SMART App Launch
EHR-launched apps with proper OAuth2 flows, launch context handoff, and token refresh.
SMART on FHIR
SMART on FHIR apps embedded inside Epic and Cerner
We build SMART on FHIR applications that launch directly inside EHR clinician workflows — authorisation flows, launch contexts, CDS Hooks, and marketplace submission handled end-to-end.
SMART v2OAuth2 / OIDCCDS HooksApp Orchard
Trusted by global innovators
The authorised app layer that turns EHRs into platforms
SMART on FHIR is how third-party apps run inside Epic, Cerner, and other major EHRs — with proper authentication, scoped PHI access, and clinician launch context.
3+
Launch contexts supported (patient, user, system)
OAuth2
Standard auth for SMART apps
100%
Marketplace submission prep included
What it is
SMART on FHIR vs vanilla FHIR
FHIR is the data standard — how clinical data is modelled and accessed. SMART on FHIR is the application framework layered on top: how an app authenticates, what PHI it's allowed to see, and how it launches inside an EHR's clinician or patient workflow.
You can use FHIR without SMART (backend-to-backend integration). You need SMART when your app runs inside the EHR — launched from a clinician's chart view, scoped to the current patient, authenticated as the current user.
Core capabilities
What we ship
A full SMART on FHIR practice — from launch and auth through marketplace submission.
Standalone SMART apps
Patient-facing apps that launch outside the EHR but access data via SMART auth.
Backend Services SMART
System-level apps with asymmetric keys for population-level workflows.
CDS Hooks integration
Decision-support triggers embedded in clinician workflow — order-select, patient-view, and others.
US Core profile support
Building against US Core for broader EHR compatibility.
Epic App Orchard
Submission preparation, sandbox validation, and marketplace launch.
Cerner Code Program
Cerner Code onboarding, Ignite APIs, and production promotion.
Multi-tenant SMART apps
SMART apps that serve multiple provider organisations with per-tenant isolation.
Analytics & outcome tracking
Usage analytics and outcome tracking for SMART apps in production.
Launch contexts
Launch contexts: patient, user, encounter
SMART apps receive context from the EHR at launch — which patient is in the chart, which clinician is using it, which encounter is open. This is what separates SMART apps from generic OAuth apps.
Patient context
- Current patient ID from the chart view
- FHIR scopes narrowed to this patient's data
- Used by most clinician-facing apps
User context
- Authenticated clinician ID
- Clinical role and permissions
- Used for audit trail and role-based behaviour
Encounter context
- Active encounter / visit ID
- Scopes data to the current visit
- Used for visit-specific documentation and orders
SMART launch patterns
EHR Launch vs Standalone vs Backend Services
The three SMART on FHIR launch patterns — and when each fits.
| Dimension | EHR Launch | Standalone Launch | Backend Services |
|---|---|---|---|
| Who launches it | Clinician inside the EHR | Patient / user on web or mobile | Automated system process |
| Context | Patient, user, encounter | User (no patient context by default) | No user context |
| Auth flow | OAuth2 with launch parameter | OAuth2 authorisation code | OAuth2 client credentials + JWT |
| Typical use | Clinician-facing embedded app | Patient portal app | Population-level workflows |
| PHI access scope | Scoped to current patient + user | Scoped to the authenticated patient | System-level with contract scope |
| Marketplace review | Yes (App Orchard / Code) | Usually yes | Contract-specific |
Most clinical decision-support apps use EHR Launch. Patient portals use Standalone. Population health tools use Backend Services.
Where it runs
SMART on FHIR use cases
Clinical decision support
In-workflow decision support launched from a patient's chart.
Specialty clinical tools
Oncology decision aids, cardiology calculators, derm imaging aids.
Patient-facing portals
Standalone patient apps with authenticated FHIR access.
Population health
Backend Services SMART apps for cohort-level workflows.
CDS Hooks services
Decision-support triggers at key points — order-select, patient-view.
Third-party specialty integrations
Lab, imaging, and specialty vendor apps that run inside the EHR.
How we ship
Our SMART on FHIR delivery process
Step 01
Use case & EHR target selection
Which EHR, which launch pattern, which FHIR resources are needed?
