The Rules Are Changing. We’re Already at the Table.

Prior authorization has frustrated providers, payers, and patients for decades. Phone calls to utilization review departments. Faxed documentation. Multi-day waits while care is on hold. The administrative cost alone runs into the hundreds of billions annually across the healthcare system, and the human cost is harder to quantify but just as real.

Over the last two years, federal regulators have moved decisively to change that. And the standards bodies that underpin how healthcare data actually moves have been working even longer to build the infrastructure those regulations require.

At UHIN, we haven’t been watching this from the outside. We’ve been inside the rooms where implementation gets figured out, and we’ve been there by design.

Here’s what’s shifting, why it matters to you regardless of your role, and what it means to have a partner who was already invested in this work before it became mandatory.


What’s Changing, Rule by Rule

CMS-0057-F: Interoperability and Prior Authorization

Finalized in January 2024, CMS-0057-F is the most significant overhaul of prior authorization workflows in HIPAA history. It requires Medicare Advantage, Medicaid, CHIP, and qualified health plans on the federal exchanges to implement four FHIR-based APIs: Patient Access, Provider Access, Payer-to-Payer, and Prior Authorization. Full API compliance is due January 1, 2027.

Operational requirements came first. As of January 1, 2026, payers are required to issue standard prior authorization decisions within seven calendar days and expedited decisions within 72 hours.¹ Payers also began publicly reporting prior authorization metrics (approval and denial rates, average decision times, appeals outcomes) starting March 31, 2026, covering calendar year 2025.²

On the technical side, the rule centers on HL7 FHIR R4 infrastructure and SMART on FHIR for authentication. The Da Vinci Project’s implementation guides define the workflows those APIs are expected to support. The Coverage Requirements Discovery (CRD), Documentation Templates and Rules (DTR), and Prior Authorization Support (PAS) guides collectively describe how a provider system can determine whether authorization is needed, surface documentation requirements, and submit a request without leaving the clinical workflow.³ These are the standards the industry is actively working to implement, and organizations are at different stages of readiness across all three.

There’s also a meaningful shift in how FHIR and X12 coexist. CMS issued enforcement discretion allowing payers to implement a FHIR-only Prior Authorization API without being required to also use the X12 278 transaction.⁴ For the first time in HIPAA history, FHIR can function as a standalone path rather than a complement to EDI. The 278 remains valid, and many real-world implementations will use a hybrid model where FHIR faces the provider side and X12 handles the back-end translation.

CMS-0053-F: Claims Attachments

Finalized March 24, 2026, CMS-0053-F establishes the first-ever HIPAA-adopted standards for healthcare claims attachments. It goes into effect May 26, 2026, with a compliance deadline of May 26, 2028.⁵

For decades, claims-related clinical documentation (medical records, imaging, lab results, clinical notes, telemedicine visit documentation) has moved via fax, mail, and payer-specific portals. This rule requires payers to support standardized electronic attachment transactions, though payers may continue accepting other forms of submission if they choose to. In practice, many payers today already discourage or decline non-electronic methods, and this rule formalizes the electronic standard they must support. Specifically, it adopts Version 6020 of the X12N 275 for provider-to-payer transmission of supporting documentation and the X12N 277 for payer requests to providers, along with HL7’s Consolidated Clinical Document Architecture (C-CDA) for structuring the clinical content inside those transactions.⁶

One thing to note: CMS did not finalize prior authorization attachment standards in this rule. That question is still open, with HHS continuing to evaluate how FHIR-based workflows, X12, and C-CDA should align. A CMS listening session in December 2025 addressed replacing the X12 278 with HL7 FHIR under the exception process.⁷ Stakeholder input is still actively shaping what comes next.

