Blockchain Development Services Healthcare CIOs Should Consider Before Their Next RFP

Healthcare CIOs are gearing up for a hectic couple of years ahead--roughly the next 24 to 36 months. There’s a lot on their plates with TEFCA, the CMS API rules, DSCSA, and NIST’s security updates all converging at once. It’s going to be quite the ride! In this post, we're diving into those key regulatory milestones and connecting them to certain blockchain development services.
We're here to help you decide what to buy, what to create, and the best questions to ask your vendors. Let's make sure you have everything you need to make the right choices! By doing it this way, you’ll be able to put together a more accurate RFP and lower the chances of any hiccups during delivery.

---

Who this is for

Health system leaders, insurance providers, folks in life sciences, and digital health startups are really diving into blockchain these days. They're exploring how it can help solve some key challenges around interoperability, staying compliant, and keeping data secure.

---

TL;DR description

Hey there! Just a heads up--there are some pretty significant updates coming up in 2024 and 2025 regarding interoperability and supply chain regulations in the US. So, if you're involved in those areas, it's definitely worth keeping an eye on! TEFCA rolled out some fresh FHIR pathways, and on the other side, CMS has just wrapped up work on FHIR APIs. The bulk of these changes is expected to take effect by January 1, 2027. When it comes to the supply chain, the enforcement of the DSCSA rules and any exemptions is set to unfold over the next couple of years, specifically throughout 2025 and 2026. Also, NIST just rolled out their post-quantum FIPS and CSF 2. Pretty exciting stuff! 0.

So, if you’re diving into blockchain development services, there are a few important areas you should keep an eye on. Think about things like identity management, how audits are handled, tracking supply chains, and managing consent, among other aspects. These areas really make a difference in how robust your project can be! Let’s dive into how you can lay out your needs for the next RFP. For more info, swing by sequoiaproject.org. You’ll find all the details you need!

---

Why “now”: four deadlines that should shape your scope

• TEFCA's Common Agreement Version 2 0/v2. 1: They’ve launched “facilitated FHIR” for API exchanges, along with QTF v2. 0 and updated SOPs. Oh, and by the way, they’re gearing up for QHIN-to-QHIN FHIR pilots that are set to kick off in 2025. It's exciting to see the roadmap really progressing! Don’t forget to include TEFCA alignment when you’re setting up your data exchange. It’s super important to keep everything in sync! (sequoiaproject.org).
• CMS Interoperability & Prior Authorization Final Rule (CMS‑0057‑F): So, here's the deal--payers have to get their act together and establish those Patient/Provider/Payer-to-Payer/PA FHIR APIs. The bulk of the deadlines for this are hitting on January 1, 2027, so there’s a bit of time to prepare, but it’s definitely something to keep an eye on! So, the reporting metrics are set to start in 2026. And, good news! HHS has given us a bit of breathing room with HIPAA enforcement, which means we can roll out those FHIR-only PA APIs without having to worry about the X12 278 for now. It’s a nice little win as we move forward! (cms.gov).
• DSCSA: So, the FDA has this stabilization period happening from November 2023 to November 2024. After that, they'll have some specific exemptions based on the type of partner involved. So, here’s the scoop: manufacturers and repackagers have until May 27, 2025, to get everything in order. Wholesalers, you’ve got a little more time--your deadline is August 27, 2025. If you're a dispenser with 26 or more full-time employees, mark November 27, 2025, on your calendar. And for those smaller dispensers out there, you've got until November 27, 2026, to catch up. Hope that helps! You'll need to tweak your serialization and EPCIS stack, as well as your audit processes, to keep up with this mixed level of readiness. (fda.gov).
• Security: So, back in August 2024, NIST gave the thumbs up to three post-quantum FIPS (203, 204, and 205), along with CSF 2. Pretty exciting times for security, right? They rolled out a brand new function called Govern. When you're putting together your RFP, don’t forget to include a need for crypto-agility and make sure it lines up with CSF 2.

0. (nist.gov).

---

1) TEFCA‑ready data exchange services (FHIR + network trust)

What to Buy/Build:

Sure! Here’s a more casual version of that:

• TEFCA Policy/Technical Gap Assessment and "QHIN Interface Readiness" Plan: Basically, this means you'll be looking at what you want to achieve with your data exchange and seeing how it lines up with TEFCA's Standard Operating Procedures (SOPs). Plus, you’ll need to plan out how to send everything through your QHIN or someone who’s stepping in for you. If you want to dive deeper into the details, just click here!
• Setting Up a “Facilitated FHIR” Gateway: You'll want to get your FHIR R4 up and running.

