Epic EHR Integration Services
Production-tested integrations with Epic FHIR R4, SMART on FHIR, CDS Hooks, and Epic Interconnect — navigating the vendor-specific nuances that general developers miss.
The Challenge
Epic's FHIR Implementation Has Vendor-Specific Nuances That Break Standard Approaches
Epic is the dominant EHR in US health systems, powering over 35% of hospital beds. If you are building a healthcare application for US enterprise hospitals, you are building an Epic integration — there is no practical alternative. The challenge is that Epic's FHIR R4 implementation, while broadly conformant to the US Core profiles, has significant vendor-specific behaviours that catch developers without direct Epic experience off guard. Epic's patient matching algorithm is non-standard — it uses a combination of identifiers in a specific priority order that differs from the base FHIR $match operation. Epic's OAuth 2.0 backend service authentication for system-level access uses a JWT-based flow with specific signing requirements. Certain FHIR search parameter combinations that are valid per the specification return errors on Epic's server. Epic's SMART on FHIR sandbox is more permissive than production — behaviours that work in sandbox fail in hospital production environments with specific Epic configurations. I have lived in Epic's developer documentation, worked through Epic's support queues, and shipped production Epic integrations. The vendor-specific knowledge I carry prevents months of debugging and failed sandbox-to-production transitions.
Deliverables
Epic Integration Capabilities
- Epic FHIR R4 API integration — all US Core R4 profiles: Patient, Practitioner, PractitionerRole, Organization, Location, Encounter, Condition, AllergyIntolerance, Immunization, MedicationRequest, Observation, DocumentReference, DiagnosticReport, Procedure, ServiceRequest
- Epic SMART on FHIR application development — EHR launch mode for embedded clinical apps and patient-facing launch mode for consumer apps — OAuth 2.0 PKCE implementation with Epic-specific scope handling
- Epic backend service integration (system-level access) — JWT-based authentication, non-interactive API access for bulk data retrieval and system-to-system integration
- CDS Hooks server development for Epic — patient-view, order-select, and order-sign hooks with clinician-facing decision support cards integrated directly into Epic's workflow
- Epic Interconnect web service integration — HL7 v2 messages and XML web services for systems where Epic's FHIR API coverage is incomplete
- Epic Bulk FHIR ($export) implementation — asynchronous population-level data extraction for analytics, quality reporting, and value-based care programs
- Epic App Orchard application development and submission support — scoping the FHIR access requirements, building the required security architecture, and preparing the technical documentation for Epic's review
- Epic-to-Azure integration architecture — ingesting Epic data into Azure Health Data Services, Azure SQL, or Cosmos DB for downstream analytics and AI
- Epic FHIR subscription implementation — real-time event notifications for patient admission, discharge, and order events
Stack
Technology Stack
Process
Epic Integration Delivery
A clear, predictable engagement model with no surprises.
Epic Environment Access & Scoping
Navigate the Epic developer access process — Community Member access request, SMART on FHIR app registration, and sandbox environment setup. Define the exact FHIR resource types, search parameters, and write-back capabilities needed. Map Epic's FHIR API coverage against your requirements and identify any gaps that require Interconnect fallback.
Authentication Architecture
Design the authentication layer for your access pattern — SMART on FHIR EHR launch, patient standalone launch, or backend service access. Each requires a different implementation. Epic's backend service authentication in particular has specific JWT signing requirements that differ from standard OAuth 2.0 client credentials.
Integration Build & Epic-Specific Testing
Build the integration with specific test cases designed around Epic's known vendor behaviours — patient matching edge cases, search parameter combinations that Epic's server handles differently from the specification, and the specific error response formats Epic returns for various error conditions.
Sandbox-to-Production Validation
The most critical phase. Validate every integration path in Epic's production-equivalent sandbox (or a pre-prod Epic environment if your customer provides access). The differences between Epic's public sandbox and a hospital's production Epic configuration are significant and must be tested explicitly.
App Orchard Review Support (if applicable)
Prepare the App Orchard application package — security questionnaire, integration documentation, user-facing privacy policy, and FHIR access scope justification. Support the review process, respond to Epic's feedback, and navigate the back-and-forth that typically takes 4–8 weeks.
FAQ
Frequently Asked Questions
Need to Integrate with Epic?
Book a free 30-minute call. We'll review your Epic integration requirements and plan a realistic timeline.
Response within 24 hours · No commitment required