Home / Blog / FHIR Compliance Made Easy: Key Considerations for Healthcare API Development

FHIR Compliance Made Easy: Key Considerations for Healthcare API Development

Views: 31

Implementing application programming interfaces (APIs) makes healthcare data more transparent and easily discoverable. It also introduces several challenges. The main issue is striking a balance between enabling accessibility and seamless sharing and interoperability of healthcare data across various platforms while ensuring the utmost security and protection of sensitive patient information. 

The Health Level 7 Initiative (HL7) recently introduced a new standard to address these challenges. This standard, known as Fast Healthcare Interoperability Resources (FHIR) specification, establishes a uniform format for healthcare data to facilitate seamless electronic sharing while keeping the data secure. This is why it is essential to understand how to ensure that your APIs adhere to the FHIR requirements.

Our experts share some valuable tips for working with FHIR API, the essential tools for creating it, notable FHIR API examples, and the main challenges to be aware of. 

“Finding the most efficient way to adjust the existing system to the new standard is the key to fast and cost-efficient adoption of FHIR. Our approach includes thoroughly analyzing the existing model to match it with the new standard. That way, we find a balanced solution that respects your needs, timeline constraints, and budget.”

Mike Lazor
CEO, SPsoft

“Working smart is the key to our team’s performance. If there are tools that can make our work more consistent and efficient, we use those tools. If there are no such tools, we make our own. In the case of the FHIR API, we have access to some truly amazing open-source tools and put them to good use.”

Romaniya Mykyta
Head of Product Management, SPSoft

What Is FHIR API, and What Is It Used For?

FHIR is a data exchange standard created by HL7, an international organization established in 1987. It primarily focuses on developing standards for sharing electronic health information. If you have previous experience in the healthcare industry, you may have encountered or heard about the challenges associated with working with these standards. 

How HL7 FHIR APIs work
Figure 1. How HL7 FHIR APIs work

Common complaints revolved around the proprietary TCP-based message protocol and inconsistencies in the interpretation and implementation of the standard. These issues hindered smooth data exchange and necessitated additional translation layers. Thus, FHIR emerged as a response to these problems, benefiting from the knowledge and experience accumulated over decades in the field.

If you want to learn more about the key similarities and differences between HL7 and FHIR standards, read our recent article.

APIs enhance data transparency and facilitate its discovery. They present a valuable solution for healthcare professionals, though their implementation in the industry introduces a few  complexities. The challenge lies in making healthcare data accessible and easily shareable across diverse platforms while safeguarding sensitive patient information. 

So, the fundamental question arises: How can we enable efficient data sharing while protecting patient confidentiality? 

How FHIR APIs will ensure interoperability in healthcare.
Figure 2. How FHIR APIs will ensure interoperability in healthcare

Fortunately, achieving FHIR compliance is consistent with the existing API guidelines. But let’s explore the specific aspects of API development for FHIR in greater detail. In doing so, we will ensure that your data meets the most up-to-date standards and guidelines.

Contact us today to discover the best practices of FHIR API development and achieve compliance with SPsoft.

FHIR Healthcare API Specifications

APIs are bound to adhere to certain specifications in terms of compliance and general usability. 

REST or RESTful? 

FHIR is commonly called a “RESTful” specification, aligning with the industry’s general understanding of REST. However, in practice, FHIR REST API supports only Level 2 of the REST Maturity Model as part of its core specification. Achieving Level 3 is possible through the use of custom extensions. It is worth noting that while FHIR REST API may deviate from strict REST principles, its reliance on standardized resource structures and interfaces is essential for ensuring consistent interoperability across diverse systems.


The Substitutable Medical Applications Reusable Technologies or SMART on FHIR API specification is very popular because it provides a standardized approach to addressing security and data requirements in healthcare applications. It defines a workflow applications can securely follow to request, receive, and utilize healthcare data. 

Unlock the secrets of successful SMART on FHIR development with SPsoft in our recent article.

