and ePA certified on their own for the HTI-4 tracks. And just so we're prepared, let’s keep in mind the need to align with TEFCA if it comes to that. Sounds good? (cms.gov).

KPIs to track from day one

Take a look at the median PA decision time for both standard and expedited processes, and see how it stacks up against the CMS thresholds over at cms.gov. It's pretty interesting stuff! Make sure to keep an eye on the “additional information requested” rate, as well as the average number of cycles it takes to get each authorization sorted out. Hey, could you check out the denial rate and see how it's broken down by reason code? Also, take a look at the appeal overturn rate while you’re at it. Thanks! Hey, just a quick reminder to keep an eye on the EHR clicks/time for each authorization, whether you're using DTR or not. You can find all the details over at hl7.org. It's super helpful!

I found it really cool to check out the percentage of near-real-time approvals (those happening in under 15 seconds)! If you want the full scoop, head over to build.fhir.org.
Finally, let's talk about system resilience. It's really important to think about how long it takes to get everything back to normal after a hiccup, like when you have to replay a ledger after a downtime.

Lessons from adjacent healthcare blockchain deployments

Managing payer and provider data on a large scale is definitely in full swing! Members of the Synaptic Health Alliance are already reaping great rewards from their shared, permissioned ledgers for provider data. It's exciting to see how this collaboration is paying off! On top of that, the trails for prior authorization events are really taking advantage of that network effect.
Take a look at this: (synaptichealthalliance.com). You might find it really interesting! ZK proofs aren’t just some abstract idea--they're making waves in the real world! Take MediLedger, for example. They’re using these cryptographic proofs to enforce all sorts of rules in life sciences contracting and chargebacks. The cool part? They manage to do this while keeping sensitive data under wraps, away from prying eyes. Talk about smart tech in action! You can totally use this method for attaching prior authorizations and making sure everything lines up with policy requirements. Dive deeper here: (mediledger.com).

Common pitfalls to avoid

Thinking about storing PHI on-chain just because it seems easier? Trust me, it's not a good idea. Just steer clear of that. Stick to hashing only. If you’re just polling and not using subscriptions, you might miss out on those asynchronous updates. That could lead to a whole lot of unnecessary noise in your data! Hey, if you want to dive deeper into this, check out this link: build.fhir.org. It's got all the details you need! Hey there! So, when it comes to mixing pharmacy ePA with PAS, it's best to keep them apart. Just a friendly reminder--let’s ensure that the NCPDP SCRIPT/RTPB sticks to the HTI-4/CMS timelines. We want everything to run smoothly! Check out this awesome resource: healthit.gov. You might find it really helpful! Hey there! So, if you’re stuck in the weeds with X12, why not consider sticking with just FHIR? Given the enforcement discretion, it could really make things easier for you. Sometimes it’s just about simplifying your life, especially when your partners are on the same page.
More details here: (cms.gov).

Using blockchain like it’s just another database? Not quite! Instead, picture it as a coordination layer. Think of it as a tool for setting up truths and service level agreements (SLAs), rather than a place to stash your documents.

Final take

If you get Da Vinci CRD/DTR/PAS set up correctly and link them to a permissioned ledger that keeps track of PA events, identities, and SLAs, you’ll not only meet those CMS deadlines but also make your decision-making process quicker and simplify audits like a breeze. It’s a win-win! With UDAP-secured FHIR, throwing in some verifiable credentials for that extra layer of trust, and mixing in ZK-anchored proofs for privacy, you’re looking at a solution that's not only cutting-edge and compliant but also super robust. It's built to stand strong, even when those pesky clearinghouse outages hit.

At 7Block Labs, we're all about helping payers, providers, and healthtech vendors get their systems up and running smoothly. We aim to deliver real results in just 90 to 180 days. Let's make things happen together! If you’re looking to be all set by January 1, 2027, or if you’re just eager to wrap up the PA chaos as soon as possible, now is the ideal time to kick off your design in the right direction.

Sources and key references

Hey, don’t forget to take a look at the CMS Interoperability & Prior Authorization Final Rule! There’s a handy fact sheet that goes into detail about the deadlines, APIs, timeframes, and metrics you need to know. It’s super useful! You can check it out right here: cms.gov. Hey everyone, I’ve got some important news to share regarding HIPAA enforcement discretion related to FHIR-only PA APIs. Check out the details at this link: cms.gov. You'll find all the info you need there! If you're into tech, you might want to check out the HL7 Da Vinci CRD/DTR/PAS IGs (2.

1. 0/2.

1. 0/2. x) You might want to check out PAS operations and subscriptions; they definitely deserve your attention! If you’re looking for more details, check this out: hl7.org. It’s a great resource! Hey, don't forget to check out the latest info on ONC HTI‑1! It covers some important stuff about DSI transparency and the TEFCA FAST UDAP Security IG. Seriously, if you're working with FHIR over TEFCA, you’ll want to get up to speed with this by January 1, 2026! Check it out: (healthit.gov). If you’re in the ePrescribing, ePA, or RTPB (that’s pharmacy benefit, by the way) space, you really should check out HTI-4. It’s worth a look! Check out the details right here: healthit.gov. According to the AMA PA burden survey, there's some pretty significant business impact tied to the ongoing struggles with prior authorization. Check out the findings right here: (ama-assn.org). You'll want to take a look! The Change Healthcare cyberattack really drives home just how crucial it is for healthcare organizations to step up their cyber preparedness game. If you want to dive deeper into this topic, check it out here: (aha.org). It's definitely worth a read! Hey there! Just wanted to share that the Synaptic Health Alliance is looking pretty solid when it comes to return on investment, especially for anyone who's into permissioned healthcare ledgers. It’s definitely worth keeping an eye on! Check it out: (synaptichealthalliance.com).

Finally, if you’re interested in exploring organizational identity and credentials, check out the W3C DIDs and VC 2. 0 is definitely relevant. If you want to dive deeper into the details, check it out here: w3.org. There's plenty more to explore!