Epic Integration
Epic FHIR R4 APIs, SMART on FHIR apps, and App Orchard publishing.
Explore Epic IntegrationFHIR API Integration Services
FHIR R4 API design, SMART on FHIR application development, Bulk FHIR export, CDS Hooks integration, and FHIR server deployment for healthcare organizations.
Modern Healthcare APIs
Standards-Based FHIR Integration for Healthcare Organizations
Saga IT designs and implements FHIR R4 APIs, SMART on FHIR applications, Bulk FHIR export pipelines, and CDS Hooks services. Whether you're building a patient portal, connecting to Epic, or standing up a FHIR server — we handle the full integration lifecycle.
R4 FHIR Standard
140+ Resource Types
US Based
What We Offer
FHIR R4 API Development & SMART on FHIR Services
Full-spectrum FHIR development — from API design and SMART on FHIR applications to Bulk FHIR export and production FHIR server deployment.
FHIR R4 API Development
Design and build RESTful FHIR R4 APIs with proper resource modeling, search parameters, and CapabilityStatement conformance. We implement the full FHIR interaction model including read, search, create, update, and patch operations against Patient, Encounter, Observation, Condition, MedicationRequest, and dozens of other resource types. Every API is validated against US Core profiles and USCDI data element requirements to ensure interoperability across EHR platforms.
SMART on FHIR Apps
Build EHR-embedded and standalone SMART on FHIR applications with full OAuth 2.0 authorization code flow and PKCE support. We implement both EHR launch and standalone launch contexts, handle scope negotiation with authorization servers, and build responsive clinical UIs that integrate into provider workflows. Our SMART apps work across Epic, Oracle Health, MEDITECH, and other EHR platforms that support the SMART App Launch framework.
Bulk FHIR Export
Implement the Bulk Data Access specification ($export) for population-level data extraction, analytics pipelines, and quality reporting workflows. We configure system-level, group-level, and patient-level export operations with ndjson output, status polling, and file retrieval. Bulk FHIR export enables health systems to move millions of patient records efficiently for data warehousing, machine learning, and regulatory reporting without hammering individual FHIR endpoints.
CDS Hooks
Integrate clinical decision support into EHR workflows using the CDS Hooks specification. We build CDS services that fire on patient-view, order-select, order-sign, and other hook points to deliver real-time recommendations, alerts, and suggested actions directly within the clinician's workflow. Our CDS Hooks implementations include prefetch template optimization, FHIR authorization context handling, and card rendering that meets EHR display requirements.
FHIR Server Implementation
Deploy and configure production FHIR servers using HAPI FHIR, Microsoft Azure Health Data Services, AWS HealthLake, or Google Cloud Healthcare API. We handle server provisioning, database schema configuration, terminology service integration, and OAuth 2.0 security setup. Our FHIR server deployments include subscription-based event notification, custom search parameter registration, and performance tuning for high-throughput clinical workloads.
FHIR Facade Development
Build FHIR-compliant API facades over legacy databases, HL7 v2 systems, and proprietary data stores without replacing existing infrastructure. A FHIR facade translates incoming FHIR REST requests into queries against your source system and returns properly structured FHIR resources. This approach lets organizations expose modern FHIR APIs while preserving their existing clinical data infrastructure and avoiding costly data migration projects.
App Development
SMART on FHIR
Build EHR-embedded and standalone healthcare applications using the SMART on FHIR open standard — the industry-standard framework for secure clinical app integration.
SMART on FHIR (Substitutable Medical Applications and Reusable Technologies) defines an open standard for launching third-party applications within an EHR and accessing clinical data via FHIR APIs. The SMART App Launch framework uses OAuth 2.0 authorization code flow to negotiate data access scopes, resolve clinical context (current patient, encounter, user), and issue short-lived access tokens. Two launch modes are supported: EHR launch, where the application is launched from within the EHR with pre-populated context, and standalone launch, where the application initiates the flow directly against a FHIR server's authorization endpoint.
PKCE (Proof Key for Code Exchange) is required for all public clients to prevent authorization code interception attacks. During the authorization flow, the app generates a code_verifier and sends a hashed code_challenge to the authorization server. When exchanging the authorization code for an access token, the app proves possession of the original verifier. Scopes follow the patient/*.read and user/*.write pattern, giving fine-grained control over which FHIR resources an application can access. Our team handles scope negotiation, redirect URI configuration, and production certification across Epic, Oracle Health, and other EHR platforms.
smart-launch-config.json
{
"launch_url": "https://app.example.com/launch",
"redirect_uris": ["https://app.example.com/callback"],
"scope": "launch patient/*.read openid fhirUser",
"client_id": "my-smart-app-client-id",
"grant_types": ["authorization_code"],
"response_types": ["code"],
"token_endpoint_auth_method": "none",
"code_challenge_method": "S256",
"iss": "https://fhir.ehr.example.com/R4"
} Standards & Profiles
FHIR Resource Types & US Core Implementation Guides
From the FHIR Patient Resource and FHIR Observation Resource to FHIR Bundle operations — we implement the full resource model with US Core profile conformance.
