Clinical data access through FHIR

ClinicalBridge is a middleware platform that retrieves structured and unstructured clinical data from EHR systems using HL7 FHIR R4 APIs. It runs within the healthcare organization's network and operates in a strictly read-only capacity.

What it does

ClinicalBridge provides authorized users with a single interface for querying clinical data — lab results, medications, diagnoses, clinical notes, procedures, and more — without direct EHR navigation. It's built for healthcare organizations that need programmatic access to patient records for care coordination, quality reporting, and research workflows.

Key characteristics:

  • Read-only. Retrieves data but never writes to, modifies, or deletes EHR records.
  • On-premises. Runs entirely within the organization's network. No patient data leaves the institutional environment.
  • No data persistence. Clinical data is fetched on demand and not stored in any database, cache, or log file.
  • Organization-controlled. Authentication, authorization, and data governance are managed by the deploying institution.
  • Standards-based. HL7 FHIR R4, OAuth 2.0, SMART Backend Services. No proprietary protocols.

FHIR resource scope

ClinicalBridge requests read-only access to the following FHIR R4 resource types. The deploying organization can restrict scope further based on institutional policy.

During development and testing, ClinicalBridge connects exclusively to Epic's Open FHIR Sandbox, which contains only synthetic data. No real patient information is accessed.
ResourceAccessData
PatientRead, SearchDemographics, identifiers
ObservationSearchLab results, vital signs
MedicationRequestSearchActive medications
ConditionSearchDiagnoses, problem list
AllergyIntoleranceSearchAllergies, adverse reactions
DocumentReferenceSearchClinical note metadata
BinaryReadClinical note content
EncounterSearchVisit history
DiagnosticReportSearchRadiology, pathology
ProcedureSearchProcedures, surgeries
ImmunizationSearchVaccinations

Security and compliance

ClinicalBridge operates within a HIPAA-covered entity's existing compliance framework. It runs on the organization's infrastructure and does not persist or transmit PHI externally.

  • All API traffic encrypted via TLS 1.2+
  • Authentication delegated to the organization's identity provider
  • Operational logs do not contain PHI; patient identifiers are masked
  • Rate limiting and input validation at the application layer
  • No third-party analytics, advertising, or tracking

Contact

General inquiries: loading...
Privacy questions: loading...

Privacy Policy

Last updated: March 2026

1. Overview

ClinicalBridge is a clinical data accessibility platform that operates within a healthcare organization's infrastructure. This policy describes how the platform handles data when deployed.

2. Data accessed

ClinicalBridge retrieves clinical data through FHIR R4 APIs provided by the organization's EHR system. This may include patient demographics, lab results, medications, diagnoses, clinical notes, encounter history, procedures, immunizations, and diagnostic reports. All access is read-only.

3. Data not collected or stored

ClinicalBridge does not maintain a database of patient information. Clinical data exists only transiently during active sessions.

4. Authentication

User authentication and authorization are managed entirely by the deploying organization through their existing identity provider. ClinicalBridge does not store passwords or manage user accounts.

5. Sandbox environment

During development, ClinicalBridge connects exclusively to Epic's Open FHIR Sandbox, which contains only synthetic test data.

6. HIPAA

ClinicalBridge operates as a component within the covered entity's infrastructure. It does not independently store or transmit PHI outside the organization's secured environment. Data governance is the responsibility of the deploying institution.

7. Logging

Operational logs record API request metadata (timestamps, resource types, response codes) for audit purposes. Logs are stored within the organization's infrastructure and do not contain PHI. Patient identifiers are masked.

8. Third parties

ClinicalBridge does not share data with third-party advertising, analytics, or tracking services.

9. Changes

This policy may be updated to reflect platform changes or regulatory requirements. Revisions will be noted with an updated date.

10. Contact

Questions: loading...

Terms of Service

Last updated: March 2026

1. Acceptance

By deploying or using ClinicalBridge, you agree to these terms. If deploying on behalf of an organization, you represent authority to bind that organization.

2. Description

ClinicalBridge is a clinical data accessibility platform providing a standards-based interface for querying clinical data from EHR systems via FHIR R4 APIs. It operates read-only and is deployed within the organization's network.

3. Authorized use

The platform is intended for authorized healthcare professionals and researchers. Users must comply with their organization's data access policies, HIPAA regulations, and IRB requirements where applicable.

4. Data governance

The deploying organization is responsible for access controls, audit review, and regulatory compliance. ClinicalBridge provides supporting technical controls but does not replace institutional governance.

5. Clinical disclaimer

ClinicalBridge is not a medical device. It does not provide clinical decision support, diagnostic, or treatment recommendations. Data retrieved should be verified against the source EHR before clinical use.

6. Intellectual property

The platform's architecture, design, and implementation are proprietary. Users may not reverse engineer, decompile, or create derivative works.

7. Limitation of liability

ClinicalBridge is provided "as is" without warranties. We are not liable for indirect, incidental, special, or consequential damages arising from use of the platform.

8. Availability

Platform availability depends on connected EHR systems' FHIR APIs, which are outside our control. We do not guarantee uninterrupted access.

9. Modifications

We may modify these terms at any time. Continued use constitutes acceptance.

10. Governing law

These terms are governed by the laws of the State of Ohio.

11. Contact

Questions: loading...