SMART on FHIR
SMART & SMART on FHIR
SMART
SMART® (Substitutable Medical Applications, Reusable Technologies) is an open, standards-based technology platform that enables you to create apps that can work across the healthcare ecosystem. The specification defines a method through which an app requests authorization to access a FHIR® resource, and then uses that authorization to retrieve the resource. The framework supports apps for use by clinicians, patients, and others via a PHR (Personal Health Record), Patient Portal, or any FHIR system where a user can give permissions to launch an app.
SMART was started in 2010 and is run out of the Boston Children’s Hospital Computational Health Informatics Program and the Harvard Medical School Department of Biomedical Informatics.
FHIR (Fast Health Interoperability Resources) is an HL7® specification for Healthcare Interoperability. FHIR uses RESTful web services and open web technologies, including XML (which was used by previous standards), JSON, and RDF data formats.
SMART on FHIR
SMART on FHIR defines a way for health apps to connect to EHR systems with appropriate security guarantees. Its key function is to enable an end user to approve a third-party app to access a specific set of data from a payer or service provider.
SMART supports two types of applications: public and confidential. These types of apps are differentiated based on whether the execution environment enables the app to protect secrets. If the application is capable of protecting a client_secret, it’s considered confidential; if not, it’s public.
Access Tokens
Access tokens generated for Opala use the JSON Web Token format (JWT). Opala uses RS256 (RSA with SHA-256) for token signing.
Access tokens will contain the following claims:
iss Issuer URL (Opala Authorization Server).
sub Subject identifier (end-user or client app).
aud Audience (Opala FHIR Resource Server).
exp iat nbf Token validity timestamps.
FHIR Standards
FHIR® defines a set of standards that promote consistent, secure exchange of healthcare data across systems. Opala aligns with these specifications to ensure compatibility, reliability, and ease of integration. The graphic below outlines the key FHIR standards and indicates which are supported across our various APIs.
Please consult our release notes for the latest version support.
| Standards | Patient Access API | Provider Access API | Provider Directory API | Payer-to-Payer API | Prior Authorization API |
|---|---|---|---|---|---|
| USCDI, at 45 CFR 170.213 (currently V1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| FHIR Release 4.0.1 | ✓ | ✓ | ✓ | ✓ | ✓ |
| HL7 FHIR U.S. Core IG STU 3.1.1 | ✓ | ✓ | ✓ | ✓ | ✓ |
| HL7 SMART App Launch Framework IG 1.0.0 | ✓ | ✓ | ✓ | ✓ | ✓ |
| HL7 FHIR Bulk Access (Flat FHIR) IG v 1.0.0 STU 1 | ❌ | ✓ | ❌ | ✓ | ❌ |
| OpenID Connect Core 1.0 | ✓ | ✓ | ✓ | ✓ | ✓ |