On March 24, 2026, CMS issued a final rule establishing new national standards for electronic healthcare claims attachments. The rule (CMS-0053-F) will modernize how health plans and providers exchange claims-related documentation by replacing manual methods, including fax, mail, and payor-specific portals, with a standardized, HIPAA-mandated digital framework that includes authorization via secure electronic signatures.
With the rule, CMS aims to reduce administrative burden, strengthen security, and improve efficiency and consistency of claims processing. In this article, we explore the key requirements included in the rule and how healthcare organizations can prepare for compliance.
When Does the CMS Claims Attachment Rule Take Effect?
CMS-0053-F becomes effective on May 26, 2026, and organizations will have until May 26, 2028 to comply with the new requirements. This allows for a two-year time frame for organizations to implement any necessary technology upgrades and workflow changes.
Which Attachments Are Covered Under CMS-0053-F?
The rule applies only to healthcare claims attachments, i.e., supporting clinical documentation exchanged between providers and health plans for claims processing. It does not apply to prior authorization attachments, in part to avoid conflicts with CMS’ Interoperability and Prior Authorization rule and other existing standards.
Which HIPAA Standards Will Apply to Claims Attachments?
CMS-0053-F implements both X12 and Health Level 7 (HL7) standards for electronic data exchange.
- X12: The X12 standards govern administrative transactions between providers and health plans. Specifically, X12N 275 is the standard for electronic attachments submitted by providers to support a claim, and X12N 277 is the standard for health plans to provide status notifications for claims and request additional information from providers.
- HL7: HL7 implementation guides, including the Consolidated Clinical Document Architecture (C-CDA), are the standards for structuring clinical documentation included in claims attachments. These standards help improve clarity, reduce variability in documentation, and support more efficient review by claims and audit staff. They will also support traceability for audits, appeals, and regulatory reviews.
In addition, the rule establishes electronic signature standards for all attachment transactions to authenticate the sender and the integrity of the data. These standards will help reduce the risk of unauthorized submissions, altered documents, and unclear attestation of records, supporting non-repudiation and stronger audit trails for claim decisions.
How Can Providers & Health Plans Prepare for Compliance With CMS-0053-F?
Leading up to the May 26, 2028 deadline, healthcare organizations should consider the following steps to prepare for compliance with the claims attachment and electronic signature requirements:
- Awareness & Governance: Now that the details of the rule have been released, organizations should familiarize themselves with the requirements and begin to establish ownership, scope, and oversight duties to support compliance.
- Current State Assessment: Organizations should review their claims processes to identify any gaps between their current operations and capabilities and the rule’s required standards. This might include assessing the percentage of paper claims/claims attachments versus electronic claims/claims attachments received and identifying providers who are the highest utilizers for targeted outreach and education.
- Design & Planning: Designing and planning are crucial when implementing claims system changes in response to new regulations, because the regulations directly affect compliance, payment accuracy, and data integrity. Based on their current state, organizations should develop an approach to address any identified gaps and define future-state workflows and controls that align with CMS-0053-F standards. Without careful upfront planning, organizations risk improper denials, potential regulatory penalties, and operational disruption.
- System Configuration & Testing: Organizations should begin to operationalize the electronic data exchange standards in their test environments to determine whether their systems are equipped for reliable implementation prior to operationalizing changes in their production environments. This can help reduce risks, protect organization data, and improve system reliability prior to any production deployment.
- Training & Change Management: All departments involved in claims processing and documentation, including claims operations, revenue cycle, IT, compliance, and clinical, will need to be trained and prepared to support consistent adoption of the new standards and processes across the organization. Any departments responsible for provider training and education, such as provider relations or external affairs, must also be well-versed in the implemented changes and work with providers to support a smooth transition before the 2028 compliance deadline.
- Compliance Readiness & Ongoing Monitoring: When the May 26, 2028 deadline arrives, organizations will need to monitor claims and utilization data to maintain the system’s accuracy and compliance with the rule’s requirements over time.
How Forvis Mazars Can Help With Claims Attachment Compliance
Our healthcare compliance professionals can support providers and health plans through readiness assessments, implementation planning, and compliance monitoring to help integrate standardized electronic claims attachments and electronic signature requirements into existing workflows. If you have questions about the new requirements or would like assistance, please reach out to our team today.