FHIR for regulators: governance, sandbox, and compliance

1. Why regulators need to understand FHIR

Vietnam's digital health legal framework for 2025-2026 has set explicit interoperability requirements. Circular 13/2025/TT-BYT (effective 21/07/2025) requires hospitals to complete electronic medical records (EMRs) and link them to the national personal identification number or VNeID — Vietnam's national digital identification app. Decree 102/2025/NĐ-CP (effective 01/07/2025) establishes the national digital health database. Decree 278/2025/NĐ-CP (effective 22/10/2025) makes data connectivity and sharing between health facilities a mandatory obligation, with a unified standardization deadline no later than 31/12/2026.

The catch is this: legal requirements cannot be measured without shared technical standards. When every hospital interprets "interoperability" its own way and every vendor exports its own format, regulators have no basis to determine who is compliant and who is not. FHIR R4 (version 4.0.1, comprising 146 resources) is the open standard from HL7 International, adopted by the United States, Japan, the United Kingdom, Australia, Singapore, and the EU as their common foundation. Vietnam can "borrow" rather than build from scratch — saving budget, shortening timelines, and inheriting proven international experience.

The regulator's role in adopting FHIR is more than just "permitting" it. It includes publishing a national Implementation Guide with an official canonical URL (http://fhir.hl7.org.vn/core/), governing the code systems issued by Vietnam (ICD-10 VN under Decision 4469/QĐ-BYT, the technical services catalog under Circular 23/2024/TT-BYT, BHYT subject codes under Decision 3276/QĐ-BYT), running a terminology server, operating a sandbox for vendors, hosting Connectathons, and certifying products.

2. The five regulator roles

Internationally, regulators take on five FHIR-related responsibilities. Vietnam can use this framework to assign duties to BYT, BHXH, and BTTTT.

2.1. Publishing a national Implementation Guide

An Implementation Guide (IG) is a packaged set of technical artifacts — profiles, extensions, terminology, and examples — that adapts FHIR to a national context. Vietnam currently has two products called VN Core IG, but with different origins. The first was published by the IT Department of the Ministry of Health (the unit's name at the time of publication) in the hl7vn/vn-core-ig repository, with canonical URL http://fhir.ehealth.gov.vn/core/ and package hl7.fhir.vn.core#1.0.0; it remains a draft CI build last updated in July 2024. The second is community-led, initiated by OmiGroup at hl7.org.vn with canonical URL http://fhir.hl7.org.vn/core/, and is being built on a transparent roadmap. One of the most important governance decisions ahead is whether the Ministry of Health will officially endorse one version or merge both into a single national product.

IG endorsement at the national level usually goes through a Circular or a Decision, attached to an existing legal instrument (such as Circular 13/2025/TT-BYT) rather than requiring new legislation. The natural lead is the Ministry of Health, co-chairing with Vietnam Social Security on Claim/Coverage matters and coordinating with BTTTT on information security.

2.2. Terminology governance

FHIR compliance starts with code systems. The Ministry of Health has done a strong job on the publication side: Decision 4469/QĐ-BYT (ICD-10 VN, 28/10/2020), Decision 1227/QĐ-BYT (laboratory indicators batch 1, 11/04/2025), Decisions 2427, 2493, and 2805/QĐ-BYT (the three SNOMED CT VN batches in 2025), Decision 387/QĐ-BYT (ICD-9-CM 2026, 05/02/2026), and Decision 3276/QĐ-BYT (codes for visiting subjects, 17/10/2025). What remains missing is the technical layer above: a national terminology server that lets systems discover, validate, and resolve codes at runtime.

A national terminology server (hypothetically at terminology.byt.gov.vn or terminology.hl7.org.vn) needs a clear release cycle, support for the FHIR operations $expand, $lookup, and $validate-code, and a versioning policy that prevents legacy codes from breaking integrations when they are retired. This is shared infrastructure that pays for itself across the sector — every vendor avoids the manual chore of synchronizing terminology by hand.

