SMART ON FHIR
HEALTHCARE
SMART App on FHIR is a healthcare interoperability provider that enables secure access to electronic health records and clinical data using the SMART on...
from langchain_mcp_adapters.client import MultiServerMCPClient
from scalekit import ScalekitClient
client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="customsmartfhir")
mcp = MultiServerMCPClient({
"customsmartfhir": {
"url": "https://mcp.scalekit.com/customsmartfhir",
"headers": {"Authorization": "Bearer " + token}
}
})
tools = await mcp.get_tools()import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";
const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "customsmartfhir" });
const openai = new OpenAI();
// Connect to MCP at https://mcp.scalekit.com/customsmartfhir
// Pass: Authorization: Bearer + tokenimport Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";
const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "customsmartfhir" });
const anthropic = new Anthropic();
// Connect to MCP at https://mcp.scalekit.com/customsmartfhir
// Pass: Authorization: Bearer + tokenfrom google.adk.agents import LlmAgent
from scalekit import ScalekitClient
client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="customsmartfhir")
# Connect to MCP at https://mcp.scalekit.com/customsmartfhir
# Pass: Authorization: Bearer + token// shared token
audit → bot_service_account
// scalekit
audit → user_abc ✓Does the agent access SMART App on FHIR as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.
Where is the SMART App on FHIR token stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.
Can I limit what the agent is allowed to do in SMART App on FHIR?
Yes. Pass a tool name filter to listScopedTools so the AI agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches SMART App on FHIR.
What happens when a user revokes SMART App on FHIR access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.
How is patient data protected under SMART on FHIR?
Every FHIR read and write runs inside the authorizing clinician's SMART scopes, so EHR access rules apply per call. Scalekit vaults the token, enforces scopes pre-call, and logs each access for compliance review.