Executive Summary
A US-based digital health startup set out to solve one of healthcare's oldest frustrations: patients can't see all their health data in one place. Their records are trapped across multiple hospitals, clinics, labs, and specialists — each running a different EHR system.
We built a security-first patient health record platform that connects to 12 major US EMRs via FHIR R4 APIs, aggregates clinical data into a unified patient record, and delivers AI-powered health insights — medication interaction alerts, care gap detection, and personalized health recommendations.
The result: patients see their complete health picture in one app for the first time. Providers get a unified view of patients who receive care across multiple systems.
The Problem: Your Health Data Is Everywhere Except Where You Need It
The average American sees 7 different healthcare providers over a 3-year period. Each provider uses a different EHR system. The patient's data is fragmented across all of them — and none of these systems talk to each other by default.
Real Patient Scenario
Sarah, 52, manages hypertension and early-stage diabetes. Her data is spread across:
- Primary care: athenahealth — annual checkups, medication management
- Cardiology: Epic — heart monitoring, stress tests, echocardiograms
- Endocrinology: Cerner — A1C tracking, insulin adjustments
- Lab work: Quest Diagnostics via Meditech — blood panels every 3 months
- Urgent care: NextGen — visited twice for acute issues
When Sarah's cardiologist wants to adjust her blood pressure medication, they can't see her latest A1C from endocrinology. When her PCP prescribes a new medication, they don't know about the cardiac drugs the cardiologist added last month. The risk is real: drug interactions, duplicate tests, missed diagnoses.
What Existing Solutions Missed
- Patient portals only show data from ONE health system — not a unified view
- Health Information Exchanges (HIEs) are provider-focused, not patient-facing
- Apple Health / Google Health import limited FHIR data but don't offer AI analysis or provider collaboration
System Architecture
Architecture Principles
We designed the platform around three principles: patient-controlled access (patients decide which systems share data), zero-trust security (every request authenticated, every access logged), and FHIR-native storage (no proprietary data models).
Layer by Layer
Presentation Layer: React Native mobile app (iOS + Android) for patients. React web portal for providers. Both share the same API layer — consistent data, different views based on role.
Authorization Layer: SMART on FHIR + OAuth 2.0 with PKCE. Each EHR connection requires explicit patient consent. Patients can revoke access to any system at any time. Every authorization event is audit-logged.
Integration Layer: 12 EHR-specific FHIR connectors, each handling the quirks of that vendor's API — different pagination styles, different resource coverage, different rate limits. Connection manager handles credential refresh, retry logic, and circuit breaking.
Data Layer: PostgreSQL with FHIR R4 resource storage. Every record tagged with source EHR, retrieval timestamp, and data provenance. No data is modified from source — we store exactly what each EHR provides, then normalize a read-only unified view on top.
Intelligence Layer: AI recommendation engine analyzing the unified record for drug interactions, care gaps, risk predictions, and treatment adherence patterns.
Connected EHR Systems
| EHR System | Market Share | FHIR API | Key Data |
|---|---|---|---|
| Epic | 38% | App Orchard / Open Epic | Full clinical, imaging, notes |
| Oracle Health (Cerner) | 22% | Cerner Code / Ignite | Clinical, labs, medications |
| MEDITECH | 16% | MEDITECH as a Service | Inpatient, labs, pharmacy |
| athenahealth | 7% | athenaFlex | Ambulatory, billing, referrals |
| eClinicalWorks | 5% | FHIR R4 API | Ambulatory, labs, vitals |
| NextGen | 3% | NextGen FHIR | Specialty, ambulatory |
| Allscripts | 3% | Allscripts FHIR | Multi-specialty, ambulatory |
| Greenway Health | 2% | Intergy API | Primary care, pediatrics |
| DrChrono | 1% | DrChrono API | Small practice, telehealth |
| Practice Fusion | 1% | FHIR R4 | Small/medium practice |
| Veradigm (Allscripts) | 1% | Veradigm API | Specialty, data analytics |
| CPSI/TruBridge | 1% | TruBridge FHIR | Community hospital, rural |
Together, these 12 systems cover over 95% of the US EHR market.
AI-Powered Health Insights
What the AI Analyzes
With data from 12 EHRs unified into one record, the AI engine has a complete patient picture that no single provider has ever seen. It runs four analysis modules:
1. Drug Interaction Detection
Cross-references all active medications from all providers against drug interaction databases. Flags dangerous combinations that individual providers can't see because they only know about their own prescriptions. Uses RxNorm + FDB (First Databank) for interaction severity scoring.
2. Care Gap Detection
Identifies preventive care that's overdue: cancer screenings, vaccinations, annual tests. Compares patient's age, gender, conditions, and family history against USPSTF guidelines. Generates personalized reminders.
3. Risk Prediction
ML models trained on aggregated clinical data to predict risk of: hospital readmission (within 30 days), diabetes progression (A1C trajectory), cardiovascular events (Framingham-based + enhanced with multi-system data). Risk scores update in real-time as new data arrives from any connected EHR.
4. Treatment Adherence Tracking
Monitors prescription refill patterns, lab result trends, and appointment attendance across all providers. Identifies patients falling off treatment plans before it becomes a clinical crisis.