0. You’ve got this awesome setup that provides both patient and population-level access. Plus, it includes query brokering through your QHIN, making everything run smoothly. And don’t worry, it all stays in line with TEFCA’s trust and onboarding processes! If you're curious about the latest updates, check out this link for all the details: here.

• TEFCA Audit Hooks: Just a quick reminder to keep those signed transaction summaries off-chain. Also, don’t forget to keep a tamper-evident hash on-chain for extra security! Oh, and don't forget that you'll need to generate FHIR AuditEvent and Provenance records for every time someone accesses the data. If you’re looking for more info, you can check it out here.

Practicals for the RFP:

• We could really use some help with Common Agreement v2. So, when we're talking about x semantics, we’re really diving into things like delegation, governance, and IAS. And we can’t forget about QTF v2, either!

0. It would be super helpful if bidders could break down the message flows for “facilitated FHIR.” It’d be awesome to see an explanation of how aspects like identity assertions, purpose-of-use, and those break-glass situations get recorded on the chain. For more info, just swing by (sequoiaproject.org). You’ll find all the details you need there!

We're on the hunt for a way to move forward with Stage 3/4 TEFCA FHIR exchange, which covers everything from QHIN-to-QHIN to end-to-end connections. It’d be great to have a solid test plan that lines up with the pilot roadmap! If you're looking for more details, check this out: hcinnovationgroup.com. It's got everything you need to know!

Imagine this scenario: a provider that operates across several states decides to introduce a permissioned ledger. This ledger is used to officially notarize FHIR Bundle digests that get shared through its QHIN. The on-chain record keeps things pretty simple by storing just the hashes and a bit of metadata--like the purpose and consent reference. This way, the full payload remains secure on your FHIR servers. This approach keeps things in line with TEFCA auditability requirements, all without needing to move any PHI onto the ledger. (hl7.org).

---

2) Payer API modernization: combine FHIR compliance with blockchain proofs

Required APIs and Standards to Keep in Mind:

Alright, let’s break it down and see what you should keep your eye on:

• Patient Access
• Provider Access
• Payer-to-Payer
• Prior Authorization APIs

Just a heads-up, be sure you're working with HL7 FHIR R4! 0. 1, as well as SMART App Launch, OpenID Connect, and Bulk Data (Flat FHIR). We definitely recommend checking out the Da Vinci and CARIN guides--they're super helpful as you navigate through everything!

Hey, just a quick heads-up! Most of the deadlines for API compliance are lined up for January 1, 2027. However, keep in mind that operational reporting is kicking off in 2026. So, it’s a good idea to stay ahead of the game! If you want more info, just hop on over to cms.gov. There’s plenty of helpful stuff waiting for you there!

Where Blockchain Helps (and Where It Doesn’t)

• Go for it: You can use it to notarize things like prior authorization lifecycle events, consent documents, and attestations for sharing data between payers and providers. This makes them easy to verify and unchangeable for audits--super useful when you want to keep everything organized!
• Avoid: Putting clinical data or full adjudication payloads on the blockchain. It's a good idea to store PHI in your FHIR systems. Basically, the blockchain should just keep track of hashes, timestamps, actor DIDs, and pointers.

RFP Questions:

Sure! So, can you break down how your design will mesh with a FHIR-only PA API, especially given the whole HIPAA enforcement discretion situation? And what’s your game plan for keeping things interoperable with trading partners who are still sticking with the X12 format? I’d love to hear your thoughts on that! You can find some useful info on this cms.gov.

We're really interested to see how you align with those specific guidelines from CMS, like PDex, CRD, DTR, and PAS. Hey! Just curious, how does your ledger audit link up with each API call? I found this info on the CMS site and thought it might shed some light. Check it out when you get a chance!

---

3) Drug supply chain: DSCSA‑grade traceability with EPCIS + verifiable logs

Hey there! Just a quick reminder to ensure that your stack is ready to handle mixed-state partners during the exemption windows in 2025-2026. Also, don't forget to aim for EPCIS conformance while you're at it. It’s important stuff! If you're looking for more info, check out this link to the FDA's website: fda.gov. You'll find everything you need there!

