Architectural references for the FHIR backend layer
Each paper takes one architectural problem end to end: the regulatory and clinical context, the design decisions, the FHIR resource shapes, the authorization rules, and the operating considerations. Free, no email gate, no PDF download required.
-
Build vs Buy: A Decision Framework for the FHIR Backend Layer
A vendor-neutral framework for deciding whether to build, assemble, or buy the FHIR backend a digital health product depends on, with a five-year cost model, a risk model, and a set of decision criteria that survive contact with regulated reality.
Read whitepaper → -
DiGA Technical Requirements Checklist for the Backend Layer
A practical English-language reference for the technical, security, and interoperability requirements the BfArM Fast-Track procedure places on the backend of a Digitale Gesundheitsanwendung (DiGA), with a checklist that maps each requirement onto an architectural decision a backend team has to make.
Read whitepaper → -
FHIR Authentication and Authorization Patterns for Production Workloads
Reference patterns for authenticating users, services, and AI agents against a FHIR backend, and for expressing the authorization rules that gate access to clinical data, with the trade-offs and failure modes that matter in production.
Read whitepaper → -
IEC 62304 and the Backend Layer: SOUP, Verification, and Lifecycle Evidence
How IEC 62304 applies to a server-side software component of a medical device, including software safety classification, SOUP management for the backend stack, verification activities the backend has to support, and the lifecycle evidence a notified body expects to see.
Read whitepaper → -
MCP for FHIR: An Architecture for AI Agents on Clinical Data
An architecture for exposing a FHIR backend to AI agents through a Model Context Protocol server, with the access boundary, audit, and operational patterns that keep clinical data safe under autonomous use.
Read whitepaper → -
Multi-Tenant FHIR Architecture: Pitfalls and Patterns
Architectural patterns for hosting multiple healthcare organisations on a single FHIR backend, with the failure modes that show up under regulatory scrutiny and the patterns that survive an audit.
Read whitepaper → -
Live Property Filtering Based on Identity Mapping with Fire Arrow
A practical reference architecture for serving different views of the same FHIR data set to different audiences. Covers the regulatory tension between comprehensive data capture and restricted access, how current FHIR servers handle multi-audience access, identity-based authorization with field-level property filters, search side-channel protection, and concrete configuration examples.
Read whitepaper → -
Multi-Tenant Access Control for Shared Healthcare Infrastructure with Fire Arrow
A practical reference architecture for multi-tenant authorization on a shared FHIR server. Covers organization-based tenant isolation, role differentiation within tenants, cross-organizational CareTeam access, server-side search narrowing, deny-by-default enforcement, and a concrete multi-clinic operating example.
Read whitepaper → -
Secure and Compliant Scheduling, Tracking, and Alerting for Patient Questionnaires with Fire Arrow
A practical reference architecture for patient questionnaire surveillance on top of FHIR. Covers questionnaire authoring, reusable monitoring protocols, CarePlan-based scheduling, Task materialization, completion tracking, response-based alerting, and access control.
Read whitepaper → -
Secure and Compliant Agentic Access to FHIR Data with Fire Arrow
A practical reference architecture for secure and compliant agentic access to FHIR data. Covers read-only assistant patterns, controlled write-back, privacy, de-identification, auditability, and an Azure-based reference deployment.
Read whitepaper →