The interoperability rules behind connected care
Exchange is only as trustworthy as the standards underneath it. AzHeC tracks the load-bearing layer — HL7 and FHIR for clinical data, UDI and GS1 for device and supply identity, and HIPAA for privacy and security — and explains each in plain language, without favouring any vendor.
Standards are the part nobody sees until they fail
A statewide health information exchange moves data between hospitals, clinics, labs and pharmacies that never share a single software platform. The only thing they hold in common is a published standard: an agreed format for a lab result, an agreed identifier for a device, an agreed rule for protecting a record. When those standards are followed, a result ordered in one system arrives intact in another. When they are interpreted loosely, the data still moves — but it no longer means the same thing on both ends.
AzHeC reads the standards directly rather than relying on any one vendor's interpretation of them. Every position we take starts from the published specification — HL7 International for clinical messaging and FHIR, the FDA for Unique Device Identification, GS1 for supply-chain identifiers, and the HIPAA Privacy and Security Rules for protection. That is what vendor-neutral means in practice.
The four standards work areas
Four families of standards do the heavy lifting in connected care. Each explainer is written for a newcomer first and stays accurate to the current specifications.
HL7 & FHIR: a plain-language primer
The difference between HL7 v2 messages and FHIR's web-style resources and APIs, where each is used today, and why the US has standardised on FHIR R4. Start here if you are new to interoperability.
Read the primerUnique Device Identification (UDI)
The FDA UDI rule, the GUDID reference catalog, and the split between the Device Identifier (DI) and Production Identifier (PI) — and how that linkage makes recalls and safety surveillance possible.
Read moreGS1 standards in healthcare supply chains
GTIN for products, GLN for locations, and GS1-128 / GS1 DataMatrix barcodes carrying lot, expiry and serial data — and how GS1 identifiers double as UDI so inventory, the record and recalls finally agree.
Read moreData privacy, security & HIPAA in exchange
The HIPAA Privacy and Security Rules applied to exchange: minimum necessary, audit logging, encryption in transit and at rest, and the 2025–2026 shift that makes once-optional safeguards mandatory.
Read moreFrequently asked questions
01Why are there so many different standards instead of one?
Each standard solves a different problem. HL7 and FHIR describe clinical data and how systems request it. UDI identifies the physical device. GS1 identifies the trade item and the location in the supply chain. HIPAA governs how all of it is protected. They are complementary layers, not competitors — and increasingly they are designed to reference one another.
02Does AzHeC set or certify standards?
No. Standards are set by bodies such as HL7 International, the FDA and GS1, and conformance is certified through their own programmes. AzHeC's role is to convene Arizona stakeholders and translate those published standards into guidance they can act on — a neutral table, not a standards authority.
03I am completely new to this. Where should I begin?
Begin with the HL7 & FHIR primer. It explains the vocabulary the rest of these pages assume, then the UDI, GS1 and HIPAA explainers build on it. Our glossary is also a quick reference for any term you meet along the way.
Have a standards question specific to Arizona?
If your organisation is working through an interoperability standard and wants a neutral read, the council is here to help. There is nothing to buy — we convene and explain.