Core Services to Include:

• EPCIS 1. Sure! It’s a minimum of 2, but there’s a route to get to R1. 3: We’ve got to get the capture/query services up and running, and then we should really dive into conformance testing with manufacturers, wholesalers, and dispensers. So, according to GS1, we're focused on R1 right now. Let's take 2 as our starting point, and then we can think of "sunrise" for R1. Alright, so here’s the deal: we’re planning to start rolling out dispensers in the third quarter of 2026. Then, in the fourth quarter, we’ll focus on wholesalers. And by the first quarter of 2027, it's all about getting manufacturers on board. If you want to dive deeper into the details, just click here. Happy reading!
• On-Chain Notarization for EPCIS Events: Basically, we’ll be saving event digests, trading-partner DIDs, and the responses for DSCSA verification. We really want to make resolving disputes easier by using cryptographic evidence, but no need to stress--your product data won't be stored on-chain at all.
• Verification and Alerts: If a product ID for a return doesn't pass the verification check, we'll set up a workflow for it right away. Plus, we'll keep a detailed audit trail so everything stays transparent and accountable.

Benchmarks and Precedents

The MediLedger FDA pilot brought together 25 companies and really showcased how decentralized change-of-ownership concepts can effectively meet the interoperability goals set by DSCSA. Since then, a bunch of industry networks have really embraced blockchain technology for tracking purposes. Let’s take what we've learned and really push for privacy-preserving interoperability. We want to make sure that no one’s data slips through the cracks and ends up with our competitors. Check it out: (mediledger.com).

RFP Requirements:

Hey, just a heads up - we’re gonna need some proof of those GS1 EPCIS test harnesses and the conformance trustmarks. Also, it’d be awesome if you can show us some solid experience with the top DSCSA platforms. Thanks! If you want to dive deeper into this, feel free to check it out here: (prnewswire.com). It’s got all the details you might need!

• We'd really appreciate it if you could put together a plan for handling the staggered FDA exemptions, which are set to last until November 27, 2026, especially for those smaller dispensers. It’s important that we keep fulfillment running smoothly during this time! Hey, I've got some additional info for you! Check this out: (fda.gov). It's all about waivers and exemptions beyond the stabilization period. Let me know what you think!

---

4) Provider identity, credentialing, and directory accuracy

What Changed

• So, on May 15, 2025, we’re expecting the W3C Verifiable Credentials Data Model 2 to make its debut. 0** has officially been recognized as a W3C Recommendation! This really helps to set clear standards for checking provider credentials and keeping track of their status. So, just to give you some background, Decentralized Identifiers (DIDs) have been officially recognized as a W3C Recommendation since 2022. It's been a while now, and they’re really starting to make a name for themselves! If you want to dig deeper, feel free to click here for more info!

The industry is really changing things up! We're moving away from those outdated static directories and embracing something much more dynamic. FHIR-based Plan-Net and national endpoint directories are quickly becoming the go-to options. Just a heads-up! CAQH's Endpoint Directory is now being managed by Edifecs as of February 1, 2025. This is a big deal if you're trying to link up with payer endpoints, so definitely take note! If you want to dive deeper into the details, just check out CAQH. It’s a great resource!

Where Blockchain Adds Value

• Provider Credential VC Issuance/Verification: Imagine how much smoother things would be if medical licenses, DEA certificates, board certifications, and network participation were all handed out as Verifiable Credentials. It would definitely simplify the entire process! Thanks to blockchain technology, we can store a revocation or status list directly on the chain. This makes it a breeze to present credentials when bringing on new providers. Take a look at this link: w3.org. It’s pretty interesting!
• Shared Provider Directory Governance: The Synaptic Health Alliance’s multi-payer blockchain is really shaking things up! It’s an awesome example of how working together on directory maintenance can seriously reduce those pesky redundant outreach efforts and help everything run much more smoothly. With their model in play and by incorporating Plan-Net, we can really boost the accuracy in our directories. It’s all about making those details spot on! Just so you know, the ROI claims are based directly on what participants have shared in their testimonials. Learn more here: (synaptichealthalliance.com).

RFP specifics:

• We definitely need to get Plan-Net 1 sorted out. We’ve got two profiles set up and integrated with FHIR endpoint discovery. Oh, and make sure to bring up the VCDM 2, too! So, let's talk about credential formats and the status list method. It's super important to keep track of roles and permissions, so we can protect PHI while syncing directories. If you’re looking for more information, you can check it out here.

