The New Default. Your hub for building smart, fast, and sustainable AI software
Table of Contents
and 5 more
Executive summary:
EHR integration is one of the most consequential technical decisions a HealthTech product will face, and one of the most frequently underestimated.
This guide covers the three primary integration approaches (SMART on FHIR, vendor APIs, and middleware), explains how healthcare interoperability works in practice across Epic, Oracle Health, and legacy HL7 environments.
This guide provides a step-by-step framework for building integrations that survive real hospital infrastructure. It also covers the most common mistakes, a decision framework for choosing the right approach at each product stage, and guidance on when internal teams need a specialized EMR integration solutions provider to close the gap.
EHR integration is where many HealthTech products fail because teams treat it as a late-stage API task. The real complexity often surfaces too late. In practice it’s months-long vendor approval processes, compliance requirements that should have influenced the architecture from day the start, and fragile legacy hospital infrastructure that looks nothing like sandbox environments.
What is EHR integration and why does every HealthTech product eventually need it?
EHR integration is the process of securely exchanging clinical, operational, or administrative data between a healthcare application and an Electronic Health Record (EHR) system, which stores patient medical history and supports clinical workflows.
It enables third-party platforms, from remote patient monitoring tools and telehealth products to AI diagnostics applications, to access patient information and, where necessary, write structured data back into clinical workflows.
For IoMT products specifically, that also means mapping continuous device data streams to structured FHIR resources, managing API rate limits that hospital systems weren't designed for high-frequency inputs, and deciding whether the clinical use case actually requires real-time sync or whether a batched feed is clinically sufficient.
For HealthTech startups, EHR integration is rarely optional because EHR systems are the operational backbone of clinical care. A product that cannot integrate into that environment remains outside the clinician's actual workflow, and in healthcare, tools that sit outside the workflow quickly become extra work.
And clinicians already spend a disproportionate share of their day on documentation and system-based tasks:
A study of primary care physicians found that they spent only about 27% of their time in direct patient contact, compared with roughly 49% on EHR and desk work.
The operational consequences are immediate. When remote patient monitoring (RPM) tools fail to sync data into the EHR in real time or require clinicians to switch systems, they quickly become another burden. In environments already strained by documentation overload, hospitals have little tolerance for tools that increase fragmentation.
Why EHR integration is harder than it looks
Many teams approach EHR integration as a standard API project. In practice, it is a much broader operational challenge involving vendor certification programs or compliance reviews, followed by procurement bottlenecks, and infrastructure shaped by decades of healthcare-specific adaptation.
Market fragmentation makes this even harder because there is no single EHR environment to integrate with. Supporting one major platform does not guarantee compatibility with another, even when both claim adherence to the same interoperability standards. Data models differ, API maturity varies, implementation rules are often vendor-specific, and hospitals frequently customize their environments further.
In the U.S. acute care hospital segment, Epic holds 42.3% of the market, Oracle Health 22.9%, and Meditech 14.8%, according to KLAS Research.
Outside the U.S., the healthcare market is even more fragmented, with regional vendors, country-specific health IT ecosystems, and local interoperability requirements adding layers of complexity.
This means integration complexity rises once the architecture meets production reality. A healthcare app that works in a controlled environment may still require substantial reengineering to function reliably across real provider systems.
The business stakes are high because interoperability is not a niche infrastructure concern.
Analyses suggest that improving interoperability could save the U.S. healthcare system on the order of $30 billion annually.
Regulators have responded by turning interoperability into a compliance expectation through measures such as the 21st Century Cures Act Final Rule and CMS prior authorization requirements. At the same time, the commercial ecosystem around EHR integration continues to grow rapidly, reflecting how central this capability has become to healthcare software.
But standards and APIs do not eliminate execution risk. Real healthcare environments are messy: modern FHIR endpoints layered over legacy HL7 interfaces, custom middleware connecting aging internal systems, and workflows built long before cloud-native standard.
A weak integration strategy can delay procurement, extend implementation timelines, introduce compliance risk, frustrate clinicians, and block deployment entirely. The stake is high.
