Skip to content
Digital healthMachine learningMedical imagingtechnologyHealth

Guide on Creating a FHIR Server via HAPI FHIR or Azure API for FHIR

Streamlined Data Exchange Made Easy: FHIR, an acclaimed standardized protocol devised by HL7, tackles issues surrounding data interoperability. FHIR streamlines the manner in which information is shared.

 and  Administrator
13 min read
FHIR, a renowned standardized protocol devised by HL7, aims to mitigate issues surrounding data...
FHIR, a renowned standardized protocol devised by HL7, aims to mitigate issues surrounding data compatibility. It streamlines the exchange of information.

Guide on Creating a FHIR Server via HAPI FHIR or Azure API for FHIR

Last updated on June 13, 2025

FHIR, or Fast Healthcare Interoperability Resources, is a savvy standard protocol developed by HL7. FHIR simplifies the exchange and organization of healthcare data by breaking down complex information into standardized resources that resemble real-world entities such as Patients, Observations, or Medications. These resources have specified fields, and relationships for easier integration. FHIR is built upon RESTful APIs, making it intuitive and accessible to developers who are familiar with modern API development. This post will dive deeper into the FHIR server and its capabilities.

A patient's journey may comprise various doctors, hospitals, laboratories, pharmacies, and more, each with their own electronic systems. This leads to a fragmented storage and exchange of healthcare data in isolated silos. This disconnected approach to healthcare data management has detrimental consequences, such as:

  • Declining patient care: Doctors may lack comprehensive information about a patient's health history, leading to repeated tests, delayed diagnosis, and subpar treatment decisions.
  • Wasted time and resources: Healthcare teams spend considerable time copying information, entering redundant data, or trying to make custom connections between systems, which can take away valuable time that could be used directly for patient care or new ideas.
  • Heightened risks and red tape: Dealing with strict rules concerning patient privacy and security, like HIPAA or GDPR, becomes complex and expensive when sensitive data is distributed across numerous systems that don't follow the same criteria.

Introducing the FHIR server: the central hub for healthcare information

The FHIR server is the standard data language's interpreter and an essential component for FHIR's functionality. It is a secure, dedicated system built explicitly for storing, managing, validating, and providing healthcare information in FHIR format. A robust FHIR server offers the following capabilities:

  • Single Source of Information: By becoming the trusted, central repository for all FHIR-formatted data, the FHIR server ensures that the information is accurate across all connected applications and care pathways.
  • Secure, Standard Sharing: By offering functions through RESTful APIs, the FHIR server enables different healthcare applications to share sensitive data securely and in a standard way, such as electronic health records, patient portals, telehealth systems, or medical devices.
  • Structures Data: Before accepting new data, a FHIR server scrupulously checks it against set standards to guarantee incoming information follows the correct structure, format, and rules, actively preventing incorrect data from entering your system.
  • Stores Complete History: Healthcare data constantly changes. A smart FHIR server tracks each modification to a piece of information, keeping a complete and unchangeable history for audits, legal reasons, and managing complex tasks.
  • Maintains Security and Privacy: A FHIR server boasts strong, multi-layered security features, including detailed access controls, data encryption, and detailed activity logs. These measures ensure that sensitive patient information is safeguarded.

Harnessing the benefits of Azure FHIR Server

While the advantages of a FHIR server are apparent, maintaining it requires significant investment, including: equipment, highly specialized technical skills, continuous work, and vigilance against new threats and changing rules. As a result, a managed FHIR service in a cloud environment becomes tremendously valuable.

Microsoft Azure offers a FHIR service within Azure Health Data Services, tailoring modern healthcare data management challenges, allowing organizations to focus on providing the best patient care and driving medical innovation.

Choosing Azure FHIR Server: whyMicrosoft?

1. Focus on innovation, not IT management:Azure handles all operational duties as a PaaS (Platform-as-a-Service) solution, allowing your IT teams to build new patient applications and focus on strategic projects that boost patient outcomes and your organization's ROI.

