FHIR Works on AWS

What does this AWS Solutions Implementation do?

FHIR Works on AWS is an open source software toolkit that facilitates the transferal of health data between providers; irrespective of the software systems, data standards, exchange interfaces, and outputs involved. It implements a serverless FHIR API that supports FHIR resource types and operations to help healthcare providers leverage the FHIR standard to manage healthcare records.

Support of over 120 FHIR resources

FHIR Works on AWS currently supports over 120 FHIR resources (out of approximately 140), with strong support in the clinical and financial context. Support for additional resources is being added over time.

Role-based access control for operations and resources

Access control is an important way to protect data from unauthorized access and accidental or malicious modification. FHIR Works on AWS enables role-based access control to restrict which data users can access, and what operations they can perform.

Extensibility to connect to existing databases and systems

Storing resource data in an internal database is an important use case for FHIR interfaces. Additionally, developers can extend FHIR Works on AWS to act as a façade for existing databases and legacy systems using its pluggable integration framework.

Example implementation for development purposes

This solution helps software engineers, system integrators, and healthcare information technology teams to enhance their own products. Teams can review the documentation on the GitHub repository and incorporate the code into their own solutions. The framework also allows them to customize elements and replace parts of the solution with their own.

AWS Solutions Implementation overview

The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation template.

FHIR Works on AWS | Architecture Diagram

Click to enlarge

FHIR Works on AWS Solutions Implementation architecture

The AWS CloudFormation template deploys the serverless infrastructure necessary to serve FHIR HTTPS requests. This includes the following:

One Amazon Cognito user pool, domain, and client to authenticate the requesting user’s identity and determine which group the user is in.
One Amazon API Gateway toroute the request to a Lambda function. The API Gateway also has an Amazon Cognito authorizer to confirm the request has a valid access_token created by this stack’s Amazon Cognito user pool.
Two AWS Lambda functions. One to process FHIR requests, routing them to the correct persistence layer, either Amazon Simple Storage Service (Amazon S3) for unstructured FHIR resources, Amazon DynamoDB for create, read, update, delete (CRUD) operations or Amazon ElasticSearch Service (Amazon ES) for all search operations. Another to read updates from the FHIR resource DynamoDB table and stream those changes to Amazon ES.
One FHIR Resource DynamoDB table to store all structured FHIR resources, which after a write operation streams the update to the Amazon ES domain.
One Amazon ES domain to support FHIR searching requests.
One Amazon S3 bucket to hold FHIR binary resources, such as unstructured data, X-rays, and raw notes.
Four AWS Key Management Service (AWS KMS) keys to encrypt DynamoDB, Amazon S3, Amazon CloudWatch Logs, and the Amazon ES domain.