SMART on FHIR, vendor APIs, or middleware. Which EHR integration approach is right for you?
Before writing a single line of integration code, you need to make an architectural decision that will shape everything that follows: which path you take to connect to the EHR.
The right approach depends on your product stage, your target EHR vendors, whether you need real-time data or batch access, and whether you are reading data, writing it back, or both. What matters is making that choice deliberately, not by default, and not after the product is already built.
There are three primary paths:
Integration path | Best for | Typical time to first connection | Key trade-off |
SMART on FHIR | Patient-facing apps, clinical dashboards, decision support tools | Weeks to months (plus vendor approval) | Standardized and portable, but not all data is accessible, and vendor implementations vary |
Vendor APIs (Epic, Oracle Health, etc.) | Deep EHR-specific workflows, write-back integrations, backend services | 3–12+ months including certification | Maximum depth and control, but every vendor is a separate ecosystem with its own approval process |
Middleware / integration platforms ( | Multi-EHR coverage, faster time to market, HL7 v2 environments | 4–6 weeks for initial deployment | Faster to scale across providers, but adds cost, a dependency layer, and has performance ceilings |
Most mature HealthTech products eventually use a combination of all three: SMART on FHIR for standardized read access, direct vendor APIs for deep workflow integration, and middleware to scale across providers without rebuilding from scratch for each hospital.
How does SMART on FHIR Work, and when should you use it?
If EHR integration has a modern default, SMART on FHIR it is.
SMART on FHIR combines FHIR for standardized healthcare data exchange with OAuth 2.0 for secure authentication. In practice, it allows third-party applications to connect to EHR systems, access clinical data, and, in some cases, launch directly inside the clinician's workflow.
That makes it healthcare's closest equivalent to a reusable integration standard. Instead of building a completely custom integration for every vendor, teams can build against a shared framework with some degree of cross-vendor portability.
How it works
The EHR authenticates the user and grants your application scoped access through secure tokens. FHIR provides structured resources such as Patient, Observation, Condition, or MedicationRequest. At the same time, SMART adds workflow context, for example, passing the active patient record when a clinician launches your app from inside the EHR.
When to use it
SMART on FHIR is usually the right starting point for:
patient-facing applications
embedded clinical dashboards
decision support tools
read-heavy integrations where portability matters
Where it falls short
Not all clinical data is exposed through FHIR, vendor implementations differ, and production environments often behave differently from sandboxes. It also becomes less practical for write-heavy workflows such as creating notes, submitting orders, or supporting high-volume transactional operations.
SMART on FHIR is best seen as the modern entry point for EHR integration, but not as a complete interoperability strategy.
How do Epic and Oracle Health APIs actually work?
While SMART on FHIR offers standardization, vendor APIs offer depth.
If your product requires deeper workflow integration, such as write-back to clinical systems, proprietary functionality, or access beyond standard FHIR resources, direct vendor APIs are often necessary. The trade-off is complexity. Every major EHR vendor has its own ecosystem, approval process, certification requirements, and production access rules.
Epic runs its integration ecosystem through App Orchard, its controlled developer and certification platform. In practice, that means registering in the developer portal, defining your use case, building in the sandbox, and completing validation before production access is approved. Oracle Health (formerly Cerner) follows a similar model, but with one important difference: approval does not always guarantee deployment. Even after platform approval, individual hospitals may still need to configure and activate the integration locally, adding complexity for multi-provider products.
Regardless of vendor, the same realities tend to surface:
documentation is often incomplete or inconsistent
FHIR coverage may be limited, forcing proprietary integrations
approval and security review timelines move slowly
production environments behave differently from sandboxes
Vendor APIs provide deeper control, but at the cost of slower timelines, lower portability, and significantly more operational overhead.
What is middleware, and when does it make more sense?
Middleware acts as an interoperability layer between your application and the EHR. Instead of building separate integrations for every vendor, protocol, or hospital environment, your product connects once to the middleware platform, which handles translation, normalization, and vendor-specific communication underneath.