2. Security and built-in compliance: Healthcare data demands the highest level of protection and compliance. Azure's FHIR service is designed with an in-depth understanding of strict healthcare regulations, including HIPAA and GDPR. It provides:

  • Strong access controls using industry standards like Microsoft Entra ID (formerly Azure Active Directory). Based on their roles, authorized people or applications can only see specific parts of the data.
  • Complete data encryption, protecting against unauthorized access both when it's stored (at rest) and when it's moving across networks (in transit).
  • Detailed activity logs that record every action with the FHIR service, helping organizations meet compliance rules and quickly investigate any security issues.
  • Features like Azure Private Link allow your internal systems to connect privately and securely to the FHIR service over Microsoft's highly protected network, greatly reducing exposure to the public Internet.

3. Flexible scaling:Healthcare organizations experience fluctuating data demands from busy periods during clinic hours to substantial data imports for research or mergers. Azure's FHIR service is flexible and can easily scale, automatically adjusting its computational power to handle diverse workloads, ensuring consistent high performance even during peak times. Its pay-as-you-go approach allows organizations to pay only for the computing resources they use, optimizing costs and avoiding burdensome upfront costs.

4. Future-proofing your investment: Microsoft's unwavering commitment to FHIR and healthcare data sharing is evident in its ongoing investment in Azure Health Data Services. By utilizing this managed service, your organization automatically benefits from continuous platform updates, new features, and guaranteed adherence to the latest FHIR standards without Significant internal work managing complex upgrades.

5. Collaboration and Coordinated Care: By adopting a standard FHIR server, your organization becomes a more integrated and appealing partner within the broader healthcare ecosystem. This makes secure data sharing with Health Information Exchanges (HIEs), other provider networks, vital research institutions, and innovative third-party healthcare applications built on open standards like SMART on FHIR effortlessly achievable. This ability to collaborate is essential for offering coordinated care, supporting large-scale public health initiatives, and participating in the evolving world of value-based care models.

When you build a solution with Azure's FHIR service, you typically combine several Azure components to create a comprehensive, secure, and scalable system for healthcare data:

  • FHIR Server: This is the core, managed part of the system (the FHIR service within Azure Health Data Services).
  • Apps/Clients: These are your web, mobile, or backend applications that send or receive FHIR data. They use OAuth 2.0 for secure access.
  • Data Integration & ETL: Azure services like Azure Data Factory, Logic Apps, or Azure Functions help you move and transform data from older systems (like HL7 v2, CDA, or CSV) into FHIR, or trigger actions based on changes in FHIR data.
  • Analytics & Business Intelligence: Tools like Azure Synapse Analytics, Azure Databricks, or Power BI use your FHIR data (often exported in large batches) for big-picture analysis, reports, and advanced insights.
  • Security Layer: On top of the FHIR service's built-in security, Azure AD, Azure Private Link, virtual networks, and firewalls create a robust defense and manage who can access what.
  • Monitoring and Logging: Azure Monitor and Log Analytics give you full control over checking API performance, errors, how the system is being used, and keeping detailed activity records.

Deploying a FHIR Server on Azure

Azure simplifies deploying a FHIR server, whether you're just starting or going live with a full system:

1. What You Need:- An active Azure account.- Permissions in Azure that let you create resources (like being a "Contributor" or "Owner" for a group of resources).

2. Turn On the Healthcare API:Before you set up a FHIR service, you need to tell your Azure subscription to allow the necessary services. You usually only do this once:

Bash

az provider register -namespace Microsoft.HealthcareApis

3. Deploy Your FHIR Service:You can do this through the Azure Portal (a web interface), using the Azure Command Line Interface (CLI), or with code templates like ARM or Bicep. Here's a CLI example:

Bash

az healthcareapis fhir create \

-resource-group myResourceGroup \

-name myFhirService \

-location eastus \

-kind fhir-R4 # Specify FHIR R4 version

This command creates a new FHIR server in the specified group and region.

4. Check If It's Working:Once it's deployed, you can check if your FHIR server is ready by looking at its /metadata endpoint. This is a special FHIR resource that tells you what the server can do:

Plaintext

GET https://

If it works, you'll get back a "CapabilityStatement" that confirms the FHIR version and the actions the server supports.

