NeurixaHealthAI™ implements the full SMART on FHIR specification — EHR launch, standalone launch, backend services, and SMART Health Cards — so your apps get the right data for the right user at the right time.
Capabilities
Every component of the SMART on FHIR specification — from app registration to token revocation — built, maintained, and monitored by NeurixaHealthAI™.
Full support for both EHR launch (app launched from within the EHR with patient context) and standalone launch flows with PKCE and state validation.
Resource-level read/write scopes (patient/Observation.read, user/MedicationRequest.write) plus system-level scopes for backend service access.
Launch contexts carry patient, encounter, and user identifiers. Apps receive pre-populated context without additional API calls.
Asymmetric key authentication (JWT client assertions) for server-to-server access — enabling bulk data export and population-level AI workflows.
Automatic access token refresh with configurable expiry. Instant token revocation on logout or security events with audit logging.
Tenant-isolated authorization servers with per-tenant scope policies, allowed app registries, and custom consent workflows.
Patient-facing consent UI for data sharing decisions. Granular consent records stored as FHIR Consent resources with full audit trail.
Self-service app registration with redirect URI validation, scope request review, and automated sandbox provisioning for developers.
Issue and verify SMART Health Cards (W3C Verifiable Credentials) for vaccination records, lab results, and insurance verification.
Authorization Scopes
200+ SMART scopes supported. Resource-level, user-level, and system-level scopes for every clinical data access pattern.
Authorization Flow
Developer registers app in the SMART portal. Redirect URIs, requested scopes, and launch types configured and reviewed.
EHR launches app with iss and launch parameters, or user navigates directly for standalone launch. PKCE code verifier generated.
App redirects to authorization endpoint with requested scopes and PKCE code challenge. Patient and encounter context pre-populated.
Clinician or patient reviews requested scopes and grants consent. Consent recorded as FHIR Consent resource.
Authorization code exchanged for access token, ID token, and optional refresh token. Launch context embedded in token response.
App calls FHIR API with Bearer token. Scopes enforced at resource level. All access logged as AuditEvent resources.
Related Frameworks
Register your app in the NeurixaHealthAI™ SMART portal and get sandbox credentials in minutes. Production launch in days.