Inferensys

Glossary

SMART on FHIR

An open, standards-based technology platform that enables developers to create substitutable, interoperable medical applications that run seamlessly across different electronic health record systems using the FHIR API and OAuth 2.0.
Overhead shot of a beautifully lit strategy meeting in a modern WeWork hot desk area, designers and executives gathered around a live AI system diagram projected on smart table surface.
SUBSTITUTABLE MEDICAL APPLICATIONS & REUSABLE TECHNOLOGIES

What is SMART on FHIR?

An open, standards-based technology platform that enables developers to create substitutable, interoperable medical applications that run seamlessly across different electronic health record systems using the FHIR API and OAuth 2.0.

SMART on FHIR is an open specification that defines a standardized framework for launching third-party clinical applications from within any compliant Electronic Health Record (EHR) system. It combines the FHIR API for data access with the OAuth 2.0 authorization protocol to enable secure, single-sign-on connectivity, allowing a single app to run unmodified across different vendor systems without custom integration code.

The platform architecture mandates a strict separation between the application logic and the underlying data system, ensuring substitutability. By defining standardized profiles for scopes, launch contexts, and token introspection, SMART on FHIR guarantees that a clinician can invoke a risk calculator or a patient-facing portal from any certified EHR, with the app receiving a consistent, structured view of the patient record in real time.

SUBSTITUTABLE MEDICAL APPS

Core Characteristics of SMART on FHIR

SMART on FHIR defines a universal platform for launching interoperable clinical applications. It combines the FHIR data model with OAuth 2.0 security to create a plug-and-play ecosystem where apps can run against any compliant EHR.

01

Substitutability & App Launch

The core design goal is substitutability—a single app can run unmodified across different EHR systems. This is achieved through a standardized launch protocol where the EHR passes context (patient ID, encounter ID) to the app via a signed token. The app then queries the FHIR API for data, decoupling the UI from the data source.

02

OAuth 2.0 Authorization Model

Security is handled by OAuth 2.0 with OpenID Connect. The app never sees user credentials. Instead, it receives a scoped access token after a clinician authorizes it. Key scopes define granular access:

  • patient/*.read: Access to patient-facing data
  • user/*.read: Access to user-level data
  • launch: Permission to be launched from the EHR
03

SMART App Manifest

Every app declares its capabilities via a JSON manifest hosted at a well-known URL. The manifest defines:

  • Launch modes: EHR launch, standalone launch, or both
  • FHIR version: R4, R5, etc.
  • Required scopes: The OAuth permissions the app needs
  • Redirect URIs: Valid callback endpoints for the auth flow This allows EHRs to dynamically discover and configure apps.
04

CDS Hooks Integration

SMART on FHIR powers CDS Hooks, a decision-support specification. Instead of a user launching an app, the EHR triggers a hook (e.g., patient-view, order-select) and sends a request to a remote CDS service. The service returns cards with suggestions, links to SMART apps, or informational text, enabling real-time, context-aware clinical guidance.

05

Bulk Data Access

For population health and analytics, SMART defines a Flat FHIR bulk export protocol. An authorized client can request an asynchronous export of all patients or a defined cohort. The EHR generates compressed NDJSON files and returns a manifest with download links. This enables large-scale data extraction without overwhelming the API with individual resource requests.

06

SMART Web Messaging

A newer specification enabling tight UI integration between an EHR and an embedded SMART app. Using window.postMessage, the app can request the EHR to perform actions like:

  • Opening a patient's chart
  • Navigating to a specific encounter
  • Displaying a medication order screen This moves beyond simple data access to bidirectional workflow interaction.
SMART ON FHIR

Frequently Asked Questions

Clear answers to common questions about the SMART on FHIR specification, its security model, and how it enables substitutable medical applications across electronic health record systems.

SMART on FHIR is an open, standards-based technology platform that enables developers to create interoperable healthcare applications that run seamlessly across different electronic health record (EHR) systems. It combines the Substitutable Medical Applications and Reusable Technologies (SMART) framework with the Fast Healthcare Interoperability Resources (FHIR) API standard. The platform works by defining a standardized launch protocol where a clinician opens a SMART app from within their EHR session, the app receives a launch context containing patient and encounter identifiers, and then securely accesses clinical data through FHIR RESTful API calls. This architecture decouples the application layer from the underlying EHR, allowing a single app to be written once and deployed across multiple health systems without customization. The specification was originally developed through a collaboration between Boston Children's Hospital Computational Health Informatics Program and the Harvard Medical School Department of Biomedical Informatics, and is now maintained by HL7 International.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.