2.3. Running sandboxes and Connectathons

A sandbox is a public FHIR server with synthetic data that lets vendors and hospital development teams test integrations before production. A Connectathon is a live multi-party testing event where vendors plug in together, surface conflicting interpretations of the spec, and fix issues on the spot. The United States has Inferno, sponsored by ONC as the official test suite for certification criteria. Japan has an annual Connectathon hosted by JAHIS/JAMI. The EU runs gateway testing events as part of eHDSI.

Vietnam currently has no national-level FHIR sandbox or Connectathon. A practical roadmap is to coordinate with the IHE Asia-Pacific Connectathon (already hosted in Japan, South Korea, and Taiwan) to take rotating turns as host, while standing up a national sandbox tied to the VN Core IG. Initial costs are modest — a single public HAPI FHIR server is a viable starting point.

2.4. Vendor certification

ONC in the United States runs the ONC Health IT Certification program: vendors selling EHRs to facilities funded by Medicare or Medicaid must pass tests under §170.315(g)(10), covering FHIR R4 APIs, USCDI, OAuth 2.0, and SMART on FHIR. Vietnam could envisage a "BYT FHIR Certified" label with criteria such as: pass test cases on the VN Core IG, support SMART on FHIR, and comply with Law 91/2025 on personal data protection. Certification helps buyers (hospitals, provincial health departments) make faster decisions and gives vendors a clear target for investment.

One important caveat: certification should not become an entry barrier. If only one or two large vendors can pass, the market concentrates and prices rise. Criteria should be tiered (basic versus advanced) and allow vendors to certify individual modules instead of the full stack.

2.5. Compliance audit

Audit is the final step but is often skipped. Hospitals and vendors can self-attest to compliance, but without an inspection mechanism, attestation is just paperwork. Two viable audit models exist: spot checks via mandatory test bundles (the regulator sends a synthetic dataset and the system must process it correctly within a set time) and periodic field audits combined with the renewal of a healthcare facility's license.

On enforcement, Decree 90/2026/NĐ-CP (issued 30/03/2026) takes effect on 15/05/2026 and adds the framework for administrative penalties in the health sector. Until then, violations relating to data standards are handled under the existing framework, paired with sanctions under personal data protection rules in Law 91/2025 and Decree 356/2025 (with fines reaching up to 5% of the prior year's revenue).

3. Three international reference models

The three most prominent national FHIR governance models are ONC (United States), JAMI/MHLW (Japan), and eHDSI (EU). Each has a distinct philosophy that reflects the political institutions of its region.

3.1. ONC (United States) — top-down mandate

The Office of the National Coordinator for Health IT (ONC) sits within the U.S. Department of Health and Human Services (HHS). The 21st Century Cures Act (2016), together with the ONC Cures Act Final Rule (issued in 2020), established a detailed certification framework. Specifically: the §170.315(g)(10) criterion requires certified Health IT Modules and API developers to support a FHIR R4 standardized API for patient and population services, including the USCDI (US Core Data for Interoperability) data set via the US Core IG. The rule applies to certified modules; this indirectly constrains EHRs used by facilities receiving Medicare or Medicaid funding — but not every healthcare system in the country.

The strengths of the ONC model are clarity and force: fixed timelines, an official Inferno test suite, and "information blocking" penalties that can fine vendors and providers millions of dollars. The downsides: compliance burden is significant for small facilities, and the standardization tempo sometimes outpaces what the market can realistically deliver.

3.2. JAMI/MHLW (Japan) — community-led, government-supported

Japan takes the consensus path. JP Core IG is developed and maintained by the JAMI FHIR Domestic Implementation Working Group, not issued as a binding standard by Japan's Ministry of Health, Labour and Welfare (MHLW). The current JP Core documentation states explicitly: developed by the JAMI FHIR domestic implementation group, and not yet approved by HL7 Japan. Even so, MHLW has many projects and policies supporting FHIR and health data standards (for example, promoting health information exchange), creating a favorable environment for community-led implementation.

