bene : studio is a global consultancy, helping startups, enterprises and HealthTech companies to have better product

Navigating the complexities of Epic and Cerner EHR Systems

What is Epic and Cerner? 

Epic and Cerner are two leading Electronic Health Record (EHR) systems utilized extensively in hospitals and medical facilities. EHR is a digital system designed to store comprehensive patient information, including medical history, surgical records, medication details, and other health-related data. These systems play a pivotal role in modern healthcare by streamlining workflows, enhancing patient care, and improving overall efficiency within medical institutions.

Electronic health records have revolutionized the healthcare industry, transitioning it from traditional paper-based systems to a more advanced and interconnected digital landscape. EHR systems provide numerous benefits that significantly impact patient outcomes and healthcare professionals’ ability to deliver quality care. By digitizing patient information, healthcare providers can access up-to-date records instantaneously, facilitating quicker decision-making and more informed medical interventions.

Regarding EHR solutions, Epic and Cerner stand out as industry giants, dominating the EHR market in the United States. Together, they capture a staggering 50% share of the market, a testament to their widespread adoption and trust within the healthcare community.

Getting started with the development

When creating an application that utilizes Epic or Cerner’s EHR systems, the initial step is registering the app on their respective websites (Epic, Cerner). This registration process is crucial as it enables your application to securely access and interact with patient data. However, the access levels granted to your app must be managed with care. For instance, depending on the app’s purpose, you should be only allowed to view a patient’s surgical history, while other not needed sensitive information remains restricted.

Epic’s consent selector

Additionally, for security reasons, it’s required to maintain a comprehensive list of all possible redirect URLs. These URLs are used to redirect users to specific pages after authentication or other interactions with the EHR systems. Before releasing your application, reviewing and removing any localhost URLs from the list is vital. Localhost URLs are helpful during development but should not be present in the production environment, as they can pose security risks.

One notable challenge when working with Epic and Cerner’s EHR systems is the slow deployment process. Making changes or updates to your application can be time-consuming, as each modification typically takes at least 15 minutes to become usable. Moreover, there is no notification system to inform you when the changes are live and active during deployment. For instance, after adding a new data access feature, you may have to check the application frequently, perhaps every 10 minutes, until the new functionality is fully functional. Similarly, when adding a new redirect URL, you may have to wait an extended period for the changes to take effect.

As you can see, navigating these challenges requires patience and careful testing. To ensure a smooth development process, it’s essential to account for the slow deployment times and thoroughly test each update or change before releasing the product. This way, you can anticipate potential issues, troubleshoot effectively, and provide users with a reliable and efficient application that interfaces seamlessly with Epic and Cerner’s EHR systems.

Authentication process

To ensure a secure connection and access to the database, EHR systems require the OAuth 2.0 standard for authentication. OAuth 2.0, which stands for “Open Authorization,” is a widely adopted protocol designed to enable secure access to resources hosted by other web applications on behalf of a user. The OAuth 2.0 standard ensures that the authentication process is robust and follows industry best practices for data protection.


The authentication process involves multiple API calls that create a secure connection between the application and the database.

1. Authorization request

The authentication process starts with the authorization request. When users attempt to access the application, they are redirected to a login page hosted by the EHR system. The user is prompted to provide consent and grant access permissions to the application. Once the user agrees and provides the necessary permissions, the EHR system redirects them back to the application’s designated redirect URL.

2. Requesting the token

After the user has successfully authorized the application, the next step is to request the access token. This access token is required to establish a secure connection between the application and the EHR system’s database. The application makes a token request to the EHR system, providing the authorization code obtained during the previous step.

3. Accessing the data

Once the application has obtained the access token, it can use this token to query and access the data stored in the EHR system’s database. The access token serves as a secure key, allowing the application to retrieve the relevant patient data and perform various actions based on the granted access permissions.

This industry-standard protocol enhances the overall security posture of the application and ensures that only authorized users can access sensitive patient information. As a result, users can confidently interact with the application, knowing that their data is safeguarded throughout the authentication process.

API Response

The API response received from both Epic and Cerner EHR systems is formatted using the FHIR (Fast Healthcare Interoperability Resources) standard. FHIR is the prevailing standard for representing healthcare data in a structured and interoperable manner, enabling seamless communication and data exchange between healthcare systems.

1. The power of FHIR format

FHIR’s design promotes data consistency and compatibility across various healthcare platforms, making it easier for different systems to understand and interpret the information. This standardization enhances interoperability between EHR systems, ensuring efficient data exchange and improved communication among healthcare providers.

2. The complexity challenge

While FHIR brings significant benefits to the interoperability of EHR systems, it has challenges. One notable downside is the inherent complexity of the FHIR format. The intricate structure of the data may require developers to invest additional effort in understanding and parsing the responses received from the API.

3. Non-obvious key-value pairs

Another challenge arises from the non-obvious key-value pairs used in the FHIR format. The keys that identify specific data fields may not always be self-explanatory, necessitating reference to comprehensive documentation to fully comprehend their meaning and usage.

4. Epic’s API documentation

To help developers overcome these challenges, Epic’s API documentation provides a valuable resource. It includes example responses for all possible queries, giving insight into the structure of the API response in FHIR format. Additionally, the documentation offers detailed descriptions of each field, providing context and meaning for the various key-value pairs in the response.

Epic’s API documentation

Things to keep in mind

While working with Epic and Cerner EHR systems, there are some important aspects to be aware of to streamline the development process and effectively handle potential challenges.

1. Comprehensive but messy documentation

Both Epic and Cerner provide detailed documentation for their respective APIs. However, the documentation may appear overwhelming due to the multitude of use cases. Developers might find it challenging to quickly locate specific information, especially when focusing on error cases, which might not be as thoroughly covered as everyday use scenarios.

2. Limited test data for Epic

During testing and development with Epic, developers should be aware that only three test users are available, with many empty fields or just a few examples. To obtain more extensive test data, developers can utilize Cerner’s sandbox endpoint, which does not require authentication.

3. Debugging API error responses with Epic

Debugging API error responses from Epic might pose challenges due to the need for detailed error descriptions. The error messages are often generalized, such as “invalid client,” making it difficult to pinpoint the exact cause of the issue. In some cases, this might indicate a configuration problem with the app setup on Epic rather than the expected error.

4. Cerner’s helpful developer community

On the bright side, Cerner has an active and supportive developer community that can be a valuable resource during debugging and troubleshooting. Developers can access a dedicated group with over 4000 conversations for guidance and assistance.

5. Exploring YouTube resources

While there may be a need for an equivalent developer community for those working with Epic, some helpful YouTube videos can provide insights and tips for tackling various development challenges related to Epic’s API.

We hope you find this guide helpful! As a consultancy focusing on digital health services, we’re always happy to help and answers any questions you have. You can book a free consultation with us where you can also learn about what we can offer.

Let bene : studio enhance
your digital product!