SMART on FHIR with Okta
See the Okta SMART on FHIR - Implementation Template asset, which walks you through how to set up a reference SMART on FHIR implementation on Anypoint Platform using Okta as the identity provider.
The Substitutable Medical Applications and Reusable Technology (SMART) is a web/mobile app, which is typically embedded in EHR but can also serve as a standalone smartphone app. SMART on FHIR provides a consistent approach to security and data requirements for health applications. It also provides a workflow to securely request access to data, receive the data, and use the data.
SMART on FHIR addresses the following three key aspects:
-
Identity and access management by using the OpenID Connect identity management protocol with different categories of scopes
-
Clinical data (example,
patient/Observation.read
) -
Contextual data (example,
launch/patient
) -
Identity data (example,
openid fhirUser
)
-
-
Access to the data using FHIR based APIs
-
Launch workflow for different use cases such as:
-
Patient apps that launch standalone
-
Patient apps that launch from an EHR portal
-
Provider apps that launch standalone
-
Provider apps that launch from an EHR portal
-
Anypoint platform supports SMART on FHIR in the following ways:
-
Identity and access management
-
Provisioning third-party OIDC client provider like Okta for identity management
-
Out-of-the-box OpenID Connect token enforcement policy
-
Leverage OAuth provider information in the
authentication
object for custom policy
-
-
Access to the data using FHIR based APIs
-
MuleSoft Accelerator for Healthcare provides FHIR R4 specifications for all the FHIR resources
-
Out-of-the-box cross origin resource sharing (CORS) policy enables cross origin data exchange.
-