May 27, 2021

Getting SMART on FHIR

Getting SMART on FHIR – Best Practices in Healthcare Interoperability in 2021 

Get up to date on what SMART on FHIR means healthcare tech development in 2021, critical deadlines, and how to build your own best practices. 

Interoperability has come a long way over the past decade. Today, the industry is working toward not just interoperability, but the ability of individual organizations to build the apps they need — the kind of apps that work for them, but also connect and communicate seamlessly with the rest of the healthcare industry. 

SMART (Substitutable Medical Applications, Reusable Technologies), established at Boston Children’s Hospital Computational Health Informatics Program (CHIP) was an answer to that question, with FHIR (Fast Healthcare Interoperability Resources) stepping in as a standard to facilitate that vision. At Vicert, we know what this means. It means that the tech predictions that rest on interoperability (think consumerization, telemedicine, ML/AI, the shift to the cloud, etc.) — they will be fueled by FHIR. For companies like yours, it means the need to focus on FHIR-related digitalization processes and doing so in a way that saves you time and money in the future. 

Based on our experiences here at Vicert, we recommend companies to act now to establish best practices. Here are a few of our highest-value recommendations. 

1. Get the Lay of the Land

It’s critical to understand the regulations and recommendations that impact your product development. Make sure you’re reviewing recent CMS standards for app developers, FTC guidance, and HIPAA implications. Additionally, stay on top of platform-specific materials, like these resources from Cerner on FHIR authorization.  

2. Review Your Organizational Policies

Making sure that your organizational policies will be critical in building software that keeps up with the state of healthcare interoperability. For example, to maximize security and interoperability, you should be using the latest and most widely deployed version of transport layer security (TLS), configured with cipher suites that have been recommended by NIST FIPS SP 140-2, Annex A.

3. Address Authorization Servers

Authorization servers should also be a priority. For example, using Authorization Code Grant (section 4.1 of RFC6749) provides the advantages of avoiding sharing credentials with the client and not exposing the access token to the user-agent.

4. End-User Authorization

For end-user authorization, Boston Children’s Hospital CHIP recommends, “When the authorization server requests user authorization, the end user should be provided information important in making this decision…” The organization also recommends use of refresh tokens, including a long-term refresh token along with a short-term access token. 

Recommended Interoperability Tech and Tools 

The next step is deciding on the tools and technologies that accelerate digitization. Here’s what we’ve seen enable success with our clients at Vicert, with success being defined as product launches, cost savings, and shortened timelines. 

Redox for FHIR

Redox for FHIR allows applications to communicate bi-directionally using FHIR and message-based workflows while modernizing existing healthcare interfaces and transforming them into FHIR-enabled APIs. Learn more about our work with Redox for FHIR here


HAPI FHIR, a complete, open-source implementation of the HL7 FHIR standard for healthcare interoperability in Java, is another platform we recommend. We invite you to learn how to use a HAPI-FHIR library from a Vicert perspective here. 


Health Level 7, or HL7, is the international healthcare standards organization responsible for FHIR. We recommend Vicert resources on this standard here

We also recommend test environments including SMART App Launcher, SMART Bulk Data Service, and Logica Health Sandbox. Additionally, make note of vendor sandboxes such as Allscripts, Epic, and Meditech.  

CMS Requirements and Deadlines

It will be important that you stay on top of deadlines from CMS, especially around the Interoperability and Patient Access final rule (CMS-9115-F). We’ve collected a few of the most important below. 

  • Patient Access API (applicable January 1, 2021, and enforced July 1, 2021)
  • Provider Directory API (applicable January 1, 2021, and enforced July 1, 2021)
  • Payer-to-Payer Data Exchange (applies January 1, 2022)
  • Increasing frequency of federal-state data exchanges (implementation required by April 1, 2022)
  • ADT event notifications (12 months post-publication of the rule)



As you investigate SMART for FHIR, we encourage you to review more Vicert resources, including our perspective on EHR integration. We also recommend case studies on the build of a care monitoring and communication solution and a patient monitoring mobile app for clinicians.

Author: Digital Health Team
Like this article? Share it!