Skip to content

Core

Core patterns form the foundation of any FHIR interoperability system. These patterns focus on fundamental routing, security, and privacy concerns that are essential for healthcare data exchange.

Core patterns address the most common and critical challenges in healthcare interoperability:

  • Routing and mediation of requests across multiple FHIR endpoints
  • Authentication and authorization using SMART on FHIR protocols
  • Privacy and consent enforcement to protect patient data
  • Service discovery for dynamic endpoint management

The Core provide essential capabilities:

Broker

Provide a unified entry point for FHIR operations that routes requests to appropriate backend services based on capability, policy, and context.

Key Benefits: - Unified Interface: Clients interact with a single, stable API - Dynamic Routing: Requests automatically flow to capable endpoints - Policy Enforcement: Consistent application of authorization and consent rules - Operational Visibility: Central point for monitoring and audit

Naming and Trading Service

Enable dynamic discovery and selection of FHIR endpoints based on capability requirements and service characteristics, supporting federated healthcare networks.

Key Benefits: - Dynamic Discovery: Endpoints can be added or removed without client changes - Capability Matching: Requests automatically route to capable servers - Load Balancing: Traffic distributed across multiple endpoints - Fault Tolerance: Automatic failover when endpoints become unavailable

Security Strategy

Provide pluggable authentication and authorization strategies for different FHIR access contexts (EHR launch, standalone apps, backend services) using the Strategy design pattern.

Key Benefits: - Flexibility: Support multiple authentication flows in same system - Extensibility: Easy to add new authentication strategies - Separation of Concerns: Authentication logic isolated from business logic - Standards Compliance: Implements SMART on FHIR specifications correctly

Privacy Enforcement

Apply patient consent and data use restrictions through FHIR security labels and consent resources, enabling granular privacy controls across healthcare data exchanges.

Key Benefits: - Granular Control: Support for complex, context-dependent consent rules - Standards-Based: Built on FHIR Consent and Security Labels - Transparent: Clear audit trail of privacy decisions - Flexible: Supports various consent models and regulatory frameworks

Implementation Sequence

When implementing core, we recommend this sequence:

  1. Security Strategy - Establish authentication and authorization foundation
  2. Broker - Implement central routing and policy enforcement
  3. Privacy Enforcement - Add consent and privacy controls
  4. Naming and Trading Service - Enable dynamic service discovery