---

slug: smart-on-fhir title: SMART on FHIR: The Future of Health Apps titleZh: SMART on FHIR：健康应用的未来 category: fhir description: SMART on FHIR enables developers to build apps that seamlessly integrate with any FHIR-compatible electronic health record system. descriptionZh: SMART on FHIR 使开发者能够构建与任何兼容 FHIR 的电子健康记录系统无缝集成的应用。 keywords: [SMART on FHIR, FHIR apps, EHR integration, OAuth healthcare, health API] last_updated: January 2025 difficulty: intermediate readTime: 10 relatedArticles: [what-is-fhir, fhir-vs-hl7]

SMART on FHIR: The Future of Health Apps

SMART on FHIR (Substitutable Medical Apps, Reusable Technology, Fast Healthcare Interoperability Resources) is a set of open specifications that enable developers to build healthcare applications that work with any FHIR-compatible electronic health record (EHR) system.

What Makes SMART on FHIR Different?

Traditional healthcare app development required:

• Custom integrations for each EHR vendor
• Proprietary APIs and authentication methods
• Expensive and time-consuming certification processes

SMART on FHIR provides:

• Universal integration: Write once, run on any compatible EHR
• Standardized authentication: OAuth 2.0 for secure access
• App marketplace model: Easy distribution to healthcare providers
• Patient access: Patients can grant apps access to their own data

How It Works

1. OAuth 2.0 Authentication

SMART on FHIR uses OAuth 2.0 for secure, delegated access:

┌─────────────┐          ┌─────────────┐          ┌─────────────┐
│   Patient   │          │     App     │          │     EHR     │
│  (Resource  │  grants  │  (Client)   │  requests │ (Resource   │
│   Owner)    │ ────────→ │             │ ────────→ │   Server)   │
└─────────────┘          └─────────────┘          └─────────────┘
      │                       │                         │
      │                       │  ←─────────────       │
      │                       │  Access Token         │
      │                       └───────────────────────┘

2. Scopes and Permissions

Apps request specific access through scopes:

| Scope | Description | |-------|-------------| | patient/*.read | Read all patient data | | patient/Patient.read | Read patient demographics | | patient/Observation.read | Read observations (lab results, vitals) | | launch/patient | App launches in patient context | | launch/encounter | App launches in encounter context |

Core Components

SMART Launch

Two launch contexts:

Patient Launch: Patient accesses an app through their patient portal

1. Patient selects app in EHR portal
2. EHR redirects to app with launch context
3. App requests authorization
4. Patient approves access
5. App receives access token

Provider Launch: Provider launches app during clinical workflow

1. Provider selects app within EHR
2. App receives provider and patient context
3. Provider approves access (if needed)
4. App receives access token

FHIR Resources

Apps access standard FHIR resources:

// Get patient demographics
GET /Patient/{id}

// Get conditions
GET /Condition?patient={id}

// Get medications
GET /MedicationRequest?patient={id}

// Get observations (lab results, vitals)
GET /Observation?patient={id}

Building Your First SMART on FHIR App

Step 1: Register Your App

Register with EHR vendors or use public test servers:

• SMART Health IT: Public sandbox
• Logica: FHIR server for testing
• Epic: Developer portal (production)

Step 2: Implement OAuth 2.0

// Authorization flow example
const authUrl = `https://ehr.example.com/authorize?
  response_type=code
  &client_id=${clientId}
  &scope=patient/*.read
  &redirect_uri=${redirectUri}
  &state=${state}
  &aud=${fhirServiceUrl}`;

// Exchange code for token
const tokenResponse = await fetch(tokenUrl, {
  method: 'POST',
  body: JSON.stringify({
    grant_type: 'authorization_code',
    code: authorizationCode,
    redirect_uri: redirectUri,
    client_id: clientId
  })
});

Step 3: Access FHIR Resources

// Use access token to get patient data
const response = await fetch(`${fhirServiceUrl}/Patient/${patientId}`, {
  headers: {
    'Authorization': `Bearer ${accessToken}`
  }
});

const patient = await response.json();

Popular Use Cases

Clinical Decision Support

Apps that provide:

• Drug interaction checking
• Clinical guideline reminders
• Diagnostic support tools

Patient-Facing Apps

• Patient portals
• Wellness tracking apps
• Chronic disease management
• Medication adherence tools

Population Health

• Disease registries
• Quality measurement
• Reporting dashboards

EHR Vendor Support

| Vendor | SMART on FHIR Support | Notes | |--------|----------------------|-------| | Epic | ✅ Full | Requires developer registration | | Cerner | ✅ Full | Code management platform | | Allscripts | ✅ Full | Developer program available | | Athenahealth | ✅ Full | Open API | | Oracle Health | ✅ Partial | Growing support |

Certification

SMART on FHIR apps can be certified through:

• HL7 FHIR Core: Basic FHIR conformance
• ONC Health IT Certification: For US market
• EHR vendor programs: Vendor-specific certification

Best Practices

1. Start with public sandboxes before production integration
2. Handle token refresh proactively
3. Implement proper error handling for expired tokens
4. Follow SMART guidelines for UI/UX
5. Test with multiple EHR systems for compatibility
6. Document your scopes clearly for users

Resources

• SMART Health IT - Official documentation
• HL7 FHIR - FHIR specifications
• SMART App Gallery - Example apps

Summary

SMART on FHIR represents a paradigm shift in healthcare application development:

• One integration works across multiple EHR systems
• Standard authentication reduces development complexity
• Patient-controlled data access improves privacy
• Growing ecosystem of tools and libraries

Whether you're building patient-facing apps or clinical tools, SMART on FHIR provides the foundation for the next generation of healthcare applications.