Healthcare Regulations
Regulatory compliance guides for HIPAA, HITECH, and healthcare privacy laws
CMS Interoperability Rules Overview
Reference for CMS interoperability mandates: CMS-9115-F (2020), CMS-0057-F (2024), covered entities, data exchange APIs, compliance timelines, and penalties.
Australian Privacy Act and Health Data
Reference overview of the Privacy Act 1988, state health records laws, My Health Record Act, and notifiable data breaches obligations for health data in Australia.
Provider Access API (CMS-0057-F)
Reference for the CMS-0057-F Provider Access API obligation: payers sharing patient data with treating providers, PDex IG, member match, data scope, January 2027 compliance, and implementation requirements.
New Zealand Digital Health Standards
Reference overview of NZ digital health standards: Privacy Act 2020, Health Information Privacy Code, Te Whatu Ora, NHI, FHIR NZ Base profiles, NZePS, and the NZ Health Terminology Service.
Information Blocking Rule (ONC)
Reference for ONC's Information Blocking Rule under 21st Century Cures Act: definition, actors, eight exceptions, penalties, and enforcement mechanisms.
NHS England Digital Standards
Reference overview of NHS England digital and data standards for suppliers: DSPT, NHS number and PDS, Care Identity Service, NHS login, NHS England FHIR APIs, and supplier onboarding obligations.
TEFCA — Trusted Exchange Framework and Common Agreement
Reference for TEFCA: the ONC framework for nationwide health information exchange, Qualified Health Information Networks (QHINs), the Common Agreement, exchange purposes, and participation model.
Australian Digital Health Standards
Reference overview of Australian digital health technical standards: ADHA, AU Base FHIR profiles, My Health Record FHIR API, NCTS, AMT, IHI/HPI identifiers, and NASH PKI.
Patient Access API (CMS-9115-F)
Reference for the CMS-9115-F Patient Access API: FHIR-based patient data access, CARIN Blue Button, US Core, SMART App Launch, scope of required data, and compliance timelines.
HIPAA
Reference overview of HIPAA Privacy and Security concepts for health IT builders: safeguards, minimum necessary, auditability, and common engineering considerations.
ONC 21st Century Cures Act Final Rule
Reference for the ONC 21st Century Cures Act Final Rule: FHIR API certification requirements, USCDI, information blocking prohibition, health IT certification criteria, and implementation timelines.
UK GDPR and Health Data
Reference overview of UK GDPR and DPA 2018 obligations for health data: special category conditions, controller/processor model, data subject rights, DPIA triggers, and ICO enforcement.
UK Core FHIR Profiles
Reference for UK Core: NHS England's national FHIR R4 profile set, UK-specific extensions, relationship to Care Connect, dm+d for medications, and conformance for NHS Digital API access.