FHIR (Fast Healthcare Interoperability Resources) is a modern, web‑friendly standard developed by HL7 for exchanging healthcare information electronically. It combines the best features of previous HL7 standards with the latest web technologies, making it easier for systems to share data securely and consistently. FHIR is built around modular components called resources, which represent common healthcare concepts such as patients, encounters, observations and medications. You can read more in the FHIR overview hl7.org.
Key Features
-
Modular resources: FHIR breaks complex clinical information into granular resources like
Patient,Observation,MedicationRequestandCondition. These can be combined to represent real‑world workflows. -
RESTful architecture: FHIR defines a RESTful API, allowing systems to create, read, update and delete resources over HTTP. Resources can also be exchanged via messaging, documents or services.
-
Flexible formats: Each resource can be represented in JSON, XML or RDF. Clients and servers negotiate the preferred format using HTTP headers.
-
Terminology binding: FHIR leverages standardized vocabularies (such as SNOMED CT, LOINC, ICD‑10) and supports value sets and code systems to ensure consistent semantics.
-
Extensibility: Resources can be extended with custom attributes using a well‑defined extension mechanism, allowing implementers to add details without breaking interoperability.
-
Implementation guides: HL7 and various communities publish implementation guides that provide constraints and profiles for specific use cases (e.g., US Core, International Patient Summary).
Example Resource
The following snippet shows a simplified FHIR Patient resource. It illustrates how FHIR uses JSON to represent data, including identifiers, names and contact details. Real‑world resources can include many more fields and extensions.
{
"resourceType": "Patient",
"id": "example",
"identifier": [
{
"use": "usual",
"system": "urn:oid:1.2.36.146.595.217.0.1",
"value": "12345"
}
],
"active": true,
"name": [
{
"use": "official",
"family": "Chalmers",
"given": ["Peter", "James"]
}
],
"telecom": [
{
"system": "phone",
"value": "(03) 5555 6473",
"use": "work"
}
],
"gender": "male",
"birthDate": "1974-12-25"
}
Core Interactions
FHIR defines a consistent set of interactions (operations) for every resource type. Servers advertise which interactions they support in their CapabilityStatement. The main interactions include:
- Read: Retrieve the current state of a resource (GET
/Patient/123). - Create: Add a new resource (POST
/Observationwith a JSON body). - Update: Replace an existing resource (PUT
/Patient/123). - Patch: Apply a partial update (PATCH
/Observation/456). - Delete: Remove a resource (DELETE
/Condition/789). - Search: Query resources by parameters (e.g., GET
/Patient?name=Smith). - History: Retrieve past versions of a resource (GET
/Patient/123/_history). - Capabilities: Discover a server’s supported resources and interactions (GET
/metadata).
Beyond these, FHIR defines batch/transaction operations for grouping multiple requests and custom operations prefixed with $ (e.g., $validate-code).
Versioning and Maturity
The FHIR standard evolves through well‑defined maturity levels and standards status designations. Artifacts labeled as Normative have been reviewed and implemented widely; they are considered stable and are subject to strict inter‑version compatibility rules. Trial Use content is considered ready for production use but has not seen broad deployment. Draft content is still under development and should be used cautiously. Each resource and element also has a FHIR Maturity Model (FMM) level indicating the degree of testing and implementation experience. Further details are available in the FHIR Version Management Policy.
FHIR Release 4 (R4) was the first to include normative content. Once an artifact becomes normative, future changes must be backward compatible, providing implementers with confidence that their integrations will continue to work across versions.
Profiles and Conformance
While base resources are deliberately flexible, real‑world implementations often need tighter constraints and agreed‑upon terminology. Profiles are formal statements that constrain a resource for a specific use case. They may specify required elements, allowed value sets, cardinality and additional extensions. Implementation guides package collections of profiles, terminology and guidance.
- US Core: Built on FHIR R4, the US Core Implementation Guide defines minimum constraints and RESTful interactions to access patient data in alignment with the U.S. Core Data for Interoperability (USCDI).
- International Patient Summary (IPS): A global standard that defines a minimal, non‑exhaustive set of clinical data for cross‑border care. The IPS guide specifies how to represent this summary using FHIR and is designed for unplanned or emergency situations.
Many jurisdictions and consortia publish their own guides (e.g., UK Core, Canadian Baseline, etc.), each building on the base standard to promote consistent implementations.
SMART on FHIR & Authentication
FHIR itself does not dictate authentication or authorization. Instead, the SMART on FHIR framework defines how third‑party apps can securely connect to Electronic Health Record systems. SMART builds on OAuth 2.0 and OpenID Connect to obtain authorization tokens and user identity, enabling apps to launch within or outside an EHR and access data according to user permissions. The framework supports use cases such as patient apps, provider apps and backend services, and includes detailed guidance on app registration, authorization code flows and token refresh.
Security and privacy protections remain critical. Implementers must ensure TLS encryption, validate state parameters and protect tokens from exposure, following the best practices outlined in the SMART App Launch specification.
Free Resources
Ready to implement FHIR? We help organisations build secure, interoperable APIs and workflows using FHIR standards. Contact us to discuss your interoperability strategy and accelerate your FHIR adoption.