Health Samurai Blog

CMS-4208-F2 requires MA organizations to publish provider directory data for Medicare Plan Finder. HPMS attestation is due September 1, 2026 — before CMS-0057-F.

Aidbox supports HIPAA Safe Harbor de-identification directly in ViewDefinitions. Transform FHIR data into compliant, analytics-ready tables with per-column control — and map results back when needed.

Aidbox 2602 implements the FHIR R6 $purge operation — permanently delete a patient and their entire compartment, including all history, in one auditable call.

CMS-0057-F final rule: Patient Access, Provider Access, Payer-to-Payer, and Prior Authorization FHIR APIs required by January 2027.

FHIR security labels can limit access not just to whole resources but to individual fields. Rostislav Antonov’s DevDays talk shows how this works in Aidbox and what trade-offs it creates around leakage, performance, and write protection.

Auditbox: a FHIR-native audit log for modern healthcare solutions. Why audit logging is hard, what Auditbox solves, and how to join early access.

Token Introspection is the critical bridge between Authentication and Authorization. When a client presents a token to access FHIR resources, the server must check if the token is valid.

FHIR Security Labels provide row- and field-level access control. Real-world examples for psychiatrists, nurses, and billers using Aidbox.

How can confidentiality of data be ensured and access to these data be controlled among system users, considering different access levels and data sensitivity?

What the Patient Data Access API is, how it relates to CMS rules, and how to implement it on a FHIR server like Aidbox — with code samples.