---

5) Consent, provenance, and privacy‑preserving analytics

Must-haves:

• Consent registry with cryptographic proofs: This is super important! We need a solid way to keep track of consent intentions and what they cover on the blockchain, but we also want to store the actual consent details off-chain. Whenever data is exchanged, it should connect back to a consent hash. We want to ensure that auditors can easily check these machine-readable proofs without any hassle.
• Start with FHIR Provenance and AuditEvent: It’s really crucial that we make sure every time there’s a read, write, or search happening, it automatically triggers an AuditEvent. Whenever we create or tweak content, we'll make sure to include Provenance with it. Also, let’s make sure to link their hashes to a ledger. That way, we can keep everything honest and secure. If you want to dive deeper into this, just head over to hl7.org for all the details. It's all there!
• Zero-knowledge verification patterns: How about we use ZKPs to prove we’re following the rules (like only sharing SDOH elements) without having to reveal any raw data? It’s a smart way to stay compliant while keeping sensitive info under wraps! Let’s start with pilot-grade circuits to tackle those important checks, and we can keep any PHI off the chain to ensure everything stays private.

KPIs to Keep an Eye On:

• Percentage of API calls that include verifiable consent proofs.
• Average time to gather audit evidence (we're shooting for less than a minute by using on-chain references).
• We're aiming to have at least 95% of our resources connected to their origins.

---

6) Security engineering: CSF 2.0 and post‑quantum planning baked in

What to Require:

• **CSF 2. 0 Alignment: Just a quick reminder to make sure you're in sync with CSF 2. Oh, and make sure to go over the new Govern function too! Don’t want to miss that. This means you’ll want to clarify everyone’s roles, figure out your risk strategy, and tackle any supply-chain risks. Plus, don’t forget to beef up your ledger nodes! Check out the CSF 2.0 reference tool - it’s a great way to connect your results to the controls you really need. It can make things a lot easier for you!
• Post-Quantum Crypto Roadmap: The vendor should put together a clear plan for how they’re going to shift keys, signatures, and TLS over to meet the NIST PQC standards (FIPS 203/204/205). Looking ahead to the 2025-2027 timeframe, it’s super important that they’re ready with a mix of traditional and post-quantum methods. A hybrid approach will really help cover all bases! Oh, and could you also get a list of the cryptography being used in all the smart contracts, API gateways, and client SDKs? That’d be super helpful! Thanks! If you're interested, you can find more info by clicking here. It's got all the details you might want to know!
• Secrets and Key Custody: It’s super important for them to provide support for HSMs, along with threshold/MPC when it comes to validator keys. Also, it’s a good idea to set up rotation policies that fit in with the clinical change-management timelines.

---

7) Reference architectures that work in healthcare

• Anchor-only pattern (keeping regulated data off-chain):.
• Your sensitive info, like PHI, FHIR, and EPCIS, is kept safe and sound right in your own systems, where it should be! The ledger is pretty straightforward--it mainly just stores hashes, timestamps, DIDs, and a bit of metadata. It keeps things simple! This setup is fantastic for handling TEFCA, the CMS APIs, and even the DSCSA notarization!
• Consortium permissioned network:
  Imagine a Hyperledger-like network that links payers and Integrated Delivery Networks (IDNs) in the life sciences field. Pretty cool, right? This kind of setup could really streamline communication and collaboration between those involved. Each person has their own node, and together you all get to have a say in how the smart contracts work. This can include a wide range of things, like provider directories, consent registries, and even any disputes that pop up in the supply chain.
• Hybrid public‑permissioned:
  Alright, so here’s the scoop: you’ve got your own enterprise chain running all your daily operations, but every now and then, you take some time to check in with a public PoS chain. This brings in a nice level of transparency and helps ensure things can’t be tampered with. And just to put your mind at ease, there's no personal health information involved here! You can choose between Proof of Stake (PoS) or a permissioned Byzantine Fault Tolerant (BFT) system to help save on energy and keep costs low.

What to test:

• Throughput: It’s super important that you’re able to handle all API calls for notarization, even when things get really busy. We want to make sure there’s no lag or waiting around for patients, so they have a smooth experience every time.
• Evidence recall: Make sure you can easily access a complete audit trail that covers everything from the API request to Provenance, then to the AuditEvent, and finally all the way to the on-chain anchor, all while hitting those service-level targets you've set.