5. Secure Your Data:This is imperative. You'll set up Azure AD (Microsoft Entra ID) to control who can access your FHIR data. This involves:- Registering Your Apps: You'll register any application that needs to talk to your FHIR server (like a web app or mobile app) in Azure AD.- Giving Permissions (RBAC): You'll assign specific roles (like "FHIR Data Reader" or "FHIR Data Contributor") to people or programs that need access.- How Access Works (OAuth 2.0): When an app wants to connect to your FHIR server, it first gets an OAuth 2.0 access token (a digital key) from Azure AD. This key includes information about what the app is allowed to do (like "read patient data"). The app then includes this key in all its requests to the FHIR server. The FHIR server checks the key and makes sure the app has the right permissions.

For precise access control, especially for third-party or patient apps, use SMART on FHIR scopes. These allow apps to ask for access to only very specific data (e.g., just the patient's own record, or specific types of lab results).

Understanding Azure FHIR's capabilities

Azure API for FHIR offers advanced features essential for modern solutions:

Extracting Data

  • Bulk Import: You can efficiently upload large amounts of FHIR data or convert data from older formats like HL7 v2, CDA, or CSV using Azure Data Factory tools.
  • Bulk Export: This FHIR feature lets you pull out huge datasets (for research or analysis) in a standard format called NDJSON. You can export data for the whole system, specific groups, or individual patients.

Automatic Integrations (Event-Driven)

  • Azure Event Grid: You can set this up to get real-time notifications whenever a FHIR resource changes (like when a new patient is added or an old one is updated). This enables other systems to react instantly.
  • Azure Functions / Logic Apps: These serverless tools let you automate tasks based on FHIR events, like sending alerts, running data transformations, or carrying out custom actions automatically.

SMART on FHIR

  • Full support for the SMART (Substitutable Medical Applications and Reusable Technology) on FHIR specification. This facilitates the development of a secure, standards-based ecosystem of third-party applications that can easily integrate with your FHIR server, providing tailored patient and clinician experiences.

Tools for Developers

Azure provides a rich set of tools to help developers work more efficiently:- SDKs: Official software development kits are available for popular programming languages like .NET, Java, and JavaScript, making it simpler to build apps that talk to FHIR.- Postman Collections: Pre-built sets of API requests for Postman make it quick to test and explore the FHIR API.- FHIR Validator: These tools help ensure your FHIR data adheres to the rules and your custom settings, ensuring good data quality.- Sandbox Environments: You can easily set up isolated environments for trying out ideas, developing, and testing safely.

Security and Compliance

Security is paramount in healthcare. Azure API for FHIR is built with multiple layers of security to protect sensitive Protected Health Information (PHI). It provides:- Data Encryption: Your data is protected by encryption when it's sitting in storage (at rest) and moving across networks (in transit, using secure protocols like TLS 1.2+). You can even use your own encryption keys for more control.- Complete Activity Logs: Every action taken with the FHIR server (every time someone accesses, updates, queries, or deletes data) is recorded. These detailed audit logs are essential for meeting compliance rules and for figuring out what happened if there's ever a security issue.- Access Rules and Least Privilege: Access is strictly controlled using Azure's Role-Based Access Control (RBAC). This means people and applications are given only the bare minimum permissions.- Network Security: + Private Link: This allows private, secure connections from your Azure Virtual Networks directly to the FHIR service, completely bypassing the public internet. This significantly reduces potential points of attack. + Virtual Network (VNET) Integration: This lets the FHIR service talk securely with other resources inside your Azure VNET. + Firewall Rules: You can set up rules to restrict access to the FHIR service to only specific IP addresses or ranges.

Certifications for Compliance

Azure API for FHIR has been certified and meets major global and regional healthcare regulations and standards, including HIPAA, GDPR, HITRUST, ISO 27001, SOC 2, and more. This provides your organization with a strong foundation for meeting its compliance obligations.

