← ReferenceSecurity

What is SMART on FHIR?

SMART on FHIR (Substitutable Medical Applications, Reusable Technologies) is an authorization framework that defines how apps connect to FHIR servers on behalf of patients or clinicians. It combines OAuth 2.0 for authorization and OpenID Connect for authentication, with FHIR-specific extensions.

SMART is how the Apple Health app reads your medical records from hospital EHRs. In the US, it is mandated by the 21st Century Cures Act. In Europe, it is specified in the EHDS framework for patient-facing access to health data.

SMART launch types

  • EHR Launch: The app is launched from within the EHR (embedded in the clinical workflow). The EHR passes context (patient ID, encounter ID) to the app at launch.
  • Standalone Launch: The app launches independently and connects to a FHIR server using standard OAuth2. Used for patient-facing apps and mobile apps.
  • Backend Services: Server-to-server authorization using JWT client credentials — no user interaction. Used for data pipelines, analytics, bulk data access.

SMART scopes

ScopeMeaning
patient/Patient.readRead Patient resources in the patient context
patient/*.readRead all resource types in the patient context
user/Observation.readRead Observations the clinician can access
system/*.readBackend service — all resources, no user
launch/patientRequest that EHR provides patient context at launch
openid profileOpenID Connect — user identity

SMART discovery

A FHIR server advertises SMART support via its CapabilityStatement and a well-known endpoint at [base]/.well-known/smart-configuration. This tells apps where the authorization server is, what scopes it supports, and what PKCE requirements apply.