---

8) RFP checklist: precise asks that separate vendors

Interoperability and Policy

• TEFCA: Take a look at the message flows for “facilitated FHIR” and the latest QTF v2. You might find it pretty interesting! We're looking at x conformance and the delegation model here. Also, there's a plan for how to transition from QHIN to QHIN FHIR. If you want to dive deeper into the details, check it out here!
• CMS‑0057‑F: Here’s the spot to check out the FHIR guides you’re working with, like PDex, CRD, DTR, and PAS.
  Don’t forget--it's super important to make sure your API is good to go by January 1, 2027. Plus, you'll want to get all your 2026 metrics reporting taken care of too! Hey, make sure you take a look at the HIPAA enforcement discretion approach for the FHIR-only PA APIs. You won’t want to miss it! If you’re looking for more details, you can check it out here. It’s got everything you need!
• Plan-Net and Endpoints: It’s important to show how you’re connecting with the national Endpoint Directory, which is handled by Edifecs right now, as well as how you’re working with Plan-Net 1. 2 provider directory. Want the full details? Check it out here!

Supply Chain

• Make sure you're keeping up with the latest on DSCSA exemptions and have a solid backup plan ready for 2025-2026. It’s always good to be prepared! Just a friendly reminder to keep your focus on EPCIS R1! Let’s get our compliance sorted out and gear up for the R1! 3 transitions using the right validation tools can make all the difference. For more info, you might want to swing by the FDA website. There's a lot of useful stuff there!

Identity and Credentials

We're jumping right into VCDM 2! Let’s dive into the different credential formats! We’ll check out how the status list is designed and also see which DID methods are supported. It's going to be interesting to uncover the details! Oh, and hey, make sure to keep those revocation latency guarantees in mind, too! Take a look at everything over here: (w3.org). You'll find all the info you need!

Security

• Take a look at CSF 2! We've got zero mapping in place, particularly when it comes to Governance. Plus, we’ve put together a PQC transition plan that lines up nicely with FIPS 203, 204, and 205. And don’t worry, we’ve also got the key-management workflows all documented. If you're interested, you can check out more details here. It's definitely worth a look!

Evidence and SLAs

• You can rely on us to provide audit evidence quickly, with a promise that we won't take longer than a set maximum retrieval time. So, we’ve put together an evidence schema that has a few key elements. It includes a consent hash, an operation ID, and some references to FHIR resources.

---

9) Emerging best practices we’re seeing win in 2025

• Stick with native data models: It’s a good idea to use FHIR and EPCIS as your primary systems of record. They're built for this purpose! Just a quick reminder: the ledger is meant for keeping track of proofs and policies, not for handling payloads. This method makes it easier to handle TEFCA and CMS audits, plus it helps cut down on your HIPAA risks. If you want to dive deeper into the details, just head over here. You'll find everything you need!
• Leverage W3C credentials for individuals and organizations: Consider issuing verifiable credentials for various aspects like licenses, participation in networks, and device verification. Keeping revocation lists on-chain is definitely a smart move. It helps avoid those annoying “phone-home” checks that can end up leaking sensitive info. If you want to dive deeper into the topic, check out this link. It’s packed with info!
• Think of consent like a contract: Make sure to hash that consent document! It’s important to cover the details like what it’s for, its limitations, and when it expires. Next, just make sure to reference that hash in the AuditEvent for every API call you make. This really simplifies things for auditors since they can just run one query to check everything. Learn more here.
• Design for mixed standards during the transition: So, as you dive into this, expect to see that some partners are still hanging onto formats like X12 or CSV, while others are all about FHIR/EPCIS. It’s a bit of a mixed bag out there! Don’t forget to include the adapters, but let’s make sure everything is notarized consistently on-chain for that uniformity we need. If you want to dig deeper into this topic, you can check out more info here.
• Lead with purpose: Dive into the Govern function from CSF 2 and really make it count! So, when it comes to your consortium rules, who's actually in charge of deploying contracts, rotating keys, and dealing with any incidents that pop up? It's super important to make sure all of this lines up with your vendor risk management strategies. If you're looking for more details, feel free to take a look at the announcement here. It’s definitely worth a read!

---

10) Two concrete service blueprints you can drop into an RFP

Blueprint A: Prior Auth Transparency + Audit in 120 Days

• Scope: We're really getting into how PAS, CRD, and DTR work together. Our plan is to support FHIR-only prior authorizations and keep tabs on every part of the PA process using blockchain technology. On top of that, patients can check their status using the Patient Access API. It's a pretty handy feature!
• Deliverables:
• We've got a FHIR gateway that comes loaded with CMS-0057-F APIs and a SMART/OIDC configuration. If you want to dive deeper into it, just click here for more details! We're rolling out smart contracts that will take care of every step in the Prior Authorization (PA) process. This includes everything from making the initial request to handling clinical documentation and, ultimately, supporting decision-making. We’re also planning to have an off-chain storage option for artifacts, along with a registry that will provide proof on-chain. Check out our auditor dashboard! It lets you filter by member ID, date, and facility, making it super easy to find what you need. Plus, you can grab consent and the AuditEvent chain with just a single click! Want to dive deeper? Head over to this link for all the details!