Common platforms include Redox, Rhapsody, Health Gorilla, Particle Health, Leyr, and custom-built integration layers.
When middleware makes sense
Middleware is often the pragmatic choice when speed and breadth of interoperability matter more than direct control.
It works especially well when you need to:
support multiple EHR vendors quickly
handle mixed standards such as FHIR, HL7 v2, X12, and proprietary formats
reduce vendor-specific engineering complexity
onboard providers already connected to the middleware network
accelerate time to market for early-stage products
The trade-offs
Middleware solves real integration problems, but it comes with clear compromises:
Higher long-term cost. Most platforms charge per connection, transaction, or usage tier. What feels efficient early can become expensive at scale.
Less architectural control. You gain abstraction, but lose direct visibility and flexibility across parts of the integration stack.
Vendor dependency. Your roadmap becomes partially tied to a third-party platform’s capabilities, pricing, and product decisions.
Performance constraints. High-volume, latency-sensitive, or deeply transactional workflows often perform better with direct integrations.
For many HealthTech companies, the most effective architecture is a hybrid approach: middleware handles faster onboarding and standardized interoperability workflows, while direct vendor APIs support workflows where performance, control, or deeper EHR functionality matter more.
Why do legacy systems break EHR integrations?
Modern FHIR APIs get most of the attention, but they represent only part of the integration reality. A typical hospital IT environment is rarely a clean interoperability stack. More often, it is a layered ecosystem where modern APIs coexist with legacy HL7 v2 interfaces, custom middleware, on-premise infrastructure, and heavily modified workflows built over years of operational adaptation.
An integration strategy built around FHIR alone will eventually hit infrastructure that works very differently.
HL7 v2 is still everywhere
Despite the industry’s push toward FHIR, HL7 v2 remains the operational backbone of healthcare data exchange. Often described as the “workhorse” of interoperability, it is still used by the vast majority of U.S. healthcare organizations and underpins essential workflows such as patient admissions, lab reporting, clinical orders, and billing. So even if your product is built around modern FHIR APIs, it will often need to coexist with HL7 v2 somewhere in the real-world workflow.
Same vendor does not mean same environment
Two hospitals may both run Epic or Oracle Health and still behave like entirely different integration targets. Years of customization create site-specific environments with local code systems, vendor-specific configuration differences, custom data fields, and workflow rules that rarely align with standard documentation. That is why an integration that works at one hospital may still require significant rework at the next.
Real healthcare data is messy
Production data is far less predictable than sandbox environments suggest. Missing fields, duplicate patient records, inconsistent identifiers, terminology mismatches, and malformed HL7 messages are routine integration issues.
Real-time is often an illusion
Many modern HealthTech products assume live access to clinical data but hospital systems still often rely on scheduled batch processing instead – hourly syncs, nightly exports, delayed reconciliation jobs. That means the “current” data your application receives may already be hours old.
Mapping never really ends
One of the hardest challenges is translating between fundamentally different data models. HL7 v2 is message-based and event-driven, whereas FHIR is resource-based and API-driven. Bridging the two requires ongoing mapping between message segments, standardized resources, local code systems, and vendor-specific implementations. And that work is never truly finished. Hospital upgrades, workflow changes, and vendor reconfigurations regularly break assumptions your integration depends on.
What does EHR integration actually look like step by step?
A real EHR integration is a sequence of product, vendor, compliance, and infrastructure decisions, and mistakes made early tend to get expensive later.
1. Define the integration scope
Before writing code, be clear about what your product actually needs.
Do you only need to read clinical data, or write information back into the EHR?
Does the workflow depend on real-time access, or will batch data suffice?
Which EHR systems do your target customers actually use?
This is also the point to validate the workflow itself. Building integration for a product clinicians will not use is one of the most expensive forms of premature optimization.
2. Choose the right integration path
The integration method should follow the use case.
SMART on FHIR works well for read-heavy, standards-based integrations.
Vendor APIs make more sense for deeper workflow control or write-back.
Middleware is often the fastest route when supporting multiple EHRs or mixed legacy environments.
