Mapping Moonlitic's Infrastructure Against the Five Pillars of FHIR At Scale
The FHIR At Scale Taskforce (FAST) is an HL7 accelerator that identifies ecosystem-wide barriers to deploying FHIR at scale, defines solutions to address those barriers, and develops the infrastructural standards to support nationwide FHIR implementations. FAST is now a direct compliance pillar — TEFCA requires FAST Security compliance by January 1, 2026, and ONC's HTI-2 rule references FAST specifications for FHIR exchange.
FAST organizes its work into five pillars, each with its own FHIR Implementation Guide (IG), reference implementation, and conformance criteria. Together they form the infrastructure layer that any platform exchanging health data at scale must implement.
5
4
Jan 2026
HTI-2
Extends OAuth 2.0 with UDAP workflows for scalable, certificate-based trust. Covers dynamic client registration, JWT-based authentication, Tiered OAuth, and B2B authorization — all bound to X.509 certificates within a multi-party trust framework.
private_key_jwt with asymmetric keys.well-known/udap metadata endpointEstablishes consistent digital identity across networks. Enhances the FHIR $match operation for cross-organizational patient matching, defines identity assurance levels, and provides guidance on credential binding.
$match for cross-organizational lookupsDefines how organizations capture, share, and enforce patient consent directives using FHIR Consent resources. Bridges Identity (who) and Security (trust) to ensure every transaction is consented, compliant, and auditable.
National source of truth for providers, organizations, services, and electronic endpoints. Enables automated endpoint discovery, capability signaling, and program participation indicators.
Testing infrastructure and conformance tooling that validates implementations against FAST IGs. Includes reference implementations, test kits, and connectathon events.
| Pillar | FAST Requirement | Moonlitic Capability | Status |
|---|---|---|---|
| Security OAuth 2.0 + SMART on FHIR |
OAuth 2.0 authorization framework with scoped access tokens for FHIR APIs | OAuth 2.0 implemented across all engines; SMART on FHIR authentication patterns; scoped access tokens for patient portal, clinician portal, and marketplace APIs | BUILT |
| Security UDAP Dynamic Registration |
Dynamic client registration using signed software statements (JWT + X.509 certificate chain) | OAuth 2.0 client registration exists; needs UDAP-specific extension with X.509 certificate chain validation, signed software statements, and .well-known/udap discovery metadata |
PARTIAL |
| Security JWT Client Authentication |
Token endpoint auth via private_key_jwt with asymmetric cryptographic keys bound to digital certificates |
JWT-based authentication implemented; AES-256 encryption throughout; asymmetric key infrastructure in place for consent engine; needs formal private_key_jwt binding to X.509 certificates per UDAP spec |
PARTIAL |
| Security Tiered OAuth / B2B Authorization |
Cross-organizational trust delegation; client credentials flow for B2B; Tiered OAuth for federated trust | Marketplace uses buyer/seller authorization with scoped access; B2B data exchange with consent-gated access controls; needs formal Tiered OAuth implementation for cross-network federation | PARTIAL |
| Security Encryption at Rest & Transit |
TLS 1.2+ for transport; encryption at rest for PHI | AES-256 end-to-end encryption; TLS 1.3; Azure Confidential Ledger for immutable audit; field-level encryption for sensitive data categories; FIPS 140-2 key management | BUILT |
| Identity Digital Identity Binding |
Digital identifier with AAL2+ authentication; IDIAL1.8+ identity assurance; credential binding across organizations | Clear integration for identity verification; OIDC-based patient identity; needs formal AAL2 + IDIAL1.8 conformance tagging and cross-organizational credential binding per FAST Identity STU2 | PARTIAL |
| Identity Patient $match Operation |
Enhanced FHIR Patient $match for cross-organizational matching with weighted inputs and match grades |
Patient identity resolution across data sources; FHIR Patient resource management; deterministic matching via MRN, SSN, DOB; needs formal $match operation endpoint with weighted scoring per FAST IG |
PARTIAL |
| Identity Provider/Organization Identity |
Organizational identity via digital certificates with verified attributes and NPI/taxonomy binding | Clinician portal with NPI-linked provider profiles; organization-level access controls in marketplace; provider identity verified via EHR integration; certificate-based organizational identity is a packaging exercise | BUILT |
| Consent Computable Consent Directives |
Electronic capture using FHIR Consent resources; machine-readable consent scope; cross-organizational enforcement | Sub-5ms consent lookup; 9 granular consent categories; FHIR Consent resource representation; per-resource + per-action scope (read/write/delete/query); special category handling (Genetic, Mental Health, HIV); GDPR Article 6 compliance | BUILT |
| Consent Consent Lifecycle Management |
Create, update, revoke consent with full audit trail; event-sourced lifecycle | Event-sourced consent lifecycle (Cosmos DB); real-time toggle in patient portal; 30-second revocation propagation to all downstream buyers; SHA-256 hash-chained audit of every consent event; 7-year retention | BUILT |
| Consent Cross-Org Consent Sharing |
Interoperable consent format that travels with data across organizational boundaries | Consent-to-data linkage across marketplace; every downstream use audited; consent travels with data via provenance chain; interoperable format aligns with FHIR Consent resource structure | BUILT |
| Directory Endpoint Discovery |
