SMART on FHIR: Connecting Healthcare Apps

Daniel Pluard

March 20, 2023
SMART on FHIR Website

When developing a healthcare application that needs to integrate with external systems, the first two questions that generally arise are: What data do I need, and how do I connect my application?

We will cover data requirements in a separate blog and focus on the connection in this article. To explain the connection process, we will assume that HL7 FHIR will be the interface standard. Check out this post for more on HL7 v2 interface connections.

The SMART Framework

The SMART framework was developed at Boston Children’s Hospital in 2010 to enable healthcare applications to work at any organization, regardless of system or EHR. The vision would allow providers to pick and choose what applications they want to use, like the app store on one’s iPhone.

SMART ultimately transformed into a layer of the HL7 FHIR standard which was released in 2014. The SMART component of the framework primarily focuses on how solutions can integrate with FHIR interfaces.

Launch Context

SMART defines the launch context of an application. The launch context is how a user accesses the app. Applications can generally be launched from an EHR or standalone. They also may not need to be launched by users if they are backend or headless applications and can interact with the EHR autonomously.

SMART also defines the data the user launching the application should access. Users of applications can be providers or patients who may be restricted to specific access and privileges (read/write). Determining the user and launch context is the critical first step to connecting your healthcare application.

Documentation & More 

The SMART framework is also responsible for providing documentation for developers on an application’s FHIR interface capability. Many EHR providers and other healthcare companies have now deployed app stores or galleries for their users, publishing apps for download.

In the most simplistic terms:

  • SMART defines access capability and security
  • FHIR defines the data structure and communication
  • EHR/EMR (or other healthcare apps) owns the data and FHIR server

Here Is a Helpful Glossary of SMART Terminology:


Authentication is verifying the identity of a client application or third party. Authentication is typically done before authorization.


Authorization is verifying and granting access to a client application or third party.

OAuth 2.0

OAuth (Open Authorization) is a framework that enables a third party to obtain limited access to protected resources. OAuth implementations can vary quite a bit depending on the use case but provide general guidelines on the authorization. The specifics should be made clear in the developer documentation.

SMART Framework 

SMART (Substitutable Medical Apps, Reusable Technologies) is an authorization framework based on OAuth 2.0 standards. Applications can use it to securely integrate with FHIR-based data systems, and it is system and vendor agnostic.

SMART App Launch

A flow that authorizes a user-facing client application and delegates a user’s permissions to the third-party application. SMART App Launch has launch contexts and scopes that indicate to the external third-party application the access that should be granted to the user.

SMART Backend Services

A flow that authorizes a system (headless or automated application) to connect to a FHIR server. No user needs to be involved in the authorization process, and systems like EHRs can freely interact and communicate.


Scopes define specific access permissions that can be given to a client application and are intended to limit access where appropriate. Scopes are based on API definitions of available resources and actions.

What is the SMART on FHIR framework?

The SMART on FHIR framework is an authorization and data access protocol that enables healthcare applications to integrate securely with FHIR-based data systems. Developed initially at Boston Children’s Hospital, it leverages OAuth 2.0 for authorization and is designed to be system and vendor agnostic, allowing apps to work with various EHR systems seamlessly.

How does the SMART on FHIR framework work?

The framework defines how healthcare applications can be authorized to access data. It involves two main components:

  • SMART: Focuses on access capability and security, dictating how apps can securely integrate with FHIR servers.
  • FHIR: Defines the data structure and communication protocols, ensuring standardized data exchange between systems.
What is launch context in SMART on FHIR?

Launch context refers to how a healthcare application is accessed and the specific data access permissions granted to users. It includes:

  • User-facing applications: Launched directly from an EHR or as standalone apps with defined user permissions (e.g., provider or patient access).
  • Backend services: Headless or automated applications that interact with the EHR without direct user involvement, operating autonomously.
What is the difference between authentication and authorization?
  • Authentication: Verifying the identity of a client application or user before granting access.
  • Authorization: Granting the verified client application or user specific access permissions to resources.
What is OAuth 2.0 in the context of SMART on FHIR?

OAuth 2.0 is a framework for delegating authorization. It allows third-party applications to obtain limited access to protected resources on behalf of users without sharing their credentials. In the SMART on FHIR framework, OAuth 2.0 standards are used to manage secure access to FHIR-based data systems.

What are SMART App Launch and SMART Backend Services?
  • SMART App Launch: A process that authorizes user-facing client applications by delegating the user’s permissions to a third-party app, considering launch contexts and access scopes.
  • SMART Backend Services: A process that authorizes headless or automated applications to connect to FHIR servers, enabling system-to-system communication without user involvement.
What are scopes in SMART on FHIR?

Scopes define the specific access permissions granted to a client application. They are intended to limit access based on the API definitions of available resources and actions, ensuring that applications only access necessary data.

Why is the SMART on FHIR framework important for healthcare application development?

The framework is essential because it standardizes how applications access and use healthcare data, promoting interoperability and security. It allows developers to create apps that can work across different EHR systems, providing flexibility and enhancing the overall efficiency of healthcare data management.

How can developers get started with integrating their apps using SMART on FHIR?

Developers can start by:

  • Reviewing the SMART on FHIR documentation to understand the authorization and access protocols.
  • Determining the data requirements and the launch context for their application.
  • Registering for access to FHIR servers and obtaining OAuth 2.0 credentials.
  • Testing their application in a sandbox environment provided by the EHR or healthcare data system.
What are some examples of applications using SMART on FHIR?

Examples include:

  • Telemedicine platforms: Enabling remote consultations with integrated access to patient health records.
  • Wearable health trackers: Syncing health data directly with EHRs for real-time monitoring and analysis.
  • Clinical decision support tools: Providing healthcare providers with decision-making assistance based on comprehensive patient data.

Download Your Interoperability Strategy Guide

Not Sure where to start? This 9-page guide helps you build an actionable strategy in 4 proven steps. 

4 Steps to Interoperability Hero

Share This Post

Subscribe to our blog and updates via email

Recent Articles

Resource Guides

White paper

The Realities of Interoperability & Technology Infrastructure in the Healthcare Market

Now more than ever, it is impossible to overstate how critical it is to grasp the impact of interoperability.


White paper

How to Not Fall Victim to the Healthcare Scheduling Trap

You can solve the patient scheduling problems in healthcare with the right toolkit.

Want to learn more?
One of our team members can help.