Search
K
< Back

SMART on FHIR

Use SMART on FHIR to launch secure, user-facing applications that support contextual authorization, consent enforcement, and patient-specific data access. This protocol allows third-party applications to integrate into EHR portals or provider workflows using OAuth 2.0.

Key Capabilities

  • Embedded launch Enables apps to open from within EHR portals or external systems with a pre-authorized user context.
  • Contextual access Passes patient, encounter, and user identity to the launched app, supporting filtered FHIR queries.
  • Consent-aware behavior Ensures access to protected data is consistent with patient consent and authorization scopes.
  • Token-based access Issues short-lived access tokens tied to user role, scopes, and selected patient context.

Typical Workflow

  1. The EHR or portal constructs a SMART launch URL and redirects the user to the application.
  2. The app receives the launch context and uses it to initiate an OAuth 2.0 authorization code flow.
  3. Upon successful login and consent, the app receives an access token and optional refresh token.
  4. The app uses the token to call FHIR APIs with access limited to the authorized patient and scopes.