Changes to how HIPAA-adopted standards are maintained rarely generate much attention. They tend to unfold slowly, behind the scenes, and often become visible only once a new version is formally named in a regulation. That lack of visibility can make it easy to miss early signals about how standards are evolving and what that evolution may mean for organizations operating in the healthcare space.
In my role as Chair of the Designated Standards Maintenance Organizations, I facilitated a coordinated effort across the six DSMOs and the National Standards Group (NSG) to modernize HIPAA consultation processes. That work is informed by my roles since 2000, including work with X12, the National Committee on Vital and Health Statistics, and the Intersection of Clinical and Administrative Data Task Force. More proximately, my current parallel roles as Chair of HL7’s Policy Advisory Committee and Program Manager for the HL7 DaVinci Project, as well as my consulting work at Point-of-Care Partners, where standards governance, federal policy, and implementation realities intersect every day.
At the 2025 WEDI National Conference, I shared an update on this DSMO-led consultation modernization effort and related opportunity areas, including broader industry engagement in developing standards. Consultation includes the maintenance and modification processes for named standards as well as potential new standards. The opportunity areas include supporting NSGs' efforts to streamline policy development and adoption for new and modified standards. This includes the goal of resetting the industry’s understanding of why, where, when, and how to engage in both technical and policy development efforts. In 2026, the DSMOs will begin exploring how best to promote testing and piloting of standards in development processes, and the criteria and data needed to evaluate the readiness of standards for adoption under HIPAA.
While procedural on the surface, these changes have important implications for how mature standards, including newer versions of existing HIPAA-named standards, can be evaluated, coordinated, and advanced going forward.
HIPAA established DSMOs to ensure industry consultation before adopting or modifying administrative and financial health care exchange standards. Historically, that consultation has been episodic, largely siloed by standards development organizations, and difficult for the broader industry to track.
That approach is increasingly misaligned with today’s environment:
The DSMO modernization effort responds to these realities by rethinking how consultation happens, not just when it happens.
The updated approach introduces a more structured and coordinated consultation framework across the six DSMO entities and, by extension, WEDI. Rather than treating consultation as a late-stage requirement, the model defines specific trigger points during standards development that warrant cross-DSMO awareness and engagement.
Those trigger points include:
Importantly, this approach leverages existing ANSI-accredited standards development processes rather than creating new, parallel workflows. That alignment makes it easier for industry participants to understand where consultation fits, how to engage, and how feedback flows across organizations.
The DSMO update does not mandate new standards or versions. What it does is create a clearer, more predictable pathway for fostering alignment as standards mature and newer versions are ready for consideration within the HIPAA framework.
By formalizing consultation around version upgrades and structural changes, the updated model supports:
As policymakers seek to modernize HIPAA-regulated transactions without causing unnecessary disruption, this structured, industry-driven coordination becomes increasingly important.
This modernization effort reflects years of collaboration across standards organizations, federal partners, advisory committees, and implementers who are all navigating the same challenge: how to effectively function with HIPAA’s administrative simplification frameworks to ensure they are technically sound, operationally feasible, and aligned with policy intent and evolving care delivery and reimbursement business models. In the end, this must remain focused on improving patient care and achieving better outcomes.
The DSMO consultation modernization effort hasn’t grabbed headlines, but it represents a meaningful shift in how HIPAA standard governance functions.
It moves the industry away from periodic, siloed consultation and toward a more continuous, coordinated, and visible process. Over time, that shift can improve predictability, reduce unnecessary rework, and better align the advancement of standards with real-world implementation.
While often viewed through a payer or provider lens, changes to standards governance also have implications for life sciences manufacturers, particularly as administrative and clinical standards increasingly influence therapy access, prior authorization workflows, and data exchange supporting patient support and evidence generation.
For organizations tracking HIPAA modernization, standards versioning, and interoperability policy, this is one of those changes that is easy to overlook but increasingly important to understand.
One of the clearest takeaways from this DSMO update is that standards evolution is no longer something organizations can treat as distant or purely regulatory. Decisions about structure, versioning, testing, piloting, and implementation guidance are increasingly shaped earlier in the lifecycle, long before anything appears in rulemaking.
Organizations that can participate directly in standards development efforts are best positioned to influence outcomes and prepare for what’s coming. For those without the resources to engage hands-on, closely monitoring standards activity has become just as critical. Understanding where new versions are headed, how they differ from what is in production today, and when those changes may surface in policy or regulation can make the difference between proactive planning and reactive remediation.
As HIPAA modernization continues, staying informed and engaged with standards work is no longer optional. It is an essential part of managing risk, aligning technology strategy, and ensuring readiness for the next generation of administrative, financial, and clinical interoperability requirements.
HIPAA established DSMOs to ensure industry consultation before adopting or modifying administrative standards. Historically, that consultation has been largely siloed by those who actively engage in standards development organizations, and it has been difficult for the broader industry to follow in real time.
Today’s environment increasingly strains that approach:
The DSMO modernization effort responds directly to these realities by creating a more structured, transparent, and coordinated consultation model that better reflects how standards are developed and implemented today.
The updated DSMO consultation approach defines specific trigger points during standards development that warrant cross-DSMO coordination and broader industry awareness. Rather than consultation occurring late in the process, these trigger points surface earlier signals when changes may ultimately affect HIPAA-regulated transactions.
More specifically, the definition of consultation among DSMO entities is required when a HIPAA-related standard is being maintained/modified:
One area where this modernization effort is particularly relevant is the growing adoption of HL7 FHIR for HIPAA-regulated transactions.
As FHIR-based approaches mature, the implications extend beyond payers and providers to life sciences organizations that depend on interoperable data flows to support access, patient services, and real-world evidence strategies.
FHIR is not currently a HIPAA-adopted standard. However, it is increasingly being used in federal programs, certification requirements, and operational implementations, particularly for workflows like prior authorization. As a result, the National Standards Group released enforcement discretion regarding the use of the current prior authorization HIPAA standard (278) to permit an end-to-end FHIR approach in conjunction with the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F). NSG has begun actively engaging the DSMOs and WEDI on how FHIR-based approaches could be considered within the HIPAA framework. Keep an eye on 2026 for industry feedback solicitation!
In my role as Chair of HL7’s Policy Advisory Committee, I represented HL7 in formal remarks to the National Standards Group on the potential use of FHIR for the prior authorization transaction. That discussion focused not only on the promise of FHIR but also on practical considerations such as versioning, change management, alignment across agencies, and the need for predictable advancement processes if FHIR were ever to be incorporated into HIPAA.
These conversations underscore why the DSMO consultation model matters. As standards such as FHIR specifications mature and gain adoption, having a clear, coordinated way to evaluate readiness, manage version updates, and align policy with implementation becomes essential.
Reach out to us if you'd like to set up an initial discussion on this or any health IT or business transformation challenges you or your organization is facing.