Step 02
Sandbox onboarding
Epic App Orchard sandbox, Cerner Code sandbox, or vendor-specific onboarding.
Step 03
Auth & launch flow
OAuth2 / OIDC flows, launch parameter handling, and token refresh.
Step 04
SMART app engineering
App UI, FHIR data access, and clinician workflow integration.
Step 05
CDS Hooks (if applicable)
Decision-support triggers embedded in workflow events.
Step 06
Marketplace submission
App Orchard / Code submission with technical and clinical documentation.
What usually goes wrong
SMART on FHIR pitfalls — and how we handle them
Challenge
Sandbox access takes months
Agnotic approach
Submit sandbox access requests in week one; run parallel engineering while waiting.
Challenge
FHIR coverage varies across EHR versions
Agnotic approach
Capability assessment upfront — what resources are exposed, what's missing, how to fall back.
Challenge
Marketplace submission timelines surprise teams
Agnotic approach
App Orchard / Code submission is planned from the start, not added at the end.
Challenge
OAuth2 launch flow subtleties break apps at go-live
Agnotic approach
Rigorous launch-flow testing across patient, user, and encounter contexts before production promotion.
Standards we build against
SMART on FHIR standards
FHIRHL7HIPAAHITECHHITRUST
Engineered for Healthcare Compliance, Backed by Global Standards
Every Agnotic healthcare build is architected for privacy, interoperability, and regulatory readiness from the first commit — not retrofitted before launch.
Health Insurance Portability and Accountability Act
Protect PHI with privacy-first architecture, encrypted storage and transmission, strict access controls, and traceable audit logs.
General Data Protection Regulation
Implement lawful consent flows, data minimization, retention controls, and secure processing for sensitive reproductive and health data.
Fast Healthcare Interoperability Resources
Enable standardized health data exchange across apps, care teams, and systems through robust FHIR-ready APIs and mappings.
Health Level Seven International
Support enterprise-grade interoperability with HL7-based integrations for records, events, and clinical messaging workflows.
Health Information Trust Alliance
Align security programs to healthcare-specific controls and risk management practices trusted by providers and partners.
Health Information Technology for Economic and Clinical Health Act
Design with breach notification readiness, digital record safeguards, and operational controls that support regulated care programs.
Food and Drug Administration Software as a Medical Device
Plan software quality, traceability, and documentation pathways for products that may require SaMD review and regulatory submission.
Medical Device Regulation (European Union)
Prepare EU market-ready processes for risk classification, evidence tracking, and lifecycle governance under MDR expectations.
Substance Abuse and Mental Health Services Administration (42 CFR Part 2)
Apply confidentiality controls and consent-aware sharing models for behavioral and mental health related data experiences.
We Are Technology-Agnostic
With a diverse technology stack, we deliver solutions using a technology-Agnostic approach to meet your unique needs.
Wireframe & Ideation
User Experience
Real-Time Projects
Voices of Success
We don't just build products; we forge lasting partnerships. See how we've helped industry leaders transform their vision into technical reality.
"I can clearly see how Agnotic has a unique way of handling end-to-end development. They are always active on quick chat and provide support quickly."
Aaron Phelan
Founder, Benchmark
"Agnotic is the best technical team we evaluated. Their engineering excellence made our work dramatically easier and allowed us to stay focused on what matters most for maternal care outcomes. They took full ownership of the technical execution, and we are always happy to continue working together."
Kim Smith
Founder, My Lauren
"Agnotic combines deep technical expertise with strong domain knowledge. They understand the business context, anticipate challenges, and make collaboration smooth and effective."
John Pasmore
Founder, Latimer
Frequently Asked Questions
FHIR is the data standard. SMART on FHIR is the app launch and authorisation framework on top. You can use FHIR without SMART for backend-to-backend integration. SMART is what you need when your app runs inside an EHR — launched from a clinician's chart, scoped to the current patient, authenticated as the current user.
Ready to ship a SMART on FHIR app inside the EHR?
Tell us your target EHR and clinical use case. We'll return a sandbox onboarding plan, engineering estimate, and marketplace submission timeline.