Blog Layout

What is SMART on FHIR Apps? - Ushering in a new era of standards based interoperable health app platform

What is SMART on FHIR Apps?

The current healthcare scenario expects a seamless omnichannel or a “digital front door” which is essential in order to deliver the personalized, value-based healthcare. In practice, however, implementing this digital front door strategy is challenging for most healthcare systems, due to the fragmented nature of healthcare information.


The birth of SMART on FHIR era 


Thousands of healthcare apps exist and can be easily downloaded but getting them to work with an existing backend system is not easy as apps come with their proprietary databases, data models, and interfaces. Each new app deployed immediately becomes a legacy product, creating silos of data throughout the organization each connected to the main database with individual integrations. 


While FHIR revolutionized the exchange of data in real time with its incremental structure and RESTful architecture, it had few limitations as well. FHIR only defined the data models, ontologies, and the method to exchange the information with a FHIR server but did not define the security mechanism to access the data. 


To close this gap the SMART Health IT project was developed which created the SMART app platform. The SMART Health IT Project was launched with an idea. The idea was to have a universal API (application programming interface) transform electronic health records (EHRs) into platforms for substitutable applications. Substituting applications gives providers the freedom to try out different technology solutions and to pick what works best for them.


SMART is an acronym for Substitutable Medical Applications and Reusable Technologies and is a platform which promises to solve these data fragmentation challenges by standardizing how patient data is accessed and shared. SMART framework has now become a standard to facilitate the development of interchangeable healthcare applications compatible with any healthcare organization, regardless of EHR.


The SMART app platform builds on the existing FHIR standard, hence known as “SMART on FHIR”.


In the SMART on FHIR framework SMART handles the application side while FHIR is all about the data. Together, the SMART on FHIR creates a complete framework to build healthcare applications that runs across any healthcare system with a seamless user experience for the clinicians, in a secure manner, without having to create custom, non-standard applications.


Any technology built with SMART works with any EHR database using SMART. As a result, healthcare technology becomes interchangeable, allowing health systems and patients to access data on the applications that best suit their needs, rather than only the ones that work with the EHR database they use.


Following are some of the highlights:


  • FHIR standardizes data, while SMART standardizes data access.
  • FHIR standardizes the representation of clinical concepts such as allergies and medications in any clinical application such as an EHR.
  • SMART standardizes the process through which a third-party application could plug into a clinical application and access that clinical information. It provides a security layer that sits on top of FHIR interfaces, giving approved applications access to the data within an EHR or any other SMART on FHIR compliant repository using OAuth2.0 and OpenID Connect.
  • SMART provides open-source tools and libraries for developers that make it easier to use SMART standards during application development as well as a free sandbox that helps developers test their apps before deployment
  • SMART provides an application gallery that displays all of the existing healthcare applications that currently uses SMART on FHIR's platform.


Components


SMART constrains FHIR with “SMART based” profiles and adds standard authorization and authentication technologies (OAuth 2.0 and OpenID Connect) as well as EHR UI integration patterns to provide an open health app platform. The deep integration permits the inclusion of SMART-enabled HTML apps directly into the clinical workflow as a plug-and-play” solution.


Following are the components:


1. Authorization


OAuth2 is a Web standard for authorization. Its key function is to enable an end user such as a patient or a clinician to approve a third-party app to access a specific set of data from a clinical application such as an EHR. SMART on FHIR specifies how apps obtain authorization tokens transmitted via OAuth 2 technology. The scope of access tokens is kept narrow so that, an app working with a patient record requests a limited data access that is only valid for querying that patient's data. 


2. Authentication


OpenID Connect is a Web standard for authentication. It allows end users to sign into apps using external identity providers. OpenID Connect provides the ability to sign in to the app without the need to open a new account each time an app is opened. Once logged in the users can then switch between different health apps that share PHI data without signing in individually into every single app. These apps will work with the EHRs eliminating the need to toggle between tabs, windows, or extra portals.