Ready to build with FHIR? Let's design your API.
Get Started Advanced Specifications
Bulk FHIR Data Export & CDS Hooks Integration
Population-level data extraction with Bulk FHIR and real-time clinical decision support with CDS Hooks — two critical FHIR specifications for modern healthcare systems.
Bulk FHIR Export
GET /$export
202 Accepted
GET /status
200 + download URLs
GET ndjson files
Kick off Bulk FHIR export
Client sends an asynchronous $export request to the FHIR server, specifying resource types and date filters via _type and _since parameters.
// Initiate system-level export
GET /$export
?_type=Patient,Condition,Observation
&_since=2026-01-01T00:00:00Z
Accept: application/fhir+json
Authorization: Bearer <jwt>
Prefer: respond-async
CDS Hooks
order-select fires
POST /cds-services
{ cards: [...] }
Render cards in EHR
Accept suggestion
Clinician triggers a hook
When the clinician selects a medication in the EHR, the order-select hook fires automatically, sending clinical context to the CDS service.
// EHR detects order-select action
// Hook fires automatically
hook: "order-select"
context: {
patientId: "patient-123",
draftOrders: ["MedicationRequest/456"]
}
Integration Architecture
FHIR API Data Flow
A typical FHIR integration pipeline routes clinical data from source EHR systems through a standards-compliant FHIR server and API gateway to consuming applications.
EHR System
Epic, Oracle Health, MEDITECH, or other clinical data source
FHIR Server
HAPI FHIR, Azure Health Data Services, or AWS HealthLake
API Gateway
OAuth 2.0 security, rate limiting, audit logging
SMART App
Provider-facing, patient-facing, or backend service consumer
FHIR R4
REST/JSON
OAuth 2.0
FHIR-Enabled EHR Platforms
Epic
FHIR R4 & App Orchard
Oracle Health
Millennium FHIR APIs
MEDITECH
Expanse FHIR endpoints
eClinicalWorks
healow FHIR APIs
NextGen
NextGen FHIR endpoints
athenahealth
athenaOne FHIR APIs
Don't see your EHR? We integrate with any platform that supports FHIR R4. Get in touch to discuss your integration.
Case Studies
FHIR Integration in Action
Real-world FHIR implementations — from patient portals to population health analytics.
Patient Portal with SMART on FHIR
A health system launched a patient-facing portal using SMART on FHIR standalone launch. The app authenticates via OAuth 2.0, pulls the patient's clinical data from the FHIR R4 API, and renders a unified health summary — medications, conditions, and upcoming appointments — in a single view.
Patient Login
authorize({
scope: "launch/patient patient/*.read",
redirect: "/callback",
pkce: true
})
scope: "launch/patient patient/*.read",
redirect: "/callback",
pkce: true
})
FHIR R4 API
GET /Patient/{id}
GET /Condition?patient={id}
GET /MedicationRequest
?patient={id}&status=active
GET /Condition?patient={id}
GET /MedicationRequest
?patient={id}&status=active
Health Summary
Frequently Asked Questions
Common Questions
FHIR stands for Fast Healthcare Interoperability Resources. It is a healthcare data standard created by HL7 International that defines how clinical information — patient demographics, lab results, medications, diagnoses, and more — is structured and exchanged between healthcare systems using modern web APIs. The "Fast" refers to its design for quick implementation using familiar web technologies (REST, JSON, OAuth 2.0), in contrast to older healthcare standards like HL7 v2 and C-CDA that require specialized infrastructure. FHIR R4 is the current normative release and the version required by the 21st Century Cures Act and CMS interoperability regulations.
FHIR (Fast Healthcare Interoperability Resources) is a modern healthcare data standard developed by HL7 International that defines how clinical data is structured, queried, and exchanged over RESTful APIs. Unlike older standards such as HL7 v2 that use pipe-delimited messaging over TCP connections, FHIR uses JSON and XML resources transmitted over HTTPS — the same web technologies that power modern applications. FHIR matters because it is the foundation of the 21st Century Cures Act interoperability requirements, the CMS Patient Access and Provider Directory APIs, and the SMART on FHIR app ecosystem. FHIR R4, released in 2019, is the current normative version and the standard that all certified health IT must support.
