Helix AU Core
0.1.0 - ci-build

Helix AU Core - Local Development build (v0.1.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Smart on Fhir

SMART on FHIR

Overview

SMART on FHIR (Substitutable Medical Applications, Reusable Technologies on Fast Healthcare Interoperability Resources) is a healthcare interoperability standard that provides a consistent, secure, and efficient method to exchange healthcare data between applications and Electronic Health Record (EHR) systems.

Key Features

  1. Interoperability: SMART on FHIR enables the exchange of healthcare data between different systems using the FHIR (Fast Healthcare Interoperability Resources) standard. This means that an application developed using SMART on FHIR can be used with any EHR system that also supports this standard.
  2. Security: SMART on FHIR uses OAuth2 and OpenID Connect for secure authorization and authentication. This ensures that only authorised applications can access healthcare data.
  3. Standardised Data Models: FHIR provides standardized data models for different types of healthcare data, such as patients, observations, and medications. This makes it easier for developers to work with healthcare data.

Development Workflow

  1. Register Your Application: Register your application with the Helix Integrations team. This typically involves providing some information about your application, such as its name, description, and the URL where it can be accessed.
  2. Authorise Your Application: Use the OAuth2 protocol to authorise your application to access healthcare data. This is done using the Helix identity provider to provide a Single Sign-On experience for the user. A token is provided with the launch context for the application to provide to the FHIR server for authorisation. Your application will only be authorised for the data and opperations it requires to function.
  3. Access Healthcare Data: Once your application is authorised, it can use the FHIR API to access Helix FHIR data. This involves sending HTTP requests to the FHIR server and processing the responses.

Launch Context

For SMART on FHIR, the “launch context” is a set of information that is passed to a web-based application when it is launched. This context can include various types of information such as the currently selected patient, clinical encounter, styling information, etc. It is used to securely pass information from the EHR (Electronic Health Record) system to the app, enabling the app to provide a user experience that is tailored to the current user’s context. For example, if a doctor is viewing a patient’s record in the EHR and then launches an app, the app can use the launch context to automatically display information relevant to that same patient.

The typical steps a SMART on FHIR web application developer would follow are:

  1. Register Your Application: Register your application with the Helix Integrations team. This typically involves providing some information about your application, such as its name, description, and the URL where it can be accessed.
  2. Receive the Launch Context: When your application is launched from Helix, it will be provided with a launch context. This context is typically passed as a parameter in the URL used to launch your app.
  3. Exchange the Launch Context for an Access Token: Your application should then exchange the launch context for an access token by making a POST request to the authorisation server. This request should include the launch context, your application's client ID and client secret (obtained when you registered your app), and the scopes your app needs to access.
  4. Parse the Access Token: The access token returned by the authorisation server is a JSON Web Token (JWT) that contains the launch context. Your app should parse this token to extract the launch context.
  5. Use the Launch Context: The launch context contains information about the current user, patient, and other relevant data. Your app can use this information to tailor its user interface and functionality to the current context.
  6. Handle Errors: If there is an error while requesting the access token or parsing the launch context, your app should handle these errors gracefully and provide a useful error message to the user.

More Information

  1. SMART on FHIR Specification: here
  2. Smart App Launch Implementation Guide: Launch and Authorization
  3. Smart App Launch Implementation Guide: Scopes and Launch Context
  4. SMART on FHIR authorisation uses the Authorization Code OAuth2 flow. More details can be found here Authorisation Code Flow.
  5. For SMART on FHIR development we recommended the use of a library such as SMART on FHIR Javascript Library to handle the authorisation flows.