3. UX integration


UX integration of SMART on FHIR puts the user experience of an app inside the clinician’s workflow such as EHR. The app would be already aware of the context within the workflow such as the patient record. UX integration will embed an app within an EHR such that it already knows about the patient context. If there is a growth chart app running with the patient record open, the growth chart app would know the patient in context.


4. Implementation


Launching an app outside the EHR such as the Home screen of a mobile device: Standalone launch


In this workflow user launches an app in the device and the connection process begins. The EHR will need to sign in and authorize the user. Post signing in, the EHR will display an authorization screen in which it seeks the user’s permission to access the data. Upon getting approval the user will be redirected to the app which gets some information that it can use to access the desired data, namely an access token, user ID token, and information about the context like the patient record that is currently opened in the EHR. With this information it begins to interact with the FHIR API in the EHR system. It sends a request to fetch the demographics or the lab results of the patient in context. The FHIR API will then respond with the appropriate FHIR Resources back to the app.

Launching an app from within the EHR: The EHR App launch


This workflow will get triggered when the user navigates to a particular screen or tab in the EHR. E.g navigating to a Growth chart tab in the EHR, and the user gets navigated to the app by opening an inline frame or an embedded window onto that app’s url.

 

The user will likely click a button within the EHR to launch the desired app and the EHR opens up the browser context. The EHR opens up the app launch url and passes along a key parameter like the launch id which ties the whole session together. The app now has control inside the browser context and the OAuth process then begins. It sends the user back to the EHR to complete the authorization process. Thereafter the OAuth workflow proceeds similar to the standalone app. In the end, the app gets the access token, using that to issue FHIR API requests and fetch FHIR Resources back from the Server. The app will then run embedded in the EHR screen.



What is Smart on FHIR?

SMART Authorization Scopes


This specifies the particular set of data access request by the app. SMART authorization scope is based on the principle that an app will get access to all the data that it needs but not the data that it does not need.

 

Each time an app launches it seeks for the data that it needs to do its job and is known as “Scopes” in oAuth parlance. SMART defines a set of Scopes that apps can ask for, which defines the permission that they need. E.g an app needs access to a patient’s immunization record to display as a chart in the immunization record. So the app will seek a “Scope” which will convey what access the app needs. Scope in this case will be comprised of the following:


Patient/immunization.read

(Access type)(FHIR Resource) (Permission)


The app in question will pass this scope and the user or server will approve the access for this scope. Apps request such scopes each time they launch which serves to limit the access its requesting. Therefore apps request data segregated by FHIR Resource type.


SMART Health IT App gallery


SMART Health IT App gallery is a hub for health apps built using the SMART and FHIR standards. It includes vendor neutral apps that can run with a variety of EHR systems. The SMART gallery also provides the sample data that can be used for testing the apps.


SMART app gallery has a feature called “Try app”. The app gallery is tied with a demonstration EHR with synthetic data. When an app is selected and Try app feature clicked, the user selects a patient record from the dummy EHR data, the selected app gets launched using the selected patient record.

SMART Health IT App gallery

New Paragraph

Try App - SMART Health IT App gallery


The volume of data getting generated at present is humongous and it will only continue to grow exponentially from here and to be able to seamlessly exchange such volumes of data, is really the challenge facing the healthcare industry today.


SMART on FHIR represent an open, standardized, and practical means of exchanging data among EHRs and other health systems. The SMART team maintains a sandbox and app gallery and continues to innovate with projects like CDS Hooks, Flat FHIR, and SMART Markers.


SMART on FHIR is more than just another standard, rather it is a mature set of guidelines agreed upon by standards bodies like HL7 as well as by major industry players. SMART on FHIR has the potential to be the catalyst that may result in the introduction of new apps that support the value-based care evolution and help reduce costs for patients , providers and payers alike. These apps in turn can further address aspects of healthcare, including remote patient monitoring, integration of fitness trackers with EHRs, managing patients with chronic diseases, collecting patient-reported outcomes, and more.

Share by: