What is SMART?
SMART(Substitutable Medical Apps, Reusable Technology) is an App Platform for Healthcare. SMART Health IT is an open, standards-based technology platform that enables innovators to create apps that seamlessly and securely run across the healthcare system. Using an electronic health record (EHR) system or data warehouse that supports the SMART standard, patients, doctors, and healthcare practitioners can draw on this library of apps to improve clinical care, research, and public health.
What is SMART on FHIR?
SMART (“Substitutable Medical Applications, Reusable Technologies”) on FHIR is an open, HL7 FHIR standard-based platform that enables developers to create apps that can securely and seamlessly be operational on all the healthcare computer systems. SMART on FHIR is a set of open specifications to integrate apps with Electronic Health Records, portals, Health Information Exchanges, and other Health IT systems.
Integrating SMART app with Allscripts
Lets first understand the following two related concepts for Allscripts as these are used in the coming sections.
1. Application Store
App store for Allscripts like Apple or Android where you can publish your patient or provider facing apps for users. Once the user is interested in your app there are steps needed to integrate that app into Allscripts in user premises. So in order to publish an application on Allscripts Application Store developers must first register with their Developer program and then Integrator program. To access go to URL https://developer.allscripts.com/
2. Allscripts Developer Program
It’s the place where you register your app with Allscripts that can later be deployed to Application Store. One must have a valid account at Allscripts to register an application with Allscripts that can later be published to Application Store.
You can test your app after registration with Allscripts. While registering with Allscripts you would be required to select client type (Confidential client/Public client) along with your app type and other information. After registration, you will have a client_id and a client_secret for your application to launch your app. To access go to https://developer.allscripts.com. See the section below “Allscripts Launch Sequences” for more details on code.
Here is snap from Allscripts registration screen:
(Figure: Application registration screen on Allscripts )
Allscripts Launch Sequences
As per SMART standards, Allscripts integration allows to launch the app in two SMART supported contexts:
- Launch with EHR Context – Provider Facing Application
- Standalone Launch – Patient Facing Application
Here we will only discuss Launch with EHR Context – Provider Facing Application.
Launch with EHR context – Provider Facing Application
Allscripts supports EHR Launch for provider facing applications only. You can deploy your provider facing application at any server and using Allscripts provided URL you can launch it in the EHR context as there is no user interface to launch your application.
There are three different sandbox environments from Allscripts and their test Launch URLs are:
- Professional 17.1: https://my.smartonfhirapp.org/launch.html?launch=54520&iss=https://pro171.open.allscripts.com/FHIR
- Touchworks 17.1: https://my.smartonfhirapp.org/launch.html?launch=19&iss=https://tw171.open.allscripts.com/FHIR
- Sunrise 16.3 Dev: https://my.smartonfhirapp.org/launch.html?launch=385800201&iss=https://scm163dev.open.allscripts.com/FHIR
Note: launch parameter int sandbox launch URLs contain the test patient id as there is no interface to select a patient from Allscripts sandbox.
And in launch.html :
Make sure client_id, client_secret and redirect_uri given in code are exactly we have on Allscripts registration screen. See ( Figure: Application registration screen on Allscripts )
Here is what happens when you do it:
- Allscripts will open your web app with at least two URL parameters:
- launch contains a SMART on FHIR launch token
- iss contains Allscripts’s base FHIR server URL
Your web application should query Allscripts’s FHIR server’s metadata endpoint e.g. (https://pro171.open.allscripts.com/FHIR/metadata) to find Allscripts’s OAuth2 authorization and token endpoints.
2. In order to bind your web app’s session with the existing end-users EHR session, your app should redirect the browser to the Allscripts OAuth authorization endpoint with the following parameters:
- response_type = “code”
- client_id = client_id (defined above)
- client_secret = client_secret (defined above)
- redirect_uri = redirect_url (defined in the above form)
- launch = the launch token (as passed to your web app’s launch URL)
- state = <an opaque value used by the client to maintain state between the request and callback.>
- scope = “launch” (this is necessary to indicate the app is launching from the EMR context to enable single sign-on)
Allscripts will then redirect to your provided redirect URL with an authorization code and the state parameter you provided.
3. Your web app should exchange the authorization code for an access token by posting the following parameters to Allscripts’s OAuth token service:
- grant_type = “authorization_code”
- code = the authorization code your web app received
- redirect_uri = redirect_url (defined in the above form)
- client_id = client_id (defined in the above form)
Allscripts will return an access_token. (In a production customer environment, a health system may configure additional SMART launch parameters which will be presented to your app during an EHR launch alongside the access_token, just as a user parameter is presented from this internal environment.)
4. Your web app can use the time-limited access token to access Allscripts’ FHIR resources. Include the token as a “Bearer” token in the Authorization HTTP header as part of your RESTful queries.
SMART on FHIR JS Client
The code snippets from the SMART app Technosoft developed. We have used SMART on FHIR JS client in an application. It handles lots of stuff automatically for you. For example when launching in the EHR context; it automatically gets the parameters passed in query string including FHIR server URL. After you have the FHIR server URL, call conformance API to know authorization endpoints. Then hit the authorization server sending token to authorize your app. If a successful authorization server will send the access token back. This access token can be used to call the FHIR APIs to get patient info.
If you are not using SMART on FHIR JS client we have to handle all that stuff ourselves and guide is available or SMART on FHIR website and Allscripts’s sandbox website.
The SMART sandbox that mimics a real EHR to test and demonstrate apps for practitioners and patients that use the SMART on FHIR platform to access clinical data.
SMART on FHIR app launcher
FHIR launch context
Allscripts FHIR documentation