The wrong architecture here creates problems later.
3. Start vendor access early
Approvals are often the biggest bottleneck. Vendor ecosystems involve reviews, certification, and production access processes that can take months.
The practical rule: start approvals earlier than feels necessary.
4. Build for production, not sandbox success
Production systems enforce stricter authentication, different permissions, slower approval processes, and messier data than the sandbox environment. Authentication should be implemented properly from the start, with secure token management, scoped access controls, and support for production-grade security requirements.
5. Normalize the data
Clinical data varies by EHR vendor, hospital, and standard. Patient IDs may not match, records may be incomplete, and terminology can differ across sites. If your product connects to multiple EHRs, you need an internal data model that can handle those differences without rebuilding each integration.
6. Design for failure
Production integrations fail in predictable ways: expired tokens, API rate limits, malformed HL7 messages, missing data, timeouts, and vendor outages. Resilience needs to be built in from the start, including retry logic, graceful degradation, fallback behavior, and clear rules for when the product can safely operate without live data.
7. Test in real environments
Before launch, test against staging or UAT environments with realistic data and production-like constraints. Passing a FHIR conformance test does not guarantee real-world interoperability.
8. Monitor and maintain
Deployment is the start of the operational lifecycle. Monitor latency, failures, token behavior, and data quality continuously. Maintain audit logging, incident response processes, and active vendor monitoring, because EHR APIs, certification rules, and hospital configurations change regularly.
What are the most common EHR integration mistakes, and what do they actually cost?
Most EHR integration failures stem from predictable assumptions: treating standards as guarantees, mistaking sandbox access for production readiness, or designing for ideal infrastructure rather than hospital reality.
Mistake | What Actually Happens | How to Avoid It |
Assuming FHIR guarantees interoperability | FHIR is a standard, but vendor implementations differ significantly. The data your product needs may be unavailable, incomplete, or exposed through non-standard extensions. Teams often discover this after months of development, forcing major rework. | Test against the target vendor’s actual FHIR environment before building. Verify which US Core profiles and resources are truly supported during discovery, not after implementation. |
Treating sandbox success as production readiness | A working sandbox demo creates false confidence. Production deployment often requires certification, security review, contractual approval, and site-level activation. Enterprise deals stall while approvals catch up. | Start production approval processes early — especially for ecosystems like Epic App Orchard. Treat sandbox validation as technical feasibility, not commercial readiness. |
Ignoring the rest of the hospital technology stack | The primary EHR rarely tells the whole story. Labs, radiology, pharmacy, and billing systems may depend on separate vendors and older interoperability standards such as HL7 v2. Missing those dependencies often breaks implementation timelines. | Map the broader hospital ecosystem during discovery. If HL7 v2 or mixed environments are likely, plan for them early or use middleware that can absorb that complexity. |
Building one-off integrations for every hospital | Even hospitals running the same EHR vendor often have unique configurations, local code systems, and workflow customizations. Teams that hardcode per-site logic quickly create an integration architecture that does not scale. | Build a reusable abstraction layer. Treat hospital differences as configuration problems — not reasons to fork the product. |
Failing to design for outages and degraded operation | EHR APIs fail. Tokens expire. Rate limits are hit. Vendor updates break assumptions. Without fallback behavior, failures happen during live clinical workflows, damaging trust with users. | Build resilience from day one: retry logic, token refresh automation, graceful degradation, cached read-only modes, and clear fallback workflows. |
How to choose the right EHR integration approach for your product
The right choice depends on your product stage, deployment model, data requirements, and compliance constraints. The most common mistake is designing for an ideal future state rather than the product you have today.
1. What stage is your product at?
Your integration strategy should match product maturity.
Pre-seed / early seed: Do not overbuild. If you are still validating the workflow, manual entry, CSV uploads, or patient-reported data may be enough.
Seed / Series A: Integration often becomes commercially necessary. Start with one or two EHRs your target customers actually use.
Scaling: One-off integrations stop working. Multi-EHR support, vendor certification, and hybrid architectures become more relevant.
