All Services
EHR

EHR software development: architecture, compliance, and what actually matters

EHR software development is one of those topics where a lot of people use the term loosely without really knowing what distinguishes it from EMR development. That distinction actually matters when you are building a system, because EHR architecture is fundamentally different from EMR architecture in a few important ways.

This page covers what real EHR software development involves. Not the marketing version. The technical and domain-knowledge version that matters when you are actually building a system.

Discuss Your EHR Project
// the difference that matters

EMR vs EHR: the difference that matters for software architecture

People use these terms interchangeably all the time. But for software development, the distinction is real.

EMR (Electronic Medical Records)

A digital record of patient clinical data within a single practice or network. A chiropractor's patient notes, a personal injury clinic's exam records, a single hospital's inpatient documentation. The data lives within one organization.

EHR (Electronic Health Records)

Designed to follow the patient across providers. The idea is that a patient's record is portable. When they see a cardiologist, that cardiologist should be able to see their primary care notes. When they go to the emergency department, the ED physician should see their medication history.

That portability requirement changes the architecture significantly. An EHR needs interoperability. It needs to speak standard data exchange languages. It needs to be built with the assumption that other systems will send data in and pull data out.

DimensionEMREHR
Data scopeSingle organization or networkAcross multiple providers
InteroperabilityOptional / internal onlyRequired by design
Data formatCustom schemas fineFHIR / HL7 standard resources
Patient identityInternal patient IDsMaster patient index (MPI)
Code systemsInternal enumerationsSNOMED CT, LOINC, RxNorm
ONC certificationUsually not requiredOften required
// interoperability requirement

The interoperability requirement: HL7 and FHIR explained

If you are building an EHR, you will hear HL7 and FHIR constantly.

HL7 v2Older messaging standard

HL7 v2 messages are text-based, structured in a specific format, and widely used by legacy hospital systems. They handle lab results (ORU messages), patient admissions (ADT messages), orders (ORM messages), and other clinical events.

FHIR R4Modern standard from HL7

Instead of the older text-based messaging format, FHIR uses REST APIs and JSON resources. It is much easier for modern software developers to work with, and it is what ONC (the US Office of the National Coordinator for Health IT) now requires for certified health IT systems.

If you are building an EHR that needs to exchange data with hospitals, labs, pharmacies, or other health systems, you need to support FHIR APIs. This adds complexity to the development project but is what makes the system actually useful in a healthcare ecosystem.

// multi-facility

Multi-facility data architecture in EHR systems

One of the core challenges in EHR development is handling patients who receive care across multiple facilities. Consider a patient who is treated at Clinic A, then referred to Specialist B, then admitted to Hospital C. Their clinical record needs to be accessible (with appropriate permissions) across all three. But each facility also has its own organizational data that should not be visible to the others.

Isolation requirement

Each facility's operational data is private. The multi-tenant architecture uses subdomain-based clinic isolation. Each clinic accesses the platform through their own subdomain, and the API uses the subdomain to filter all data access. A staff member at Clinic A literally cannot make an API call that returns Clinic B's data because the tenant ID from the subdomain controls what the API returns.

Connectivity requirement

Patient clinical data can be shared across facilities with proper consent. For a full EHR with FHIR-based data sharing, the architecture adds a patient consent layer on top of this isolation model. Patients can authorize specific providers to access their records, and the EHR maintains that consent record and enforces it at the API level.

// record continuity

Patient data portability and record continuity

EHR systems must handle something EMR systems rarely need to: a patient's entire clinical history across providers. This is more complex than a single-organization EMR, where you control all the data coming in and can define your own formats. In an EHR, you are receiving data from other systems that may use different formats, different terminologies, and different coding systems.

Master patient index

Patient identity must be consistent across encounters.

Standardized coding

SNOMED CT for clinical terms, LOINC for lab results, RxNorm for medications.

Document attribution

Documents and images need to be storable and retrievable with proper attribution to the encounter and provider.

Timeline reconstruction

The timeline of events across providers needs to be reconstructable.

// external connections

The integration layer: connecting to labs, pharmacies, and imaging

A real EHR does not stand alone. Building each of these integrations properly takes significant time. Budget for it separately from the core EHR build.

