As healthcare data becomes more digitized, the need for accessible, interoperable applications that seamlessly access and integrate EHR data is important. The SMART App Launch framework is built on the FHIR standard, which fulfills the need by enabling third-party applications to connect with EHR data securely. Whether launching directly from within an EHR, a personal health record, or a patient portal, the framework provides a unified, secure approach for various users, from clinicians to patients, to access critical health data.
This framework offers a flexible authorization protocol, supporting several application architectures, including mobile apps running on end-user devices and web-based apps hosted on secure servers. From clinical decision support and data visualization to data collection and case reporting, these applications open new possibilities for more personalized, data-driven healthcare.
This article will explore how the standalone launch transforms healthcare technology and discuss its implications for patients, providers, and the healthcare ecosystem.
The standalone launch is a feature within the SMART on FHIR framework that allows third-party applications to connect to EHR data independently, without initiating the app from within an existing EHR user session. This standalone launch flow is ideal for applications used by patients or providers outside the direct interface of an EHR system, developing a flexible and user-friendly approach to data access.
When using a standalone launch, Epic—or another EHR—serves as the Auth0 2.0 identity provider, handling secure user authentication. This setup allows apps to use Epic’s authentication server as a centralized method for verifying user identity, streamlining the integration process across multiple clients. This standardization reduces development complexity, enabling developers to rely on a single Auth0 2.0 authorization framework for various applications, which ultimately helps save time when integrating custom authorization methods for each client.
Related Read – Guide to Smart EHR Launch for Epic
The SMART standalone launch process allows third-party applications to securely access EHR data without being launched directly from within an EHR session. This is particularly useful for applications used independently by patients, providers, or others who need health data access outside the EHR system’s direct user interface. The process leverages Auth0 2.0, a secure authorization protocol, and relies on the EHR authorization server to handle user authentication and grant data access through a token.
Here’s a detailed breakdown of how the SMART launch works:
A standalone app can be launched independently without needing an EHR or user portal. Unlike the EHR app launch, a standalone app doesn’t require any external platform to initiate its launch. The standalone launch represents the interaction between the patient, the app, the FHIR server, and the authorization server, obtaining access to FHIR resources after the launch.
The user launches the third-party application (e.g., a web or mobile app) using a URL with the iss (issuer) query parameter. The iss parameter identifies the FHIR server’s base URL. This step initializes the process and provides the app with the location of the FHIR server that hosts the patient’s health data.
The third-party app requests the FHIR servers /.well-known/smart-configuration endpoint (discovered from the iss URL) to fetch the server’s metadata. The metadata provides essential data, including the authorization server endpoint and supported capabilities.
The app extracts the Authorization Server endpoint from the metadata response. The step identifies the server responsible for managing the OAuth 2.0 authorization process for secure user authentication.
The app sends an authorization request to the server. This request includes:
🔸 The launch and user scopes define the app’s context (e.g., access to specific user data).
🔸 Redirect URIs and other client app details.
This request prompts users to log in and approve the third-party app’s access to their health data.
Once the user approves the authorization, the server redirects the user to the app’s callback URL (e.g., App/index.html), including an authorization code. The user grants permission, and the app receives a temporary authorization code.
The app exchanges the received authorization code for an access token by requesting the authorization server. The access token is a “key” that allows the app to retrieve data from the FHIR server.
The authorization server verifies the request and issues an access token to the app. This token confirms that the app can access specific FHIR resources for the logged-in patient.
The app uses the access token to request specific FHIR resources (e.g., user demographics and clinical records) from the FHIR server. This step retrieves the authorized data that the app needs to display or process.
The app processes and displays the retrieved data to the user via the user interface (e.g., in the dashboard or summary page). The final step delivers meaningful, personalized insights to the user based on their health data.
To enable your application for a standalone launch using Epic’s SMART on FHIR integration, you will need to register it with Epic’s authorization server. This registration process allows Epic to authenticate your app, manage authorization scopes, and control access to its FHIR resources. Here’s a short guide to registering your application with Epic for a standalone launch:
Once enrolled in App Orchard, you’ll be required to fill out the details about your app for registration. The details include:
Outline any context requirements for your app to function properly, such as patient ID. Epic will use these requirements to set up appropriate permissions during the authorization process.
After receiving approval, your app will be authorized for a standalone launch and can be deployed in a live environment. Patients, providers, and other users can use your app independently to securely access Epic EHR data, with all permissions managed through Epic’s authorization server.
Every healthcare solution needs seamless interoperability that empowers patients, improves clinical workflows, and drives quality outcomes. The standalone launch framework provides a solution for applications to securely access EHR data independently, facilitating real-time insights and interactions for patients and providers beyond traditional EHR boundaries. By enabling standalone access through secure authentication and relevant protocols, the EHR expands the capabilities of healthcare applications, bringing the industry closer to a more connected and patient-centered future.
With Mindbowser’s expertise in EHR integration and healthcare technology, launching your standalone EHR app becomes a streamlined process. We manage the setup complexities, configuration, and compliance, allowing you to focus on creating impactful, user-centered experiences that resonate with both healthcare providers and patients.
A standalone app can be launched independently without needing an EHR or user portal. Unlike the EHR app launch, a standalone app doesn’t require any external platform to initiate its launch. The standalone launch represents the interaction between the patient, the app, the FHIR server, and the authorization server, obtaining access to FHIR resources after the launch.
The user launches the third-party application (e.g., a web or mobile app) using a URL with the iss (issuer) query parameter. The iss parameter identifies the FHIR server’s base URL. This step initializes the process and provides the app with the location of the FHIR server that hosts the patient’s health data.
The third-party app requests the FHIR servers /.well-known/smart-configuration endpoint (discovered from the iss URL) to fetch the server’s metadata. The metadata provides essential data, including the authorization server endpoint and supported capabilities.