The Working Group brings together major hospitals, EHR vendors (Fujitsu, NEC, NTT DATA), JAHIS (the industry association), and research institutions. Specifications emerge from multi-stakeholder consensus. Strengths: high acceptance, low pushback, and continuity with the existing SS-MIX2 foundation. Weaknesses: slower than ONC; the line between "recommended" and "mandatory" is sometimes blurry.

3.3. eHDSI (EU) — federation

The European Health Data Space (EHDS) and the eHealth Digital Service Infrastructure (eHDSI) are coordinated by the European Commission. Each member state runs a National Contact Point for eHealth (NCPeH) that acts as a gateway. Two core use cases are already in production: Patient Summary (based on HL7's International Patient Summary) and ePrescription/eDispensation for travelers within the EU.

Strengths: respects each country's data sovereignty (every nation runs its own servers), with standardization only at the cross-border exchange layer. Weaknesses: federation is complex and requires each country to build domestic infrastructure first before connecting internationally; progress is gated by the slowest member.

4. A hybrid model for Vietnam

Vietnam should not copy any single model wholesale. The institutional context differs from the United States (no voluntary certification linked to insurance reimbursement like Medicare/Medicaid), from Japan (a smaller FHIR community, no industry association as strong as JAHIS), and from the EU (cross-border interoperability is not yet a top priority). The proposal is a hybrid: top-down on the legal instrument, community-driven on IG maintenance and the Working Group.

The overall structure could look like this:

[Ministry of Health (BYT) — lead]
   ↓ issues a Circular mandating use of the VN Core IG
   ↓ tied to Circular 13/2025/TT-BYT, Decree 102/2025, Decree 278/2025
[Department of Science, Technology and Training + Department of Medical Service Administration]
   ↓ runs the national sandbox and terminology server
[Vietnam Social Security (BHXH)]
   ↓ co-authors the IG for Claim/EOB (Decision 3176, Decision 697)
   ↓ maintains Decree 164/2025 — electronic transactions for social insurance
[Ministry of Information and Communications (BTTTT) — Information Security Department]
   ↓ coordinates Law 24/2018, Law 116/2025 (effective 01/07/2026)
   ↓ publishes security guidance for FHIR servers in Vietnam
[HL7 Affiliate Vietnam — community steward]
   ↓ maintains the VN Core IG, runs the multi-stakeholder Working Group
   ↓ hosts Connectathons, trains the workforce
[Industry — EHR vendors, hospitals, startups, research institutes]
   ↓ join the Working Group, test at Connectathons

The spirit of the model: policy must carry binding force (a Circular), but technical content must come from community consensus (the Working Group). The regulator does not need to write the IG itself — that is the job of the technical group. The regulator's job is to endorse, fund shared infrastructure, and ensure a continuous IG revision cycle.

Why hybrid instead of pure top-down: Vietnam does not yet have enough FHIR experts inside the public sector to write a complete IG on its own. Why hybrid instead of pure community: without binding force, vendors will favor proprietary formats that benefit them rather than the shared standard. The hybrid takes the strengths of both approaches.

5. Roles for BYT, BHXH, BTTTT, and HL7 Affiliate Vietnam

To prevent overlap in the hybrid model, each unit needs a clear scope. The table below summarizes the proposed division, grounded in current legal instruments and in the practice of the reference countries.

Important nuance: Decree 356/2025/NĐ-CP is a Government decree on personal data protection (not a BTTTT instrument), with the Ministry of Public Security as the lead advising body. BTTTT plays the information security role under Law 24/2018 and Law 116/2025, but is not the issuing authority for Decree 356. Drawing this distinction keeps the role assignment accurate and avoids jurisdictional disputes during implementation.

On the financing model: the Ministry of Health budget covers the national terminology server and sandbox (shared infrastructure). Membership fees from hospitals and vendors offset part of the Connectathon cost. Vendors can sponsor events. International funding sources are realistic options too — the WHO (Global Strategy on Digital Health 2020-2025), the World Bank, and the Asian Development Bank — particularly for the Affiliate's startup phase. OmiGroup has committed to contribute the open-source community VN Core IG project under a public-private partnership model with the HL7 community.

