In 1996, HIPAA told U.S. Department of Health and Human Services (HHS) to adopt standards for electronic claims attachments. In 2005, CMS proposed a rule. It was never finalized. In 2010, the ACA said do it by 2014. They didn't. In 2022, CMS tried again. And now, in March 2026, it's finally here.

CMS-0053 adopts X12 275/277 and C-CDA as the first-ever HIPAA standard for claims attachments. It's a significant milestone with $782M in projected annual savings, a 2028 compliance deadline, and the assertion of the end of faxing clinical documentation to support claims.

But the timing raises some hard questions. Three months ago, ASTP proposed stripping C-CDA out of certification requirements in HTI-5, calling it legacy. That's a tough look just as CMS is adopting it as a brand new HIPAA transaction standard.

Meanwhile, CMS dropped prior auth attachments from the final rule, acknowledging that FHIR-based prior auth (Da Vinci PAS, DTR) is the future for that workflow. So we now have two closely related payer-provider exchanges on completely different standards paths: dumb pipe C-CDA for claims, smart FHIR stack for prior auth. That natural experiment will teach us a lot.

Most notably, the press release has Dr. Oz touting the death of the fax. I appreciate the rhetoric, but this rule covers one workflow. Fax survives by being ubiquitous and format-agnostic. You don't kill a network one use case at a time. But in a perfect coincidence, the FCC adopted a copper retirement order two days after CMS-0053 published. That may do more to kill fax than any claims attachment standard ever could.

Full analysis and takes in article