Helix AU Core - Local Development build (v0.1.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Smart on Fhir

Overview

SMART on FHIR (Substitutable Medical Applications, Reusable Technologies on Fast Healthcare Interoperability Resources) is a healthcare interoperability standard that provides a consistent, secure, and efficient method to exchange healthcare data between applications and EHR (Electronic Health Record) systems.

Key Features

1. Interoperability: SMART on FHIR enables the exchange of healthcare data between different systems using the FHIR standard. Applications developed with SMART on FHIR are compatible with any EHR system that implements the SMART on FHIR standard.
2. Security: SMART on FHIR uses OAuth2 and OpenID Connect for secure authorisation and authentication, to ensure that only authorised applications can access healthcare data.
3. Standardised Data Models: FHIR provides standardised data models for different types of healthcare data, such as patients, observations, and medications. This makes it easier for developers to work with healthcare data.

Development Workflow

1. Register your application: Register your application with the Helix Integrations team. This typically involves providing some information about your application, such as name, description, and the URL where it can be accessed.
2. Authorise your application: Use the OAuth 2.0 framework to authorise your application to access healthcare data. This is done using the Helix identity provider to provide a Single Sign-On experience for the user. A token is provided with the launch context that can be sent from the application to the FHIR server for authorisation. The application will be granted access only to the data and operations required for its intended functionality.
3. Access healthcare data: Once your application is authorised, it can use the Helix FHIR API to access Helix FHIR data. This involves sending HTTP requests to the FHIR server and processing the responses.

Launch Context

For SMART on FHIR, Launch context is a set of information that is passed to a web-based application when it is launched. This context can include various types of information such as the currently selected patient, clinical encounter and styling information. It is used to securely pass information from the EHR system to the app, enabling the app to provide a user experience that is tailored to the current user’s context. For example, if a doctor is viewing a patient’s record in the EHR and then launches an app, the app can use the launch context to automatically display information relevant to that patient.

The standard process for building a SMART on FHIR web application consists of the following steps:

1. Register your application: Refer to step 1 in Development Workflow.
2. Receive the launch context: When your application is launched from Helix, it will be provided with a launch context. This context is typically included as a parameter in the URL used to launch the app.
3. Exchange the launch context for an access token: Your application should then exchange the launch context for an access token by making a POST request to the authorisation server. This request should include the launch context, your application's client ID and client secret (obtained when you registered your app), and the scopes your application needs to access.
4. Parse the access token: The access token returned by the authorisation server is a JSON Web Token (JWT) that contains the launch context. Your app should parse this token to extract the launch context.
5. Use the launch context: The launch context contains information about the current user, patient, and other relevant data. Your application can use this information to tailor its user interface and functionality to the current context.
6. Handle errors: If there is an error while requesting the access token or parsing the launch context, your application should handle these errors appropriately and provide an informative error message to the user.

More Information

1. SMART on FHIR Specification: here
2. Smart App Launch Implementation Guide: Launch and Authorization
3. Smart App Launch Implementation Guide: Scopes and Launch Context
4. SMART on FHIR authorisation uses the Authorization Code OAuth 2.0 flow. You can find more details here: Authorisation Code Flow.
5. For SMART on FHIR development, you must use a library to manage the authorisation flows, such as SMART on FHIR Javascript Library.