X12 Version 8060: The Next HIPAA Transaction Standard

Version 5010 has been the HIPAA-mandated X12 standard for administrative transactions since 2012. X12 published its 008060 EDI Standard in January 2025 and completed the full set of 008060 implementation guides for all HIPAA-mandated transactions in September 2025. The updated guides cover claims (837), eligibility (270/271), claim status (276/277), remittance (835), enrollment (834), and premium payment (820).⁸

X12 has formally recommended to the National Committee on Vital and Health Statistics (NCVHS) that 008060, along with its XML representation, be adopted.⁹ Version 5010 remains the current mandated standard while federal rulemaking proceeds. WEDI, as an official advisor to HHS, has been conducting its own Federal Policy Consultation process to gather industry input on the impacts, costs, and timing of the 8060 transition, with findings submitted to HHS.¹⁰ HHS convened an additional listening session with the Designated Standards Maintenance Organizations (DSMOs) and WEDI on July 1, 2026, specifically to gather perspectives on the proposed 5010-to-8060 transition; that feedback will inform future HIPAA Administrative Simplification rulemaking.¹¹

X12 has also launched a 2026 education series to help implementers understand what’s changing and prepare their systems before any mandate takes effect.¹²

For organizations managing EDI workflows, this transition will eventually touch every major transaction type you process. Now is a reasonable time to start asking questions and building familiarity with what’s different in 8060.


It’s tempting to think of prior authorization modernization as a simple point-to-point story: EHR sends a FHIR bundle, payer system responds, authorization decision arrives in minutes. That’s the goal. The path there is more layered.

Most providers don’t have direct FHIR connections to most payers. Many payer systems aren’t yet equipped to receive FHIR-based prior authorization requests natively across their full network. The translation work, routing between networks and managing acknowledgments, is precisely what clearinghouses are built to handle.

The HL7 Da Vinci Prior Authorization Support implementation guide makes this explicit: clearinghouses are one of the designated intermediary roles responsible for ensuring HIPAA transaction compliance while FHIR operates on the provider-facing side.¹³ The X12 handling happens in what the Da Vinci guide calls a “black box,” a service that the submitting system doesn’t need visibility into. That service is often a clearinghouse.

This isn’t a workaround. It’s the intended architecture for how hybrid environments function during the transition from legacy EDI to FHIR-native exchange. Getting the translation layer right, and getting it right across networks rather than just within individual point-to-point connections, is where the real implementation work lives.


Where UHIN Fits In

UHIN isn’t simply tracking these changes and updating our systems to match. We’re actively involved in building the frameworks the industry will follow.

Da Vinci Trebuchet: Clearinghouse-to-Clearinghouse Prior Authorization Pilot

In early 2025, UHIN was selected as a participant in the Da Vinci Trebuchet Clearinghouse-to-Clearinghouse (CH-to-CH) Prior Authorization Pilot, launched by the Cooperative Exchange in collaboration with the HL7 Da Vinci Project. The cohort includes eleven clearinghouses, including Waystar, Optum, Availity, and Veradigm, working to test whether FHIR-based prior authorization transactions can actually be operationalized across clearinghouse networks rather than just within individual point-to-point connections.¹⁴

The pilot is validating hybrid X12 and FHIR translation workflows that reflect how the industry actually operates today. The outcomes include a functional prototype, a clearinghouse implementation playbook, and concrete recommendations for improving the underlying standards including Da Vinci, FAST Implementation Guides, and X12. When those recommendations get made, UHIN will have helped shape them.

Utah Statewide FHIR Interoperability Pilot

UHIN is also a central participant in Utah’s statewide FHIR interoperability effort through the One Utah Health Collaborative, with clinical data exchange and prior authorization as the two primary use cases. UHIN has contributed patient attribution data, connectivity infrastructure, and coordination across payers, providers, and public health stakeholders working toward a shared FHIR-based ecosystem across the state.¹⁵ UHIN’s CTO participated in Civitas’s FHIR Deep Dive Series in early 2025 to share progress on that work with a national audience.