6. HL7 Affiliate Vietnam — 2026-2027 roadmap

HL7 International is a non-profit headquartered in the United States and the steward of HL7 v2, v3, CDA, and FHIR. HL7 International runs an Affiliate program for individual countries: each nation can establish a formal member organization (an Affiliate) representing its national community within HL7 International. HL7 Japan, HL7 Korea, HL7 Singapore, HL7 Taiwan, and HL7 Australia already exist. Vietnam does not yet have an Affiliate.

Why Vietnam needs an HL7 Affiliate

• An "official voice" inside HL7 International — the right to participate in ballots, contribute to specifications, and propose standard amendments.
• The right to use the "HL7 Vietnam Affiliate" mark on the national Implementation Guide, lending it official legitimacy.
• Networking with Asia-Pacific Affiliates — Japan, Korea, Singapore, Australia — to learn from their experience and coordinate regionally.
• A legal entity for hosting Connectathons, offering certified training, and signing partnerships with government agencies.

Proposed roadmap 2026-2027

Two caveats on this roadmap. First, all milestones above are community-initiated targets — outcomes depend on Ministry of Health alignment and HL7 International feedback, and may slip by one or two quarters. Second, an Affiliate carries membership fees tiered by national GDP; this falls under community operating costs and needs a financial plan from day one.

7. Five common pitfalls in national FHIR programs

Experience from the United States, Japan, the United Kingdom, and Australia shows a recurring pattern of mistakes across countries. Below are the five most important pitfalls Vietnam's regulators should avoid.

Pitfall 1 — Mandating before infrastructure is ready

Issuing a Circular with a deadline before there is a public sandbox, a terminology server, or Vietnamese-language guidance is the fastest way to push vendors into "compliance theater". The United Kingdom hit this when the NHS set its first FHIR deadline without a test suite — the result was that many implementations passed the paperwork but could not actually interoperate. Rule of thumb: infrastructure should land at least 6-12 months ahead of the binding text.

Pitfall 2 — Skipping terminology governance

If every hospital builds its own CodeSystem for medications, technical services, and specialty codes, the national IG becomes meaningless. Issuing a code system is one thing; running a terminology server with a release cycle, versioning, and backward compatibility is another — and it matters far more. Vietnam has issued many Decisions on codes; the next step is the operational layer.

Pitfall 3 — Publishing without a Connectathon

A legal instrument is not proof of compliance. Without recurring multi-party testing events, no one knows which systems can actually interoperate. A Connectathon is the mechanism that surfaces conflicting interpretations of a spec — vendor A reads a clause one way, vendor B reads it another, and only when they connect do the gaps show up. One Connectathon a year is the bare minimum.

Pitfall 4 — Vendor lock-in for the regulator

When certification criteria are too complex, or when only a couple of large vendors can pass them, the market concentrates. Hospitals lose choice, prices go up, and innovation suffers. The fix: tier certification criteria (basic versus advanced), allow per-module certification rather than full-stack, and adopt support policies for domestic vendors and startups.

Pitfall 5 — No revision cycle for the IG

FHIR and medicine both change continuously. ICD-10 has updates, SNOMED CT releases twice a year, and profiles need adjustment when new laws land (such as Resolution 202/2025/QH15 reorganizing the country into 34 provinces, Law 91/2025, and Circular 13/2025/TT-BYT). If the IG ships without a revision mechanism — clear release cadence, a defect reporting channel, a change process — it will be outdated within 12-18 months. JP Core releases annually; US Core releases twice a year. These are the benchmarks to follow.

8. Frequently asked questions

Should the Ministry of Health issue a Circular making FHIR mandatory right away?

Recommendation: hold off on hard mandates until the VN Core IG reaches a stable 1.0, the public sandbox is live, the terminology server is operational, and at least one Connectathon has been held. Until then, use incentives (preference in procurement, recognition in EMR certification under Circular 13/2025) instead of prohibitions and fines.

Do we need a new law, or is a Circular enough?