Chat With Your Data
Patients can ask natural language questions about their health records: "What medications am I taking?", "When was my last cholesterol test?", "Show me my blood pressure trend for the past year." The platform searches across all 12 connected EHRs and returns unified answers with source attribution.
The Transformation
Security-First Design
Compliance Framework
- HIPAA: AES-256 encryption at rest, TLS 1.3 in transit, comprehensive audit logs, BAA with all EHR vendors, annual penetration testing
- SMART on FHIR: OAuth 2.0 + PKCE for every EHR connection. Patient-authorized, revocable at any time. No credentials stored — only tokens with expiration.
- Zero Trust: Every API request authenticated. No implicit trust between services. Network segmentation between data stores and compute. All inter-service communication encrypted.
- Patient Consent: Granular toggle per data source. Patient can connect Epic but not Cerner. Can revoke any connection instantly — data from that source is soft-deleted within 24 hours.
- SOC 2 Type II: Certified. Annual audit by independent third party.
Technical Challenges
Challenge 1: 12 Different FHIR Implementations
FHIR R4 is a standard, but every EHR implements it differently. Epic's pagination uses link headers. Cerner uses query parameters. Some EHRs support 50+ resource types; others support 8. Rate limits vary from 10 req/sec to 1 req/sec.
Solution: Built an adapter pattern — each EHR has a dedicated connector class that normalizes pagination, error handling, rate limiting, and resource mapping. The rest of the system talks to a unified internal API, unaware of which EHR the data came from.
Challenge 2: Patient Identity Across Systems
Same patient, 12 different medical record numbers. No universal patient ID in the US. How do you know that "John Smith" in Epic and "John D. Smith" in Cerner are the same person?
Solution: Multi-factor probabilistic matching using demographics (name, DOB, SSN last 4, address, phone) + patient self-attestation. Confidence scoring with manual review queue for borderline matches. Once confirmed, identities are permanently linked.
Challenge 3: Real-Time vs. Batch Data
Some EHRs support webhooks (push). Most require polling (pull). Building a system that feels real-time when most data sources are batch-updated.
Solution: Hybrid approach. Webhook subscriptions where available (Epic). Intelligent polling for others — high-frequency for active patients (every 4 hours), low-frequency for stable patients (daily). Push notifications to patients when new data arrives from any source.
Challenge 4: Data Conflicts
Two EHRs list different allergies for the same patient. One says "Penicillin allergy — severe." The other has no allergy record. Which is correct?
Solution: We never auto-resolve clinical conflicts. The platform shows both records with source attribution and timestamps. It flags the discrepancy for the patient and their primary care provider. Clinical accuracy requires human judgment — the AI surfaces the conflict, humans resolve it.
Technology Stack
| Layer | Technology | Why |
|---|---|---|
| Mobile | React Native | Single codebase for iOS + Android, fast iteration |
| Web Portal | React + TypeScript | Provider-facing dashboard, type safety |
| Backend | Node.js (Express) | Fast async I/O for 12 concurrent EHR connections |
| Database | PostgreSQL | FHIR resource storage with JSONB, strong consistency |
| Cache | Redis | Session management, rate limiting, frequent queries |
| Auth | OAuth 2.0 + PKCE + SMART | Industry standard for FHIR EHR access |
| AI/ML | Python (scikit-learn, custom models) | Risk prediction, interaction detection, NLP for chat |
| Infra | AWS (HIPAA BAA) | US data residency, HIPAA-eligible services |
| CI/CD | GitHub Actions + Terraform | Automated deploys, infrastructure as code |
Results
| Metric | Result |
|---|---|
| EHRs connected | 12 (95% US market coverage) |
| Time to unified view | Under 30 seconds from consent to data |
| Drug interactions flagged | 23% of patients had at least one cross-provider interaction invisible to any single provider |
| Care gaps identified | 40% of patients had overdue preventive screenings |
| Patient engagement | 68% weekly active usage (vs. 11% for typical patient portals) |
| Data accuracy | 99.7% successful identity matching across systems |
Timeline
| Phase | Duration | Deliverables |
|---|---|---|
| Phase 1 | 2 months | Architecture, Epic + Cerner integration, patient app MVP, identity matching |
| Phase 2 | 2 months | +4 EHRs (athena, MEDITECH, eCW, NextGen), AI engine v1, provider portal |
| Phase 3 | 2 months | +6 EHRs, chat-with-data, SOC 2 audit, production launch |
Lessons Learned
- 95% coverage beats 100% perfection. Connecting 12 EHRs covers 95% of US patients. The last 5% would require 50+ more integrations. Ship what matters most.
- Patients care about insights, not raw data. Nobody wants to read FHIR JSON. The drug interaction alerts and care gap reminders drove 6x more engagement than the raw record viewer.
- Trust is earned in layers. Most patients connected 1-2 EHRs initially, then added more over weeks. The onboarding flow was designed for progressive trust-building, not all-at-once.
- Provider buy-in came from the data. When cardiologists saw drug interactions they couldn't have known about, they became advocates for the platform.
Share
Related Case Studies
AI-Powered Personalized Oncology Treatment Platform: A Technical Case Study
Building an AI-Powered Pain Management Platform: A Technical Case Study