Labs

HL7 ORU / FHIR DiagnosticReport

When a physician orders lab work, the order goes to the lab system via an HL7 ORM message (or a FHIR ServiceRequest). When results come back, they arrive as an HL7 ORU message (or a FHIR DiagnosticReport) and need to be automatically filed in the patient's chart.

Pharmacies

NCPDP SCRIPT

E-prescribing uses the NCPDP SCRIPT standard. When a physician writes a prescription electronically, it routes to the pharmacy through a clearinghouse. The pharmacy confirms receipt. Refill requests come back. This is its own integration domain.

Imaging centers

HL7 + DICOM

Radiology orders and results involve HL7 messaging and often DICOM (the standard for imaging data). The EHR needs to at minimum display a radiology report, even if it does not need to render the actual DICOM images.

Insurance verification

ANSI X12 270/271

Real-time eligibility verification uses ANSI X12 270/271 transactions. This is different from HL7. It is worth noting that this integration is often handled through a clearinghouse that abstracts the payer-specific complexity.

// regulatory

Regulatory landscape: what ONC requires for certified EHR systems

If you are building a certified EHR (one that can be used for Medicare and Medicaid incentive programs or that hospitals need for regulatory compliance), the ONC certification requirements add another layer of complexity.

ONC certification (21st Century Cures Act Final Rule) requires:

  • FHIR R4 API support for patient data access
  • Prohibition on information blocking (you cannot restrict access to patient data through contractual, technical, or business practices that are not permitted exceptions)
  • Patient access to their own data through standardized APIs
  • Electronic prescribing capabilities
  • Specific security requirements

Who needs certification?

For most startups building specialty EHR products, full ONC certification is not necessary early on. But if your target market is hospitals, large health systems, or Medicare-participating providers, you will need to understand these requirements and plan for them.

// technology

What the technology stack looks like for EHR development

Based on what I have built and what is commonly used in production healthcare systems:

API layerA well-structured REST API with clear resource modeling. If you need FHIR compliance, the FHIR DSTU2, STU3, or R4 specification defines exactly how resources like Patient, Observation, Encounter, and MedicationRequest should be structured.
DatabasePostgreSQL is a solid choice for healthcare data. Row-level security handles multi-tenant isolation well. The relational model fits clinical data (patients, encounters, observations, documents) better than document databases for most EHR use cases.
Document storageAWS S3 with HIPAA configuration for medical documents and images. Signed URLs with time-limited access for document retrieval.
AuthenticationOAuth 2.0 with SMART on FHIR is the standard for EHR integrations that need to authorize third-party applications to access patient data. If you need third-party app integrations, this is the framework to build around.
Real-time featuresSocket.io for collaborative workflows within a facility. For cross-facility data exchange, FHIR Subscription resources handle push notifications when patient data changes in connected systems.
// practical decision

The practical difference between building EMR and EHR

If you are a healthcare startup deciding what to build, here is the practical question:

Do you need your system to exchange data with other organizations?

YES → Building EHR

You need FHIR APIs and proper interoperability design. If no, and you are serving one organization or network of related organizations with the same ownership, you are building an EMR and have more freedom in your data model.

NO → Building EMR

You are serving one organization or network of related organizations with the same ownership. More freedom in your data model.

Most specialty clinic startups (personal injury, chiropractic, mental health) are building EMR, not EHR, even if they call it EHR. The distinction matters because FHIR compliance and interoperability add cost and complexity that may not be necessary for your use case. Be honest about what you actually need before starting. It will save you significant time and money.

// FAQ

Frequently asked questions

EHR software development is genuinely more complex than EMR development. The interoperability requirements, FHIR APIs, and regulatory landscape add layers that take real healthcare domain knowledge to navigate correctly.

If you are building an EHR product for a healthcare startup, or if you need a multi-facility system that can share patient data across organizations, start with a proper architecture conversation before writing any code. The decisions you make in the first few weeks shape the entire project.

Working with someone who has built production healthcare systems and understands the HL7/FHIR landscape saves you months of research and expensive course corrections.

Start the Architecture Conversation