What is HL7 FHIR?

HL7 FHIR is a key concept in healthcare IT that affects your practice operations and compliance. Qventive helps practices understand and implement HL7 FHIR with 30+ years of expertise.

Our Observe-Improve-Prevent methodology ensures every implementation starts with your actual workflow. Book a free assessment.

Ready to Talk?

30-minute assessment. No pitch.

Book Assessment (201) 488-2750

Resources

HIPAA at HHS.gov ↗MIPS at CMS.gov ↗NIST Framework ↗

What FHIR Actually Is

Plain-English explanation.

FHIR is a healthcare data exchange standard developed by HL7 International. It defines how clinical and administrative data should be structured, how systems should request and respond to data requests, and how authentication and authorization should work. FHIR uses modern web technologies (REST APIs, JSON, OAuth 2.0) that are familiar to developers outside healthcare.

Core concept: Resources. FHIR organizes healthcare data into discrete "resources" — Patient, Observation, Medication, Condition, Encounter, Practitioner, and about 150 others. Each resource is a defined data structure with standard fields. Applications exchange resources via REST APIs — making healthcare data exchange look architecturally similar to exchanging data between any modern web applications.

Why FHIR matters: it makes healthcare interoperability achievable without each integration being a custom project. App developers can build healthcare applications using familiar tools; EHR vendors can expose standard APIs rather than custom interfaces; patients can authorize apps to access their records using OAuth 2.0 patterns familiar from consumer technology.

FHIR vs HL7 v2

How FHIR differs from the older standard.

HL7 v2 — the older HL7 messaging standard (v2.3, v2.5, v2.6 in common use) — uses pipe-delimited text messages transmitted via MLLP (Minimum Lower Layer Protocol) over TCP/IP. Widely deployed, still operational in most healthcare integration today, particularly for lab results and admission/discharge/transfer messages. Works well for its original purpose but requires specialized integration expertise.

FHIR — modern replacement using web-native patterns. JSON or XML data format, REST API (request/response over HTTP), OAuth 2.0 authentication. Familiar to any web developer. Better for patient-facing applications, mobile apps, and modern interoperability patterns.

Coexistence: FHIR and HL7 v2 coexist. FHIR is growing rapidly for new integrations; v2 continues to run existing integration infrastructure. Healthcare IT environments commonly have both. See our healthcare interoperability page for broader context.

FHIR in Real-World Deployment

Where FHIR is actually being used in 2026.

Patient-authorized app access

The most visible FHIR deployment. Patient apps (Apple Health, Google Fit, Fitbit, and specialized health apps) authenticate via OAuth 2.0 and pull patient records from certified EHRs using FHIR APIs. Driven by information blocking rule requirements and ONC certification. Every major EHR now exposes patient-facing FHIR API.

Provider-to-provider data exchange

Increasingly common. FHIR enables structured query for specific patient data between providers rather than bulk document exchange. Particularly useful for care coordination scenarios where specific data points matter (most recent lab values, current medications, allergies).

Payer data exchange

CMS Interoperability Rule (driven by 21st Century Cures Act) requires payers to expose patient data via FHIR APIs. Patient access API, Provider Directory API, and Payer-to-Payer data exchange all use FHIR. Medicare Advantage, Medicaid managed care, and CHIP plans subject to these requirements.

Clinical decision support

SMART on FHIR apps — clinical applications that run within EHRs using FHIR data access. Enables third-party clinical decision support tools to integrate with EHRs without custom integration projects. Growing deployment for specialty-specific decision support.

Bulk data export

FHIR Bulk Data Access (Flat FHIR) enables batch export of patient data sets for population health, research, and analytics. Asynchronous pattern designed for large data exports.

FHIR Versions

The version landscape.

FHIR R4 (Release 4) — normative version published in 2019. Currently the version ONC certification requires. Most production FHIR deployments are R4.

FHIR R5 (Release 5) — published in 2023, includes incremental improvements. Adoption emerging; not yet widely deployed in production healthcare integration.

US Core — US-specific implementation guide on top of FHIR R4. Defines data elements and constraints specific to U.S. healthcare use cases. ONC certification requires US Core compliance.

HL7 FHIR specification for authoritative documentation.

What Practices Ask About What is HL7 FHIR

Understand at conceptual level, not implementation level. Practices benefit from understanding that FHIR enables patient app access, provider data exchange, and integration capabilities — helping decisions about patient portal, third-party app integration, and EHR evaluation. Implementation-level FHIR expertise is for developers and IT specialists, not clinicians or practice managers.

If certified under ONC 2015 Edition Cures Update (which essentially all actively-maintained commercial EHRs are), yes. Major platforms like Epic, athenahealth, eCW, Cerner/Oracle Health, NextGen, Allscripts, and Greenway all support FHIR R4 with US Core. Practices on older uncertified systems may lack FHIR support.

Via FHIR API with OAuth 2.0 authentication. Patient authenticates to the EHR through the EHR's login; OAuth authorization grants the app access to the patient's record data; app uses FHIR API to retrieve data. Practice role is primarily ensuring patient portal and FHIR API infrastructure work — technical implementation is EHR vendor-side. See ONC information blocking guidance.

Generally no, without specific justification fitting within exceptions. Information blocking rule prohibits unreasonable interference with patient-authorized data access. Legitimate security concerns about specific apps may fit within Security Exception; general reluctance about third-party apps does not. The rule is designed to prevent providers from blocking patient-authorized app access.

FHIR Bulk Data Access (Flat FHIR) enables batch patient data export for research and analytics. Practices participating in research or analytics programs may use this for data extraction. Separate from transactional FHIR; optimized for large data sets.

FHIR itself is a technical standard; HIPAA applies to any implementation processing PHI. FHIR API deployment must meet HIPAA technical safeguards including encryption, authentication, access controls, and audit logging. Certified EHRs implementing FHIR satisfy HIPAA at the platform level; operational HIPAA compliance remains the covered entity's responsibility.

Yes, for most practices. Strong FHIR support enables current requirements (patient app access, information blocking compliance) and positions practices well for emerging integration needs. Vendor FHIR capability varies; specific capability (which FHIR resources supported, bulk data support, SMART on FHIR support) matters. Testing specific FHIR capabilities during vendor evaluation is appropriate.

Get In Touch

Ready to Modernize Your Practice Technology?

Schedule your free practice technology assessment. Our healthcare IT specialists will review your current systems, identify gaps, and outline a roadmap built specifically for your practice.

30 years of healthcare-only experience
EHR-certified across 7 major platforms
HIPAA-compliant from day one
No long-term contracts required

Book Your Free Assessment

What is HL7 FHIR