The CHIE on FHIR, Already Live

In late 2024, UHIN launched a modernized Clinical Health Information Exchange (CHIE) portal built on HL7 FHIR, supporting data sharing across 33 of 36 short-term acute care hospitals in Utah. This wasn’t a pilot or a roadmap commitment. It’s in production.¹⁶

Active Standards Participation

UHIN is a recognized Standards Development Organization with ongoing participation in national electronic transaction committees. We attend X12 standing meetings, engage with HL7 workgroups, and track NCVHS recommendations and comment cycles. When CMS convened its December 2025 listening session on the question of replacing the X12 278 with HL7 FHIR, the voices of organizations like ours were part of what informed that conversation.¹⁷


For EDI and revenue cycle teams: The 5010-to-8060 transition is not a mandated deadline yet, but the implementation guides are published, X12 is running education sessions now, and rulemaking is in motion. Getting familiar with what’s changing before the deadline appears is time well spent. Start by asking what’s different in 8060 for the specific transaction types you handle most.

For payers: The January 2027 FHIR API compliance deadline is closer than it looks once you account for integration timelines, testing cycles, and the organizational lift of standing up four APIs while also meeting the operational requirements that went live in January 2026. The clearinghouse layer handles the hybrid translation and provider-side connectivity that makes network-wide adoption feasible rather than theoretical.

For providers and revenue cycle leaders: CMS-0053-F requires payers to support standardized electronic claims attachment transactions by May 2028. Many are already moving in that direction now. Understanding what the X12N 275 and 277 transactions require, and how C-CDA structures the clinical content within them, will help you prepare for what your trading partners will eventually expect.

For compliance and technology leadership: The convergence of CMS-0057-F, CMS-0053-F, and the 8060 transition represents the most significant wave of HIPAA administrative simplification updates in over a decade. These rules interact with each other. The FHIR enforcement discretion for the 278 directly shapes how prior authorization attachment standards will eventually be decided, which CMS explicitly left unresolved pending further industry evaluation. Understanding how the pieces connect is as important as understanding each piece on its own.


UHIN has been at this for more than thirty years. We process hundreds of millions of transactions a year. We operate the nation’s only nonprofit clearinghouse network. We run Utah’s state-designated Health Information Exchange. And we sit at the table where standards get written, not just where they get implemented.

The regulatory changes coming into effect over the next two years reflect years of industry collaboration, standards development work, and pilot programs that UHIN has actively contributed to. We aren’t scrambling to catch up with what compliance requires. We’re already working on what comes after that.

If you want to talk through where your organization stands on any of this, we’re here for that conversation.


  1. CMS. CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F) Fact Sheet. January 2024. cms.gov
  2. CMS. CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F). January 17, 2024. cms.gov
  3. HL7 Da Vinci Project. Da Vinci Prior Authorization Support (PAS) FHIR IG v2.1.0. hl7.org
  4. CMS National Standards Group. HIPAA Transaction Enforcement Discretion. February 28, 2024. cms.gov
  5. AAPC. CMS Final Rule Standardizes Electronic Healthcare Data Exchange. March 31, 2026. aapc.com
  6. CMS. Administrative Simplification; Adoption of Standards for Health Care Claims Attachments Transactions and Electronic Signatures Final Rule (CMS-0053-F) Fact Sheet. March 2026. cms.gov
  7. CMS. Events and Latest News: Administrative Simplification. December 2025 Listening Session. cms.gov
  8. X12. X12 Publishes 008060 Versions of All HIPAA-Mandated Implementation Guides. September 2025. x12.org
  9. X12. X12 HIPAA Recommendation Letter. December 2025. x12.org
  10. WEDI. WEDI’s Federal Policy Consultation Process and X12 Version 008060. March 2026. wedi.org
  11. CMS. Events and Latest News: Administrative Simplification. July 1, 2026 Listening Session. cms.gov
  12. X12. Announcing the Kick-off of X12’s 008060 Education/Information Series. March 2026. x12.org
  13. HL7 Da Vinci Project. Da Vinci Prior Authorization Support (PAS) FHIR IG: Use Cases and Overview. hl7.org
  14. UHIN. Newsletter: January 2025 Issue. February 2025. uhin.org
  15. One Utah Health Collaborative. Advancing Interoperability in Healthcare: Utah’s Collaborative Approach. 2025. uthealthcollaborative.org
  16. UHIN. 2024 Year-End Recap. 2025. uhin.org
  17. CMS. Events and Latest News: Administrative Simplification. December 2025 Listening Session. cms.gov