A Circular is enough. The legal basis is already in place: the Law on Medical Examination and Treatment 2023, Circular 13/2025/TT-BYT on EMRs, Decree 102/2025/NĐ-CP on digital health data, and Decree 278/2025/NĐ-CP on data connection and sharing. A Ministry of Health Circular stating that "when implementing electronic medical records and connectivity under the above instruments, systems must conform to the VN Core IG" provides sufficient binding force.

Does the HL7 Affiliate carry membership fees?

Yes. HL7 International publishes a fee schedule for individual and organizational members, tiered by national GDP and organization size. Vietnam falls into the middle-income tier. The fee belongs to community operating costs and can be shared across participating organizations.

Can the community translate and redistribute the VN Core IG?

Yes — provided the IG is licensed under Creative Commons (we recommend CC-BY-4.0). The community VN Core IG at hl7.org.vn is being built under this license. Translation into English, redistribution, and even derivative works are permitted as long as attribution is preserved.

Will Vietnam Social Security share governance over Claim/EOB?

This is an important open question. BHXH currently maintains the XML 4210 format (under the chain of revisions ending with Decision 3176/QĐ-BYT) for BHYT settlement data. The proposal is for BHXH to co-author the Claim/EOB section of the VN Core IG — not replacing 4210 immediately, but providing a parallel mapping that lets vendors transition gradually. This approach preserves backward compatibility while opening the door to FHIR-native exchange.

What exactly does the BTTTT Information Security Department do?

The Information Security Department (BTTTT) is responsible for information security under Law 24/2018/QH14 and is preparing to implement Law 116/2025/QH15 (effective 01/07/2026). Its role in FHIR governance: issuing technical security guidance for FHIR servers (TLS, OAuth 2.0, SMART on FHIR), requiring access log retention (AuditEvent), and inspecting critical information systems. Note: Decree 356/2025/NĐ-CP on personal data protection is a Government instrument with the Ministry of Public Security as the lead — outside BTTTT's jurisdiction.

9. Further reading and references

Other knowledge hub pages directly relevant to national FHIR governance:

Official legal references

• TT-13-2025 — Circular 13/2025/TT-BYT: Electronic medical records (issued 06/06/2025, effective 21/07/2025).
• ND-102-2025 — Decree 102/2025/NĐ-CP: Management of digital health data (issued 13/05/2025, effective 01/07/2025).
• ND-278-2025 — Decree 278/2025/NĐ-CP: Data connection and sharing (effective 22/10/2025; standardization milestone 31/12/2026).
• L-91-2025 — Law 91/2025/QH15: Personal Data Protection (effective 01/01/2026).
• ND-356-2025 — Decree 356/2025/NĐ-CP: Implementation guidance for the PDP Law (effective 01/01/2026).
• L-24-2018 — Law 24/2018/QH14: Cybersecurity.
• L-116-2025 — Law 116/2025/QH15: Cybersecurity (amended) (effective 01/07/2026 — future-effective).
• ND-90-2026 — Decree 90/2026/NĐ-CP: Administrative penalties in the health sector (issued 30/03/2026, effective 15/05/2026 — future-effective).
• QD-3176-BYT — Decision 3176/QĐ-BYT: KCB output data standard (29/10/2024).
• QD-697-BYT — Decision 697/QĐ-BYT: KCB billing summary template (issued 19/03/2026, deployed 01/07/2026).

International model references

• ONC Cures Act Final Rule — HealthIT.gov
• ONC §170.315(g)(10) Standardized API Criterion
• Inferno Framework — the official ONC test suite
• US Core Implementation Guide
• JP Core Implementation Guide — JAMI FHIR WG
• eHDSI — Electronic Cross-Border Health Services (EU)
• WHO Global Strategy on Digital Health 2020-2025

FHIR R4 technical references

• FHIR R4 (4.0.1) — official HL7 International specification
• FHIR R4 — ImplementationGuide Resource
• FHIR R4 — CapabilityStatement Resource
• HL7 International — Affiliate Program
• VN Core IG (CI build) — hl7vn repository at the Ministry of Health