In essence, SMART on FHIR API encompasses three key aspects:

Identity and Access Management

SMART utilizes the OpenID Connect identity management protocol, enabling applications to request access to clinical data. The level of access can vary, ranging from read-only access to specific records, comprehensive read/write access to an entire electronic health record (EHR), or any other level in between. The SMART on FHIR authentication outlines a customized version of OpenID Connect tailored for healthcare contexts.

Data Access

SMART utilizes the FHIR standard for effectively reading and updating healthcare data. In a SMART on FHIR authorization architecture, a set of FHIR services is made available for use by SMART applications. These services are secured using the Identity and Access Management layer mentioned earlier.

Launch Capability

SMART defines a consistent URL scheme for web-based applications that portals, EHR systems, and similar platforms can use to launch web-based apps while passing relevant contextual information to the application. This context may include details about: 

  • Selected patient
  • Clinical encounter 
  • Styling preferences
  • Etc.
Figure 3. SMART on FHIR application launch sequence.
Figure 3. SMART on FHIR application launch sequence

Tools For Creating FHIR-Compliant APIs

Here are a few tools that can assist you in developing your FHIR-compliant healthcare APIs and provide the basis for configuring your healthcare services. At SPsoft, we take advantage of the following tools and adapt them to the unique needs of our clients. That way, we can deliver truly custom solutions.


HAPI-FHIR is an open-source Java library that offers a range of functionalities. The HAPI website includes test servers, allowing you to witness FHIR-compliant healthcare APIs. Working with HAPI also serves as a crash course in FHIR API implementation. Their comprehensive documentation provides detailed guidance on various aspects, including working with resources and building FHIR servers.

Simplify.net FHIR Test Server

The public test servers mentioned in popular lists and roundups are often unavailable. That makes Simplify.net’s FHIR Test Server even more valuable. It is a basic FHIR API server you can use as a model for your own FHIR-compliant API. It provides a clear visual representation of structuring and formatting your APIs. The server also offers an FHIR API endpoint, allowing you to experiment and try it out firsthand.

Tips For Working With FHIR API

There are several tips to remember when working with the FHIR API. Apart from understanding the FHIR standard, you also need to know how it relates to your case. Here are some tips we have derived from SPsoft’s years of experience with FHIR:

Visualize Resources

For individuals with limited knowledge of data architecture, understanding FHIR can be overwhelming. To simplify how resources function within FHIR, consider each resource one of the many interconnected spreadsheets. In this analogy, the individual data fields, such as Patient Identifier, Name, or Gender, can be visualized as columns within a specific spreadsheet.

Harness the power of available FHIR resources. See our insights on the topic here.

Gain Knowledge of HTTP Commands

Although FHIR does not explicitly require HTTP, it is strongly recommended. The FHIR API operates based on interactions involving:

  • Instance
  • Type
  • System 

They align with the familiar Create, Read, Update, and Delete (CRUD) patterns but with slightly more comprehensive controls. The FHIR API supports more complex HTTP requests, including:

  • Batch/Transaction
  • Operation
  • Vread
  • Patch
  • Capabilities

Expand and Restrict the API

FHIR-compliant APIs offer the flexibility to be extended or restricted based on specific needs. That can be achieved using the Capability Statement Resource, which outlines the available REST interactions on a particular server. While supporting the Capabilities statement is mandatory for servers, they can also support additional operations beyond the standard FHIR operations. The Conformance Resource defines which Operation Definitions are associated with specific endpoints.

Healthcare practitioners can extract immense value from data interoperability

Learn through Examples

Understanding the FHIR specification’s depth and layers may be simple and easy for those familiar with APIs. However, having a concrete FHIR API example as a reference for building your APIs can significantly simplify the process.

