EHR integration (FHIR R4 + SMART)
Connect hospital EMRs to the Curably Platform for consent-aware, org-scoped health record exchange and encounter synchronization.
Last updated June 2026
Overview
EHR integration is a core interoperability pillar of the Curably Platform. It enables identity-linked clinical data to move across institutions without re-keying or EMR lock-in.
- Standards: FHIR R4 (REST), SMART on FHIR (OAuth2), optional HL7 v2 bridge for legacy systems
- Direction: Pull demographics, encounters, labs, meds into Curably; push consented notes and codes back to EHR
- Security: TLS 1.2+, per-org credentials, row-level isolation, immutable audit on every sync
Requirements
| Item | Example | Notes |
|---|---|---|
| FHIR base URL | https://ehr.hospital.ng/fhir | Must expose CapabilityStatement |
| Token endpoint | https://ehr.hospital.ng/oauth/token | Client credentials or SMART |
| Authorization endpoint | SMART only | For user-context launches |
| Client registration | Confidential client | Rotate secrets every 90 days |
| Scopes | patient/*.read | Request minimum necessary scopes |
Authentication modes
1. Client credentials (server-to-server)
Best for scheduled batch sync and backfill. Curably obtains a system token from your token endpoint and pulls resources incrementally by _lastUpdated.
2. SMART on FHIR (authorization code + PKCE)
Best for clinician-in-context launches from the provider portal. Discover endpoints automatically via POST /api/provider/smart/metadata with your FHIR base URL.
{
"fhir_base_url": "https://ehr.hospital.ng/fhir"
}Resource mapping
| FHIR resource | Curably target | Notes |
|---|---|---|
| Patient.name | profiles.name | Primary display name |
| Patient.identifier | profiles.cura_id | MRN, NIN, scheme ID |
| Encounter | visits | Check-in and billing anchor |
| Observation | labs.observations | A1C, BP, vitals |
| MedicationRequest | medications | Active prescriptions |
| Consent | consents | Mirrors platform consent state |
Patient matching
Sync policies
- Read window: incremental by lastUpdated; full backfill on first run (configurable patient cohort)
- Write policy: outbound pushes only with active consent and provider authorization
- Conflict resolution: prefer most recent timestamp; ties flagged for review queue
- Retries: exponential backoff with dead-letter queue after threshold; ops alerted via audit
- Revocation: consent revoke halts all outbound writes within seconds
Setup in provider portal
- Navigate to Provider → Admin → EHR Sync
- Enter FHIR base URL; choose Client Credentials or SMART
- For SMART: click Discover Metadata or enter token/authorization URLs manually
- Click Test Endpoints → Connect → Sync Now
- Review mapping preview and audit logs for 72 hours before enabling schedule
API endpoints
/api/provider/smart/metadataDiscover SMART configuration from FHIR base URL.
/api/provider/smart/authorizeInitiate SMART authorization flow (redirect).
/api/provider/smart/callbackOAuth callback handler after user authorization.
/api/provider/smart/syncTrigger on-demand sync for a patient or cohort.
/api/provider/ehrRead current EHR connection status and last sync time.
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
| 401/403 on sync | Expired token or broad scopes | Refresh credentials; reduce scopes |
| 404 on metadata | Wrong base URL | Verify /metadata and network allowlist |
| Patient not linking | Identifier mismatch | Align MRN/NIN mapping rules |
| 429 responses | High page size | Reduce _count; add backoff |
| Stale data after revoke | Cached EHR session | Force token refresh; check consent API |
Network: allowlist Curably egress IPs if your FHIR API is behind a firewall. Pin to hospital CA if policy requires mutual TLS.