Real-World Uses: Azure API for FHIR

  • Unified Patient Records: Merge patient data from various EHRs, lab systems, and medical devices into a cohesive patient record. This unified information aids in understanding population health, facilitating care coordination, and enhancing clinical decision-making.
  • Next-Gen Health Apps: Develop SMART on FHIR applications, like robust patient portals, advanced remote monitoring tools, secure medication management apps, or specialized tools for doctors. These apps connect securely across different healthcare systems and devices.
  • Advanced Analytics and AI: Feed the standardized FHIR data into potent analytical platforms, like Azure Synapse Analytics or Azure Databricks, or Azure Machine Learning projects. This enables sophisticated predictions about patient risk, quality improvements, and smarter healthcare operations.
  • Managing Research Data Safely: Safely manage and hide patient identifiers from large datasets for clinical trials, studies of real-world evidence, and academic research, ensuring privacy while speeding up scientific discoveries.
  • Automated Reports for Regulators: Generate mandatory reports automatically based on FHIR's structured data and the FHIR server's activity logs, simplifying paperwork for regulators and payers.
  • Better Care Coordination: Encourage secure data sharing between hospitals, clinics, specialists, and community health providers. This fosters truly connected care and results in better patient outcomes.

Best Practices for Azure FHIR

The following practices can help you make the most out of your Azure FHIR setup:- Use the Managed Service: Focus your engineering talent on building great applications rather than maintaining complex infrastructure. Take advantage of Azure's managed services.- Be Strict with Permissions (RBAC): Always give people and applications only the minimum permissions they need. Regularly check and review these roles.- Watch and Audit Constantly: Use Azure Monitor and Log Analytics to maintain an eye on performance, check security, and quickly respond to any issues.- Automate Everything: Utilize Infrastructure as Code (IaC) and CI/CD pipelines for consistent, repeatable, and error-free deployments of your systems.- Connect for Insights: Link your FHIR service to Azure Synapse, Power BI, or Azure Machine Learning tools to transform raw data into smart decisions and predictive models.- Plan for Growth: Design your solutions with FHIR's automatic scaling in mind and consider data partitioning strategies for very large amounts of data or for serving many different organizations.- Lock Your Network: Set up strong network security using Azure Private Link, virtual network integration, and precise firewall rules.- Check Your Data: Use FHIR Validator tools to make sure all data coming in and out of your system follows the rules and your custom settings, which helps maintain data quality.

The Future of Azure Health Data Services

Microsoft will retire the standalone Azure API for FHIR by September 30, 2026. The clear supported path for all customers is to move their existing systems to the FHIR service within Azure Health Data Services (AHDS). AHDS is Microsoft's unified platform for healthcare data, bringing together FHIR, DICOM (for medical imaging data), and MedTech services (for data coming from medical devices) into one integrated place. This evolution offers even better features and provides a more comprehensive approach to handle health data.

Simple Code Example: Using Your FHIR Server

Here's a quick example using curl to create and retrieve a Patient record from your Azure FHIR server. You'll need an access_token from Azure AD.

Creating a Patient Record:

Bash

curl -X POSThttps://

-H "Authorization: Bearer

Asking for a Patient Record:

Bash

curl -X GEThttps://

-H "Authorization: Bearer

Architecture Diagram (How It Works)

-------+ +------------- | Azure AD (Microsoft Entra ID) -----------+ | (Handles Logins & Permissions) ------------+ | Your Apps & Clients (Web, Mobile, Data) -------+-------+ | ^ | (Secure Key) (Checks Key) | |

| Azure Health Data Services (AHDS) FHIR Service|| +----------------------+

| | FHIR Server (Managed for You) |

| | - FHIR R4 Connection Point |

| | - Stores Your Data |

| | - Handles Data Actions (Create, Read, Search, Export, etc.) |

| | - Checks Data Quality |

| | - Keeps Data History |

| | - Security (Encryption, Activity Records) |

| +----------------------+| || | Other AHDS Services (Built-in)| | - DICOM Service (Medical Image Data) || | - MedTech Service (Gets Data from Medical Devices) || +----------------------+

A drawing of the architecture can be found here: https://developer.microsoft.com/en-us/graph/docs/concepts/azure_ad_app_architecture

What Is HAPI FHIR Server?

What is a HAPI server? It's a Java-based, open-source framework that thoroughly implements the HL7® FHIR® standard. It's widely used across the healthcare industry to build systems that exchange, store, and validate healthcare data.