FHIR-based endpoint discovery; capability signaling; program participation indicators | FHIR R4 API endpoints published across all engines; capability statement served; needs formal NDH-compliant Endpoint resources with capability signaling and participation indicators per NDH IG | PLANNED |
| Directory Provider/Org Directory |
National directory profiles for Practitioner, Organization, HealthcareService, Location with attestation and verification | Clinician portal manages provider profiles; marketplace maintains organization directory; NPI-linked practitioner records; needs NDH profile conformance and attestation/verification workflows | PLANNED |
| Directory Directory Sync & Subscription |
FHIR API + subscription + bulk data export for synchronizing national → local directory | Bulk data export capabilities exist in data aggregation engine; FHIR Subscription patterns for real-time updates are architecturally planned; needs NDH sync protocol implementation | PLANNED |
| Testing Conformance Testing |
Validate implementation against FAST IGs using test kits and reference implementations | QA test suites for all 7 engines; HEDIS validation against real LOINC/CPT/ICD-10 codes; API contract tests; needs formal FAST IG conformance test harness integration (identity-matching-test-kit, UDAP test suite) | BUILT |
| Testing Interop Testing / Connectathon |
Participate in FAST connectathons; test cross-network exchange with QHINs and CMS networks | FHIR R4 APIs ready for connectathon testing; Da Vinci workflow compliance (CRD→DTR→PAS); CMS-0057-F compliance built; needs formal FAST connectathon participation and cross-QHIN validation | BUILT |
| Testing TEFCA FHIR Exchange Readiness |
Full compliance with TEFCA FHIR exchange requirements including FAST Security by Jan 2026 | FHIR R4 APIs, OAuth 2.0, consent enforcement, audit trails all operational; UDAP-specific extensions (Rows 2-4 above) close the remaining gap; on track via ATTEST Gate 3 timeline | BUILT |
| Cross-Cut HTI-2/HTI-5 Alignment |
ONC rules reference FAST specs; FHIR API availability requirements; authorization/provenance behavior | FHIR R4 APIs across all engines; CMS-0057-F prior authorization compliance; consent representation using FHIR Consent resources; needs formal HTI-5 traceability matrix mapping Moonlitic endpoints to rule requirements | BUILT |
| Cross-Cut Provenance & Audit |
Data provenance tracking; audit trails; lineage across organizational boundaries | 5-layer provenance: ACL immutable ledger (Azure Confidential Ledger), hash-chained audit logger, consent event sourcing (Cosmos DB), HIPAA audit middleware, anonymization manifests; signed DAG approach for cross-boundary provenance | BUILT |
Across 20 FAST requirements, Moonlitic scores 12 BUILT, 5 PARTIAL, 3 PLANNED, and 0 GAP.
Every PARTIAL requires extending existing infrastructure. Every PLANNED item is a conformance packaging exercise against published IGs — not net-new engine work.
Each item below has existing Moonlitic infrastructure underneath it. The work is extension, packaging, or formal conformance — not invention.
OAuth 2.0 client registration; JWT authentication infrastructure; FHIR API endpoints with capability statements.
Signed software statement (JWT with X.509 chain) for dynamic registration; .well-known/udap metadata endpoint; trust anchor certificate validation; UDAP-specific discovery response format.
JWT-based auth; AES-256 encryption; asymmetric key infrastructure for consent engine; FIPS 140-2 key management.
Formal private_key_jwt token endpoint authentication method; X.509 certificate binding for client identity; certificate chain validation against trust community anchors.
Marketplace buyer/seller authorization; consent-gated B2B access controls; scoped token issuance.
Formal Tiered OAuth implementation where a downstream authorization server can delegate trust to an upstream server; cross-network federation handshake; trust community participation signaling.
Clear identity verification integration; OIDC-based patient identity; provider NPI binding; ATTEST R1 identity continuity roadmap (Datavant integration path).
Formal AAL2 conformance tagging on authentication flows; IDIAL1.8 identity assurance level attestation; cross-organizational credential binding per FAST Identity STU2; integration with FAST identity-matching-test-kit for validation.
Patient identity resolution across data sources; deterministic matching (MRN, SSN, DOB); FHIR Patient resource management across all engines.
Formal FHIR $match operation endpoint; weighted input scoring; probabilistic matching with match grade responses; historical demographic data support per FAST Identity IG.
FHIR R4 API endpoints across all 7 engines; CapabilityStatement served; marketplace directory of organizations.
NDH-conformant Endpoint FHIR resources; capability signaling metadata; program participation indicators (TEFCA, CMS network membership); .well-known discovery integration.
Clinician portal with NPI-linked provider profiles; marketplace organization directory; location and service metadata.
NDH-profile conformance for Practitioner, Organization, HealthcareService, Location resources; attestation and verification workflows; network affiliation resources.
Bulk data export capabilities in data aggregation engine; real-time event patterns (consent event sourcing, marketplace notifications).
FHIR Subscription for directory change notifications; NDH-specific bulk export operation for national→local sync; scheduled exchange protocol.
Total Effort to Achieve Full FAST Coverage
5 PARTIAL items + 3 PLANNED items = 8 work packages
All run in parallel across 3 tracks:
Security Track (UDAP + JWT + Tiered OAuth): ~8 weeks | Identity Track (AAL2 + $match): ~8 weeks | Directory Track (NDH profiles + sync): ~8 weeks
All 8 items run in parallel. Consent pillar (3/3 BUILT) and Testing/Conformance (3/3 BUILT) require no additional work. FAST Consent IG publication (early 2026) validates Moonlitic's existing consent architecture.