SMART on FHIR (Substitutable Medical Applications and Reusable Technologies) is an open standard that defines how third-party applications securely launch within an EHR and access clinical data via FHIR APIs. The SMART App Launch framework uses OAuth 2.0 authorization to negotiate data access scopes, resolve the current patient and encounter context, and issue time-limited access tokens. Applications can launch in two modes: EHR launch, where the app is opened from within the EHR with clinical context pre-populated, and standalone launch, where the app initiates the authorization flow directly. SMART on FHIR is supported by Epic, Oracle Health, MEDITECH, and most major EHR platforms, making it the standard mechanism for clinical app integration.
CDS Hooks is an HL7 specification for integrating clinical decision support (CDS) directly into EHR workflows. When a clinician performs a specific action — opening a patient chart, selecting a medication, or signing an order — the EHR fires a "hook" that calls an external CDS service with FHIR-formatted clinical context. The CDS service evaluates the data and returns recommendation cards with suggested actions, informational alerts, or links to SMART on FHIR apps. CDS Hooks supports hook types including patient-view, order-select, order-sign, and encounter-start. Unlike traditional alert systems that generate batch notifications, CDS Hooks delivers real-time, context-aware guidance at the point of care, helping reduce alert fatigue while improving clinical outcomes.
Bulk FHIR (formally the FHIR Bulk Data Access specification) is an asynchronous export mechanism that allows systems to extract large volumes of FHIR data in ndjson (newline-delimited JSON) format. Unlike standard FHIR REST queries that return individual resources or small bundles, Bulk FHIR exports entire populations of data — thousands to millions of records — in a single operation. You should use Bulk FHIR when you need to populate a data warehouse, run population health analytics, generate quality measure reports, or feed machine learning pipelines. Bulk FHIR supports system-level, group-level, and patient-level exports with filtering by resource type and date range.
Use FHIR R4 for any new integration that involves API-based data access, third-party application connectivity, patient-facing portals, mobile applications, or regulatory compliance requirements (CMS Patient Access API, TEFCA QHIN participation). FHIR is purpose-built for RESTful architectures with JSON payloads, OAuth 2.0 security, and fine-grained resource access. HL7 v2 remains the better choice for high-volume, real-time clinical message flows — ADT notifications, lab results, and orders — between systems that already support v2 interfaces over TCP/MLLP. Saga IT helps organizations implement both standards and build migration pathways from HL7 v2 to FHIR where it makes technical and business sense.
A FHIR implementation guide (IG) is a set of rules and constraints that define how FHIR resources should be used for a specific use case or jurisdiction. The base FHIR specification is intentionally broad — an implementation guide narrows it by specifying which resources are required, which elements are mandatory, what terminology codes must be used, and how resources should reference each other. The most important IG in the United States is US Core, which defines the minimum data elements that certified health IT systems must support under USCDI. Other major IGs include Da Vinci (payer interoperability), CARIN Blue Button (patient access), and SMART App Launch (application authorization). Saga IT implements custom and standard IGs with full profile validation using the official FHIR validator.
A typical FHIR API interaction starts with a RESTful GET request to a FHIR server endpoint. For example, GET https://fhir.example.com/R4/Patient?family=Doe&birthdate=1980-01-15 searches for patients by last name and birth date. The server responds with a FHIR Bundle containing matching Patient resources in JSON format. Each Patient resource includes identifiers, name, gender, birth date, address, and other demographic elements conformant to the US Core Patient profile. For write operations, POST https://fhir.example.com/R4/Observation sends a new clinical observation (lab result, vital sign, etc.) to the server. All requests require an OAuth 2.0 Bearer token obtained through the SMART App Launch authorization flow.
FHIR server deployment depends on your scale, cloud environment, and use case. For organizations that need full control, we deploy HAPI FHIR — the most widely used open-source FHIR server — on AWS EC2 or Azure VMs with PostgreSQL as the backing database. For managed cloud options, we configure Azure Health Data Services (formerly Azure API for FHIR), AWS HealthLake, or Google Cloud Healthcare API, which handle server infrastructure, scaling, and FHIR compliance out of the box. Every deployment includes OAuth 2.0 authorization server integration, TLS encryption, HIPAA-compliant audit logging, and US Core profile validation. Saga IT provides Terraform and infrastructure-as-code templates for repeatable FHIR server deployments across environments.
Related Services
Explore More Services
Resources
Talk to a FHIR Integration Expert
From FHIR server deployment to SMART on FHIR app development — let's modernize your healthcare APIs.