If you can’t think of a reason to pay attention to FAST's work, we have a couple for you! Recent requirements related to TEFCA (Trusted Exchange Framework and Common Agreement) and the latest HTI-2 proposed rule have named the FAST Security Implementation Guide (IG). This recognition underscores the importance and foundational nature of FAST's contributions to healthcare interoperability.
On July 1st, the Recognized Coordinating Entity (RCE) released the Facilitated FHIR Implementation Standard Operating Procedure (SOP), outlining the requirements for using FHIR within the TEFCA framework. Notably, these requirements include adopting the FAST HL7 UDAP Security for Scalable Registration, Authentication, and Authorization FHIR Implementation Guide (SSRAA) by January 1, 2026. This timeline allows organizations to implement FAST Security while still using SMART or other security options in the interim.
Specifically, the SOP states:
Prior to January 1, 2026:
- All FHIR Adopters MAY follow the requirements of HL7 SSRAA FHIR IG 1.0.0 STU 1 US Section 3 Registration.
- Manual registration requests for client_id MUST be resolved within 5 business days where sufficient information has been provided. Information requirements MUST NOT exceed those in Section 3 of HL7 SSRAA FHIR IG and this SOP.
- All FHIR adopters MUST use one of the following:
- HL7 SSRAA FHIR IG 1.0.0 – STU 1 US Sections 4 and 5;
- SMART Release 1.0.0; or
- Another authentication and authorization framework that adheres to the QTF requirements is based on out-of-band agreements between exchange partners.