Key Features of HAPI FHIR Server:

  • Open Source and Extensible: HAPI FHIR is freely available under the Apache 2.0 license, allowing extensive customization, and use in personal and commercial projects.
  • Comprehensive FHIR Implementation: It supports various FHIR versions (R4, R5, etc.) and provides a complete implementation of the FHIR specification, including RESTful operations (create, read, update, delete, search, history, etc.), terminology services, and validation.
  • Multiple Server Types:
    • Plain Server (Facade): This acts as a facade layer where you provide the backend data storage and retrieval logic, while HAPI FHIR handles the HTTP processing, serialization, and FHIR REST semantics. This is beneficial for integrating FHIR with existing data sources.
      • JPA Server: This is a full-fledged FHIR server implementation with its own database schema. It handles all storage and retrieval logic against a relational database (like PostgreSQL, MySQL, etc.) without requiring you to write custom data access code.
    • JAX-RS Server: A community-supported module for building FHIR servers based on JAX-RS.
  • Validation Tools: HAPI FHIR includes robust validation tools to ensure that FHIR resources conform to official FHIR profiles and implementation guides, helping maintain data quality and interoperability.
  • Terminology Services: It enables effective integration with standard code systems like SNOMED CT and LOINC, facilitating the proper handling and validation of medical terminologies.
  • Client API: While focusing on the server, HAPI FHIR also provides a client API for applications to interact with external FHIR servers.
  • Command-Line Tool (CLI): A command-line interface for managing FHIR resources, starting local FHIR servers, uploading terminologies, and migrating databases.
  • Deployment Flexibility: Can be deployed in various environments, including Windows, macOS, Linux, Docker, and cloud platforms

Real-World Use Cases

Here's how organizations are putting HAPI FHIR to work:

  • EHR Integration: Streamlining data exchange between multiple Electronic Health Record systems.
  • mHealth Apps: Powering mobile apps that give patients secure access to their health data.
  • Interoperability Projects: Enabling health data sharing between hospitals, labs, and public health agencies.
  • AI & Decision Support: Feeding structured data into clinical algorithms and machine learning models.
  • Research & Analytics: Aggregating clean, validated health data for population health dashboards and predictive insights.
  • Prototyping: Setting up test servers quickly to explore FHIR-based app development.

Seamless FHIR Integration with Our Website

At Our Website, we specialize in bridging the gap between legacy healthcare systems and modern interoperability standards. Our comprehensive HL7 and FHIR integration services are designed to seamlessly link disconnected EHRs, LIS, and other healthcare applications. We focus on making data more accessible, interoperable, and compliant with regulations like HIPAA and GDPR, without disrupting day-to-day operations. From HL7 v2 transformations to full-scale FHIR implementations, we build smart, future-ready solutions tailored to your needs.

Conclusion

Microsoft Azure provides an easy-to-use and highly secure way to promote healthcare data interoperability. By harnessing the power of managed services, robust security tools, and built-in analytics, your organization can build smart solutions that directly lead to better patient outcomes, powerful healthcare providers, and expedited vital research.

Frequently Asked Questions

What version of FHIR does Azure support?

The standalone Azure API for FHIR and the FHIR service within Azure Health Data Services currently support FHIR R4 (version 4.0.1).

Is Azure API for FHIR compliant with HIPAA?

Yes. Azure API for FHIR meets HIPAA, GDPR, HITRUST, and other major compliance standards. Microsoft also provides Business Associate Agreements (BAAs).

What is an open source FHIR server?

An open source FHIR server is a freely available, community-supported implementation of the FHIR standard that allows developers to store, manage, and exchange healthcare data. It is customizable, self-hosted, and can be extended to meet specific project needs.

Is the Python FHIR server different from Azure FHIR?

Yes. A Python FHIR server is suitable for testing, research, or small-scale projects. The Azure FHIR server is a fully managed, enterprise-grade solution designed for secure, scalable, and compliant healthcare data exchange.

  1. The FHIR server, a critical component of the FHIR standard, can integrate digital health data from different sources, breaking down the traditional silos in healthcare and enhancing the exchange and organization of health data.
  2. In the context of modern technology, machine learning algorithms can leverage the secure and standardized FHIR server data to analyze and predict health trends, thereby improving overall healthcare outcomes.
  3. Medical imaging data, when formatted and stored using FHIR, can be easily accessed, shared, and analyzed across various healthcare institutions, fostering collaboration and progress in diagnostics and treatment.

Read also:

    Latest