SMART on FHIR
SMART Defines Two Patterns For Client Authorization
Authorizes a user-facing client application (“App”) to connect to a FHIR Server. This pattern allows for “launch context” such as currently selected patient to be shared with the app, based on a user’s session inside an EHR or other health data software, or based on a user’s selection at launch time. Authorization allows for delegation of a user’s permissions to the app itself.
In SMART’s standalone launch flow, a user selects an app from outside the EHR,
In SMART’s EHR launch flow, a user has established an EHR session, and then decides to launch an app. This could be a single-patient app (which runs in the context of a patient record), or a user-level app (like an appointment manager or a population dashboard).
Authorizes a headless or automated client application (“Backend Service”) to connect to a FHIR Server. This pattern allows for backend services to connect and interact with an EHR when there is no user directly involved in the launch process.