×

HL7's new AMS is live!   We are working with Fonteva to resolve log in issues. My Account

Section 1c: FHIR®
Section 3: Implementation Guides

HL7 FHIR® Implementation Guide: SMART Application Launch Framework, Release 2

DESCRIPTION

SMART App Launch 2.0.0 defines a foundational patterns based on OAuth 2.0 for client applications to authorize, authenticate, and integrate with FHIR-based data systems (e.g., Electronic Health Record system, Patient Portal, or Beneficiary Portal).

 

See the specification at http://hl7.org/fhir/smart-app-launch/STU2

ALTERNATIVE NAMES

HL7 FHIR® Implementation Guide: SMART Application Launch Framework, Release 2 may also go by the following names or acronyms:

"HL7 FHIR® IG: SMART App Launch, Release 1", SMART

TARGETS

  • Clinical and Public Health Laboratories
  • Immunization Registries
  • Quality Reporting Agencies
  •  Standards Development Organizations (SDOs)
  • Regulatory Agency
  • Payors
  • Pharmaceutical Vendors
  • EHR, PHR Vendors
  • Equipment Vendors
  • Health Care IT Vendors
  • Clinical Decision Support Systems Vendors
  • Lab Vendors
  • HIS Vendors
  • Emergency Services Providers
  • Local and State Departments of Health
  • Medical Imaging Service Providers
  • Healthcare Institutions (hospitals, long term care, home care, mental health)

 

BENEFITS

  • Provides reliable, secure authorization to access FHIR resources 
  • Enables connection of diverse health IT systems with user-facing apps to support clinical care, consumer access, and research

 

IMPLEMENTATIONS/CASE STUDIES

  • Argonaut
  • SMART

 

As one example, this specification can be used to meet US regulations for "Patient Application Access" by connecting patient-facing apps to an EHR portal.

DEVELOPMENT BACKGROUND

STU 2: The SMART on FHIR v1 IG has been widely adopted for clinician- and patient-facing app integration into EHRs and other FHIR data systems. Based on community feedback, the [Argonaut Project](https://confluence.hl7.org/display/AP/Argonaut+Project+Home) has undertaken a 2020 effort to revise and improve the SMART App Launch IG. A key area of focus in adding support for "granular permissions," e.g. to provide access to resources at the category level in addition to the type level. This would allow apps to request narrower access, like "all vital signs" rather than "all observations."

Enhancements and Clarifications to the SMART App Launch specification (see Jira change request [FHIR-30578](https://jira.hl7.org/browse/FHIR-30578) for a log of changes included in the ballot):

  •  Clarification on launch context scope - New scope syntax for granular permissions
  •  `POST`-based authorization
  •  Addition of PKCE to authorization requirements
  •  Profile token introspection - Guidance for communicating permissions to end users
  •  Update discovery properties to support these changes.

Several new pages have been added to this version of SMART App Launch Implementation Guide. A new *Overview* page has been been added to introduce the reader to the guide. The *Backend Services* pages has been moved from [FHIR Bulk Data Access](http://hl7.org/fhir/uv/bulkdata/) to consolidate the patterns for client authorization. There are new pages to define two patterns for client authentication -*Asymmetric (public key)* and *Symmetric (shared secret)*. The *Token Introspection* page documents how to support token introspection and there is and informative *Best Practices* page. Finally, the *Launch and Authorization* page has been extensively rewritten to make it clearer, and more reader friendly.

RELATED DOCUMENTS

HL7 FHIR® Implementation Guide: SMART Application Launch Framework, Release 2

STU DOCUMENTS

HL7 FHIR® IG: SMART Application Launch Framework, Release 1 See the standard at http://hl7.org/fhir/uv/smart-app-launch/STU2. (Submit Feedback on STU)

TOPIC

  • Security and Privacy

BALLOT TYPE

  • STU

STATUS DATE

2021-11-25

RESPONSIBLE WORK GROUP

FHIR Infrastructure

STAKEHOLDERS

  • Clinical and Public Health Laboratories
  • Clinical Decision Support Systems Vendors
  • EHR, PHR Vendors
  • Emergency Services Providers
  • Equipment Vendors
  • Health Care IT Vendors
  • Healthcare Institutions
  • HIS Vendors
  • Immunization Registries
  • Lab Vendors
  • Local and State Departments of Health
  • Medical Imaging Service Providers
  • Payors
  • Pharmaceutical Vendors
  • Quality Reporting Agencies
  • Regulatory Agency
  • Standards Development Organizations (SDOs)

FAMILY

  • FHIR

CURRENT STATE

  • Active

REALM

  • Universal