2. Are you integrating with one provider or many?
A single-provider pilot can often work with direct SMART on FHIR or vendor APIs.
If your product needs to support multiple health systems, separate integrations for every customer will not scale. Middleware or a reusable interoperability layer becomes the more practical path.
3. What kind of access do you need?
If your product needs... | Start with... |
Read-only patient data | SMART on FHIR |
Embedded dashboards or contextual tools | SMART on FHIR |
Multi-provider interoperability | Middleware |
Write-back into clinical workflows | Vendor APIs |
High-volume or latency-sensitive workflows | Direct APIs or hybrid architecture |
Reporting or analytics | FHIR Bulk Data or HL7 feeds |
If your product depends on real-time data, validate that the hospital infrastructure can actually support it.
4. What compliance burden comes with it?
The moment protected health information enters your system, compliance becomes part of the architecture.
That typically means:
encryption in transit and at rest
audit logging
role-based access controls
If your AI or ML systems use clinical data, apply the minimum necessary principle: access only the data you actually need.
The best integration strategy is not the most ambitious one. It is the one that fits your product’s current reality without creating unnecessary complexity too early.
When does EHR integration require an external partner?
Most capable engineering teams can learn FHIR, implement OAuth flows, and get a sandbox integration working. The harder part is everything around it. You need to handle vendor approval processes, HL7 v2 environments that behave nothing like the documentation, HIPAA architectures that enterprise procurement will actually sign off on. That knowledge comes from repetition across real hospital deployments, and the first time through is almost always slower than teams expect.
Bringing in a healthcare software partner makes sense when:
Your team is tackling EHR integration for the first time. First implementations almost always take longer than expected, and early architectural mistakes tend to become long-term technical debt.
You need multi-EHR support quickly. Supporting Epic, Oracle Health, Meditech, and legacy HL7 environments simultaneously is rarely realistic for a startup team without prior interoperability experience.
Legacy systems are part of the scope. FHIR expertise alone is not enough when hospital infrastructure still depends on HL7 v2, custom middleware, or heavily modified workflows.
Compliance is part of the sales process. Enterprise health systems often expect mature HIPAA security architecture and sometimes broader security certifications before procurement moves forward.
A commercial opportunity depends on speed. If an enterprise pilot or customer contract depends on integration, delays become a business problem, not just an engineering one.
Your current integration is already breaking. EHR vendors update APIs and certification requirements regularly, and integrations without active maintenance degrade silently, often at the worst possible moment.
The real question is whether you can absorb the timeline of building this expertise internally, and whether a delayed or failed integration is a risk the business can take right now.
Key Takeaways
EHR integration needs to be an architectural decision from the very beginning. Compliance requirements, vendor approval timelines, and data normalization challenges don't wait until you're ready for them.
SMART on FHIR is the right starting point for most products. It handles read-heavy, standards-based workflows well. Other technical situations like write-back or deeply proprietary workflows will eventually require direct vendor APIs or a hybrid approach.
Middleware gets you to market faster across multiple EHRs, but platforms like Redox charge per connection and per transaction. What is efficient at the scale of ten hospitals becomes a meaningful cost when applied to fifty.
A working sandbox demo is not production readiness as we define it. Most important elements, Epic App Orchard certification, security reviews, and site-level hospital activation, happen after sandbox validation. Each one can stall an enterprise deal that looked done.
HL7 v2 still underpins the majority of U.S. hospital data exchange. An integration strategy built around FHIR alone will eventually break against real hospital infrastructure.
EHR integration FAQ
)
Piotr Zając
HealthTech Director at Monterail
Piotr, Monterail’s Director of HealthTech brings over 15 years of entrepreneurial leadership and strategic innovation to the MedTech and HealthTech sectors. Piotr has demonstrated exceptional ability to build and scale healthcare solutions. Former President of EO Poland, part of the world's largest entrepreneur network. Combining his entrepreneurial background with Management 3.0 principles, Piotr specializes in helping organizations drive sustainable innovation in the rapidly evolving HealthTech landscape.
