Opening the Duke electronic health record to apps: Implementing SMART on FHIR
• The SMART on FHIR framework is a novel tool for EHR interoperability.
• A custom integration of SMART on FHIR with the Epic EHR is demonstrated.
• Several provider and patient apps are successfully integrated using this technique.
• Security considerations related to OAuth 2.0 are discussed.
Recognizing a need for our EHR to be highly interoperable, our team at Duke Health enabled our Epic-based electronic health record to be compatible with the Boston Children’s project called Substitutable Medical Apps and Reusable Technologies (SMART), which employed Health Level Seven International’s (HL7) Fast Healthcare Interoperability Resources (FHIR), commonly known as SMART on FHIR.
We created a custom SMART on FHIR-compatible server infrastructure written in Node.js that served two primary functions. First, it handled API management activities such rate-limiting, authorization, auditing, logging, and analytics. Second, it retrieved the EHR data and made it available in a FHIR-compatible format. Finally, we made required changes to the EHR user interface to allow us to integrate several compatible apps into the provider- and patient-facing EHR workflows.
After integrating SMART on FHIR into our Epic-based EHR, we demonstrated several types of apps running on the infrastructure. This included both provider- and patient-facing apps as well as apps that are closed source, open source and internally-developed. We integrated the apps into the testing environment of our desktop EHR as well as our patient portal. We also demonstrated the integration of a native iOS app.
In this paper, we demonstrate the successful implementation of the SMART and FHIR technologies on our Epic-based EHR and subsequent integration of several compatible provider- and patient-facing apps.