Onyx Blog
Completing the Chain of Trust for CMS-Aligned Networks
By Mark Scrimshire, Onyx Chief Interoperability Officer
As CMS accelerates its Health Technology Ecosystem and the vision for CMS-Aligned Networks continues to take shape, the interoperability conversation is shifting. The question is no longer simply whether organizations can expose APIs. It is whether they can support trusted, repeatable, network-to-network exchange at the scale required for real-world payer interoperability.
That is where the trust layer becomes essential.
At the recent HIMSS Conference, David Pyke and I discussed how HL7 Da Vinci and FAST Security address different but complementary parts of this challenge. Da Vinci helps define the business workflows and implementation guidance needed for use cases such as prior authorization, payer-to-payer exchange, and other FHIR-based interactions. FAST Security addresses the trust framework needed to make those workflows scalable across organizations and networks.
Both matter. Neither solves the whole problem on its own.
The industry has made important progress in standardizing APIs and payloads. But as organizations move from point integrations to broader ecosystem participation, the harder questions come into focus. How do organizations establish trust with one another quickly? How do they reduce manual onboarding? How do they support secure exchange across many relationships without recreating legal, technical, and security processes every time?
Manual trust models do not scale. Static, one-off onboarding does not scale. And isolated API deployments are not enough to support a true CMS-Aligned Network model.
This is where FAST Security becomes so important.
FAST Security helps define how organizations can establish and manage trust in a more standardized and portable way. Through approaches that include certificate-based identity, dynamic client registration, and OAuth-based authorization, it creates a framework for reducing friction in onboarding and enabling more automated trust relationships across networks.
That matters because the challenge is no longer just exchanging data between two known parties. The challenge is enabling secure exchange across a broader ecosystem of payers, providers, and networks in a way that is repeatable, governed, and production-ready.
This is also why Da Vinci and FAST should be viewed together.
HL7 Da Vinci helps define what data should move, when it should move, and how those workflows should operate. FAST helps define how participants can trust one another quickly and consistently enough to make those workflows work at scale. One focuses on business and clinical exchange patterns. The other focuses on transport-layer trust and security infrastructure.
That separation is not a gap. It is a strength.
By separating workflow standards from trust infrastructure, the industry has a more scalable path forward. Organizations can align around common business use cases without having to invent entirely new trust frameworks for every implementation. At the same time, they can strengthen security posture and reduce operational friction through more reusable onboarding and authorization models.
For payers, this has immediate practical implications.
Whether the use case is prior authorization, payer-to-payer exchange, directory-driven API discovery, or TEFCA-facilitated FHIR exchange, the challenge is not simply standing up an endpoint. It is making sure trusted organizations can discover one another, authenticate appropriately, exchange data securely, and do so in a way that can be repeated across many relationships without creating unsustainable overhead.
That is the difference between compliance-oriented interoperability and interoperability at scale.
At Onyx, this is where standards become real. Our role is to help health plans and other organizations operationalize these frameworks in production environments, translating evolving standards into architectures, workflows, and implementations that can support real exchange across complex payer ecosystems. That includes applying Da Vinci implementation guides in practical use cases, supporting modern FHIR deployments, and helping organizations think ahead about the trust and security models required for broader CMS-Aligned Network participation.
In other words, Onyx sits at the point where policy, standards, and implementation meet.
That perspective matters because many organizations are now entering the next phase of interoperability maturity. They are moving beyond the initial push to meet API requirements and beginning to confront the operational realities of scale: onboarding, governance, trust establishment, and network-wide repeatability.
CMS-Aligned Networks raise the bar. They push the industry beyond isolated compliance efforts and toward a more connected model of exchange. To support that vision, we need more than standards for payloads alone. We need the trust infrastructure that allows those standards to work across organizations, across networks, and across production environments.
That is why this work matters now.
The path forward does not require starting over. It requires building on the foundation the industry has already created and extending it with trust models that are more portable, more automatable, and better suited for ecosystem-scale interoperability. Done well, that reduces integration friction, strengthens security, and makes trusted exchange more achievable across the healthcare landscape.
If CMS-Aligned Networks are going to succeed, the chain of trust must be as scalable as the APIs themselves.
HL7 Da Vinci and FAST Security are helping define the pieces. The opportunity now is to put them into action across real workflows, real trading partners, and real production environments.
The industry has done important work to define the payloads and workflows for interoperability. The next step is making sure trust can scale with them. That is the challenge, and the opportunity, in front of CMS-Aligned Networks.
If your organization is exploring these issues in the context of CMS-0057 and would be interested in participating in the pilot, please reach out to me.
