SMART on FHIR is an open specification that defines a standardized framework for launching third-party clinical applications from within any compliant Electronic Health Record (EHR) system. It combines the FHIR API for data access with the OAuth 2.0 authorization protocol to enable secure, single-sign-on connectivity, allowing a single app to run unmodified across different vendor systems without custom integration code.
Glossary
SMART on FHIR

What is SMART on FHIR?
An open, standards-based technology platform that enables developers to create substitutable, interoperable medical applications that run seamlessly across different electronic health record systems using the FHIR API and OAuth 2.0.
The platform architecture mandates a strict separation between the application logic and the underlying data system, ensuring substitutability. By defining standardized profiles for scopes, launch contexts, and token introspection, SMART on FHIR guarantees that a clinician can invoke a risk calculator or a patient-facing portal from any certified EHR, with the app receiving a consistent, structured view of the patient record in real time.
Core Characteristics of SMART on FHIR
SMART on FHIR defines a universal platform for launching interoperable clinical applications. It combines the FHIR data model with OAuth 2.0 security to create a plug-and-play ecosystem where apps can run against any compliant EHR.
Substitutability & App Launch
The core design goal is substitutability—a single app can run unmodified across different EHR systems. This is achieved through a standardized launch protocol where the EHR passes context (patient ID, encounter ID) to the app via a signed token. The app then queries the FHIR API for data, decoupling the UI from the data source.
OAuth 2.0 Authorization Model
Security is handled by OAuth 2.0 with OpenID Connect. The app never sees user credentials. Instead, it receives a scoped access token after a clinician authorizes it. Key scopes define granular access:
patient/*.read: Access to patient-facing datauser/*.read: Access to user-level datalaunch: Permission to be launched from the EHR
SMART App Manifest
Every app declares its capabilities via a JSON manifest hosted at a well-known URL. The manifest defines:
- Launch modes: EHR launch, standalone launch, or both
- FHIR version: R4, R5, etc.
- Required scopes: The OAuth permissions the app needs
- Redirect URIs: Valid callback endpoints for the auth flow This allows EHRs to dynamically discover and configure apps.
CDS Hooks Integration
SMART on FHIR powers CDS Hooks, a decision-support specification. Instead of a user launching an app, the EHR triggers a hook (e.g., patient-view, order-select) and sends a request to a remote CDS service. The service returns cards with suggestions, links to SMART apps, or informational text, enabling real-time, context-aware clinical guidance.
Bulk Data Access
For population health and analytics, SMART defines a Flat FHIR bulk export protocol. An authorized client can request an asynchronous export of all patients or a defined cohort. The EHR generates compressed NDJSON files and returns a manifest with download links. This enables large-scale data extraction without overwhelming the API with individual resource requests.
SMART Web Messaging
A newer specification enabling tight UI integration between an EHR and an embedded SMART app. Using window.postMessage, the app can request the EHR to perform actions like:
- Opening a patient's chart
- Navigating to a specific encounter
- Displaying a medication order screen This moves beyond simple data access to bidirectional workflow interaction.
Frequently Asked Questions
Clear answers to common questions about the SMART on FHIR specification, its security model, and how it enables substitutable medical applications across electronic health record systems.
SMART on FHIR is an open, standards-based technology platform that enables developers to create interoperable healthcare applications that run seamlessly across different electronic health record (EHR) systems. It combines the Substitutable Medical Applications and Reusable Technologies (SMART) framework with the Fast Healthcare Interoperability Resources (FHIR) API standard. The platform works by defining a standardized launch protocol where a clinician opens a SMART app from within their EHR session, the app receives a launch context containing patient and encounter identifiers, and then securely accesses clinical data through FHIR RESTful API calls. This architecture decouples the application layer from the underlying EHR, allowing a single app to be written once and deployed across multiple health systems without customization. The specification was originally developed through a collaboration between Boston Children's Hospital Computational Health Informatics Program and the Harvard Medical School Department of Biomedical Informatics, and is now maintained by HL7 International.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
SMART on FHIR relies on a stack of complementary standards and architectural patterns to deliver secure, substitutable medical applications.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us