The app extracts the Authorization Server endpoint from the metadata response. The step identifies the server responsible for managing the OAuth 2.0 authorization process for secure user authentication.
The app sends an authorization request to the server. This request includes:
🔸 The launch and user scopes define the app’s context (e.g., access to specific user data).
🔸 Redirect URIs and other client app details.
This request prompts users to log in and approve the third-party app’s access to their health data.
Once the user approves the authorization, the server redirects the user to the app’s callback URL (e.g., App/index.html), including an authorization code. The user grants permission, and the app receives a temporary authorization code.
The app exchanges the received authorization code for an access token by requesting the authorization server. The access token is a “key” that allows the app to retrieve data from the FHIR server.
The authorization server verifies the request and issues an access token to the app. This token confirms that the app can access specific FHIR resources for the logged-in patient.
The app uses the access token to request specific FHIR resources (e.g., user demographics and clinical records) from the FHIR server. This step retrieves the authorized data that the app needs to display or process.
The app processes and displays the retrieved data to the user via the user interface (e.g., in the dashboard or summary page). The final step delivers meaningful, personalized insights to the user based on their health data.
A Deep Dive into Modern Clinical Workflows with AI Agents & CDS Hooks
Register NowThe team at Mindbowser was highly professional, patient, and collaborative throughout our engagement. They struck the right balance between offering guidance and taking direction, which made the development process smooth. Although our project wasn’t related to healthcare, we clearly benefited...
Founder, Texas Ranch Security
Mindbowser played a crucial role in helping us bring everything together into a unified, cohesive product. Their commitment to industry-standard coding practices made an enormous difference, allowing developers to seamlessly transition in and out of the project without any confusion....
CEO, MarketsAI
I'm thrilled to be partnering with Mindbowser on our journey with TravelRite. The collaboration has been exceptional, and I’m truly grateful for the dedication and expertise the team has brought to the development process. Their commitment to our mission is...
Founder & CEO, TravelRite
The Mindbowser team's professionalism consistently impressed me. Their commitment to quality shone through in every aspect of the project. They truly went the extra mile, ensuring they understood our needs perfectly and were always willing to invest the time to...
CTO, New Day Therapeutics
I collaborated with Mindbowser for several years on a complex SaaS platform project. They took over a partially completed project and successfully transformed it into a fully functional and robust platform. Throughout the entire process, the quality of their work...
President, E.B. Carlson
Mindbowser and team are professional, talented and very responsive. They got us through a challenging situation with our IOT product successfully. They will be our go to dev team going forward.
Founder, Cascada
Amazing team to work with. Very responsive and very skilled in both front and backend engineering. Looking forward to our next project together.
Co-Founder, Emerge
The team is great to work with. Very professional, on task, and efficient.
Founder, PeriopMD
I can not express enough how pleased we are with the whole team. From the first call and meeting, they took our vision and ran with it. Communication was easy and everyone was flexible to our schedule. I’m excited to...
Founder, Seeke
We had very close go live timeline and Mindbowser team got us live a month before.
CEO, BuyNow WorldWide
If you want a team of great developers, I recommend them for the next project.
Founder, Teach Reach
Mindbowser built both iOS and Android apps for Mindworks, that have stood the test of time. 5 years later they still function quite beautifully. Their team always met their objectives and I'm very happy with the end result. Thank you!
Founder, Mindworks
Mindbowser has delivered a much better quality product than our previous tech vendors. Our product is stable and passed Well Architected Framework Review from AWS.
CEO, PurpleAnt
I am happy to share that we got USD 10k in cloud credits courtesy of our friends at Mindbowser. Thank you Pravin and Ayush, this means a lot to us.
CTO, Shortlist
Mindbowser is one of the reasons that our app is successful. These guys have been a great team.
Founder & CEO, MangoMirror
Kudos for all your hard work and diligence on the Telehealth platform project. You made it possible.
CEO, ThriveHealth
Mindbowser helped us build an awesome iOS app to bring balance to people’s lives.
CEO, SMILINGMIND
They were a very responsive team! Extremely easy to communicate and work with!
Founder & CEO, TotTech
We’ve had very little-to-no hiccups at all—it’s been a really pleasurable experience.
Co-Founder, TEAM8s
Mindbowser was very helpful with explaining the development process and started quickly on the project.
Executive Director of Product Development, Innovation Lab
The greatest benefit we got from Mindbowser is the expertise. Their team has developed apps in all different industries with all types of social proofs.
Co-Founder, Vesica
Mindbowser is professional, efficient and thorough.
Consultant, XPRIZE
Very committed, they create beautiful apps and are very benevolent. They have brilliant Ideas.
Founder, S.T.A.R.S of Wellness
Mindbowser was great; they listened to us a lot and helped us hone in on the actual idea of the app. They had put together fantastic wireframes for us.
Co-Founder, Flat Earth
Ayush was responsive and paired me with the best team member possible, to complete my complex vision and project. Could not be happier.
Founder, Child Life On Call
The team from Mindbowser stayed on task, asked the right questions, and completed the required tasks in a timely fashion! Strong work team!
CEO, SDOH2Health LLC
Mindbowser was easy to work with and hit the ground running, immediately feeling like part of our team.
CEO, Stealth Startup
Mindbowser was an excellent partner in developing my fitness app. They were patient, attentive, & understood my business needs. The end product exceeded my expectations. Thrilled to share it globally.
Owner, Phalanx
Mindbowser's expertise in tech, process & mobile development made them our choice for our app. The team was dedicated to the process & delivered high-quality features on time. They also gave valuable industry advice. Highly recommend them for app development...
Co-Founder, Fox&Fork