Challenges to Keep in Mind When Working with FHIR

For large and established organizations, the challenge of adopting a comprehensive standard like FHIR lies in aligning their existing domain model with the concepts defined by the standard. Over the years, an organization’s domain model may have evolved independently through guided and deliberate efforts or in a more ad-hoc manner. 

Regardless of the approach, even a well-designed internal domain model will inevitably differ from the newly-established standard. These differences can range from minor semantic variations, such as naming discrepancies (e.g., Provider vs. Practitioner) that can be quickly addressed, to more complex issues like a lack of one-to-one mapping between internal and standard concepts or even the standard not encompassing certain custom internal concepts that hold significance for the organization.

Mobile solutions contribute to the efficient adoption of FHIR API

When evaluating the trade-off between the challenges of adoption and the benefits it can bring, consider several factors:

  • Popularity and community support: Is the standard widely adopted within the industry, ensuring access to community support, available tooling, and the availability of experts in the job market?
  • Degree of differences: How distinct are your organization’s requirements compared to the standard? Understanding the extent of the differences determine the level of effort required for alignment.
  • The necessity of differences: Consider whether the organization needs to deviate from the standard or if the differences can be minimized by adapting internal processes to align more closely with the standard.
  • Domain expertise: Assess whether your organization has enough domain experts who can effectively maintain and manage your domain model.

Weighing the costs of adoption against the potential future benefits can be challenging. However, the effort invested in the long-term typically pays off, especially considering the potential advantages such as community support, standardization, interoperability, and scalability. You can address the challenges of working with FHIR APIs with SPsoft. We are a trusted tech partner that can help you develop industry-compliant healthcare solutions.

Final Thoughts

The healthcare industry has recognized the urgent need for reliable data management in recent years. There has also been a growing demand for transparency, encompassing aspects such as pricing and patient records. The lessons learned from the COVID-19 pandemic have further emphasized the crucial role APIs play in the global healthcare sector.

Adhering to the FHIR standard ensures customer and patient safety, security, and protection during electronic data transfers. That is why it is a good time for you to partner up with a reliable healthcare software development company like SPsoft with experience developing such solutions. This proactive approach will help avoid additional ongoing expenses that could further burden the already high costs associated with patient care.

Answer the tough questions and master the art of building FHIR-compliant APIs with SPsoft.


Is the SMART on FHIR open source?

Yes, SMART on FHIR is an open-source project. The SMART initiative provides an open and collaborative framework for developing healthcare applications that can seamlessly integrate with electronic health records using the FHIR standard. The SMART on FHIR authentication specification and related tools are available as open-source resources, allowing developers to leverage and contribute to the project.

What is an FHIR-based API?

An FHIR-based API is an application programming interface that follows the specifications and principles outlined in the FHIR standard. FHIR is a data exchange standard developed by HL7 for the healthcare industry. An FHIR-based API allows for the exchange and interoperability of healthcare data in a standardized format.

Is the FHIR API free?

The FHIR standard itself is free and open for use. However, the cost of implementing an FHIR API can vary depending on various factors. The development, implementation, and maintenance of an FHIR-based API may involve costs such as software development, infrastructure, security measures, and ongoing support.

Is FHIR an open API?

FHIR is an open and freely available healthcare data exchange and interoperability standard developed and maintained by HL7.

What is the FHIR API?

​​The FHIR API is designed and implemented based on the FHIR standard. It provides a standardized approach for healthcare systems, applications, and organizations to communicate and share healthcare information in a consistent and interoperable manner.

Share article

Related articles

Mobile Technology in Healthcare — Key Benefits, Challenges, Trends, and Examples

Mobile Technology in Healthcare — Key Benefits, ...

Read More
​​HIPAA-Compliant App Development for Healthcare: A Complex Guide for 2023

​​HIPAA-Compliant App Development for Healthcare: ...

Read More
Standing at the Brink of a Change: How Patient Engagement Technology Transforms Healthcare

Standing at the Brink of a Change: How Patient ...

Read More

Contact us

Talk to us and get your project moving!