SMART on FHIR Supports Safe Access to Healthcare Data

September 13, 2016 Dr. David Hay, Product Strategist & Dealla Smith, RN, Clinical Marketing

If a burglar enters your home, or there is a fire, your most high-valued and loved possessions, can be lost.

The result: you are left feeling personally invaded, or without somewhere to live.

So, to protect ourselves and our homes, we add security such as deadbolts and fire alarms. This increased security helps to deter burglars, reduce risk, and ensures your safety.

In healthcare, we face similar security challenges. We need to ensure we are aware of potential risks and do everything we can to protect our very valuable personal health information. Security measures such as SMART should also be applied to standards in healthcare data integration. SMART (Substitutable Medical Applications and Reusable Technologies) adds a layer of security in front of FHIR interfaces to support safe access to data held within an EHR or any other repository.

FHIR®, or Fast Healthcare Interoperability Resources, is one of the next generation HL7® standards in healthcare data integration. It focuses on decreasing interoperability costs and unlocking technical innovation in healthcare by supporting an open ecosystem of information providers and consumers via open APIs. But with any API, and particularly one that exposes personal health information (PHI), security issues need consideration. So SMART adds a layer of security to reduce the risk of a patient’s medical record being “burgled,” or the information being lost in a “house fire.

SMART is not yet as well-known as FHIR, but healthcare organizations and national bodies, through projects such as Argonaut, are taking an active interest in its development. SMART leverages the existing standards OAuth2 for authentication and authorization, OpenID Connect for user identity, and standardizes the process of negotiating access to information and operations between app and server. It also describes a process by which an EHR application can launch an external app, preserving context (patient and user) and providing safe access to the data within the EHR or, indeed, any other repository of healthcare data.

By utilizing these commonly used standards, FHIR and SMART work together to provide secure and safe access to data held within an EHR, or any data repository using a well-known API managed by the custodian of the clinical data. With the growing support for SMART by large healthcare organizations, vendors, providers, and national bodies, this will promote free-flowing healthcare information that in turn can lead to different "specialist" applications. These applications, each focused on some aspect of healthcare delivery, can access data from different data sources, creating numerous "sidecar" applications and truly enabling the open healthcare ecosystem.


Learn how to maximize security by adding SMART(s) to your FHIR APIs. Download the white paper now.

Previous Article
5 Population Health Essentials You Need to Focus On Now
5 Population Health Essentials You Need to Focus On Now

Anil Jain, M.D., vice president of IBM Watson Health, described in an article last week the five key areas ...

Next Article
Beyond Pokémon Go: 3 Ways Augmented Reality Will Alter Healthcare Forever
Beyond Pokémon Go: 3 Ways Augmented Reality Will Alter Healthcare Forever

The rapid rise of Pokémon Go served as the catalyst for a brave new augmented world. A primitive and earl...


Subscribe to our Blog!

First Name
Last Name
Thank you!
Error - something went wrong!