Blueprint B: DSCSA EPCIS Notarization + Dispute Resolution in 16 Weeks

• Scope: We're getting into EPCIS 1. You’ve gone through a bunch of strict conformance tests. We'll also be putting in place on-chain anchors for things like commissioning, aggregating, and shipping events. Plus, we’re planning to set up some automated workflows to help smooth out any disputes that might come up.
• Deliverables: We're all set to handle EPCIS events and will be delivering a GS1 R1 for you. I’ve got two conformance reports ready for you, along with a roadmap that outlines the steps for transitioning to R1.

3. We’ll touch on everything you need to know, from dispensers all the way to wholesalers and manufacturers. Take a look at the details over at GS1 US. It's a great resource for learning about DSCSA implementation guidelines in the pharmaceutical sector. You'll find all the info you need! We're going to create some smart contracts that will keep an eye on event hashes and help us handle any disputes that come up. Plus, we'll have an API ready to check the integrity of those events whenever we need to dig a little deeper during investigations. We're also going to create a handy SLA playbook that will help us manage enforcement and exemption periods all the way through 2025 and 2026. And the best part? We'll customize it for different roles so everyone knows exactly what to do! If you're looking for more details on that, check out the FDA website. They've got all the info you need!

---

11) What good looks like: measurable outcomes to include

• Interoperability: We're reaching more than 99%. We're seeing a 9% success rate for TEFCA exchanges and CMS-mandated API calls, and we've got solid evidence to back that up. Plus, our national directory is really stepping up to enhance endpoint discovery! Check it out here.
• Supply chain: Talk about efficiency! We’re managing to log over 99% of EPCIS events in under 5 minutes after we capture them. Pretty impressive, right? Oh, and here’s the cool part: we’ve really shortened the Mean Time to Resolution for disputes by using some solid cryptographic evidence. Pretty neat, right? Dive deeper here.
• Security: We’re all set with the CSF 2. Got the profile all set up, and now we’re diving into our quarterly inventory of the cryptography stuff. On top of that, we're testing out post-quantum cryptography using a mix of KEM and TLS for our internal service connections. If you're looking for more details, you can check it out here. There's a lot of good info available!

---

Final take

Look, blockchains may not be the ultimate fix for your Electronic Health Records (EHR) or a shiny new Drug Supply Chain Security Act (DSCSA) system, but they definitely have their perks. They’re fantastic for giving you verifiable proof, keeping a shared state across the board, and managing governance between different organizations like a pro. As you put together your RFP, be sure to refer to the 2024-2027 rulebook. It’s super important! Take a look at TEFCA’s FHIR pathway, the APIs from CMS-0057-F, the DSCSA's EPCIS adoption plan, and don’t forget about NIST’s CSF 2. Those are key pieces to keep in mind! 0/PQC. Next up, have a chat with the vendors about how their ledger components can make your audit process easier, help build trust around identity and consent, and boost your supply chain. And the best part? They’ll do all of this while keeping PHI safely off the chain. (sequoiaproject.org).

---

Sources (selected)

• Here’s what’s new with the TEFCA Common Agreement version 2. x, QTF v2. You can check out the FHIR roadmap right here! (sequoiaproject.org). Hey, don’t forget to look into the newest updates on CMS‑0057‑F, which covers Interoperability & Prior Authorization. You’ll want to check out the deadlines and the specifics on enforcement discretion too! (cms.gov).
• Check out the latest info on the DSCSA stabilization/exemption dates, and don't miss the guidance for EPCIS adoption! (fda.gov). Check out the NIST PQC FIPS documents, specifically 203, 204, and 205, along with CSF 2. There's a lot of interesting stuff in there! 0 updates. (nist.gov). Make sure you check out the W3C VCDM 2! You definitely don't want to miss it. Hey there! Let's dive into some recommendations and the latest buzz about DIDs (Decentralized Identifiers). (w3.org). Hey there! You might want to check out some provider directories and endpoint discovery tools like Plan-Net and Edifecs/CAQH. They can really help you out! (hl7.org). Dive into the HL7 FHIR AuditEvent and Provenance patterns to uncover some cool insights! You might be surprised at what you find. (hl7.org).

---