Skip to main content

Medbackend Documentation

Introduction

What is Medbackend?

Medbackend is a powerful GraphQL interface layer for Microsoft's FHIR server, designed to modernize healthcare API infrastructure while maintaining FHIR compliance. Acting as a secure facade, it provides:

  • 🔐 Granular Role-Based Access Control (RBAC)
  • GraphQL API Endpoints
  • 🔄 FHIR Database-Driven Configuration
  • 🌐 OAuth 2.0/OpenID Connect Compatibility

Unlike traditional SMART on FHIR implementations, Medbackend decouples authorization logic from authentication providers through its unique configuration system stored directly in your FHIR database.

Key Differentiators

FeatureMedbackendTraditional FHIR Solutions
Access ControlDatabase-configuredAuth server-dependent
API StyleGraphQLREST
Client RegistrationSelf-serviceManual provisioning
Binary StorageExternalizedFHIR Bundle storage
Business Logic ExtensionsCustom resolversLimited customization

Supported Infrastructure

While optimized for Azure Health Data Services, Medbackend maintains compatibility with any FHIR server implementing:

  • HL7 FHIR R4 REST API
  • Bearer token authentication
  • Custom SearchParameters

Core Architecture Principles

1. Dynamic Access Control

Authorization rules are stored as FHIR resources, enabling:

  • Real-time policy updates without redeployment
  • Environment-specific configurations (dev/test/prod)
  • Version-controlled security policies

2. Modern API Surface

Our GraphQL implementation provides:

  • Strongly-typed queries/mutations
  • Introspection capabilities

3. Storage Optimization

Binary handling: External blob storage with secure access tokens

Implementation Requirements

Essential Components

  1. Azure Services

    • Active Azure subscription
    • Azure Health Data Services (FHIR)
    • Azure B2C tenant (authentication)

  2. FHIR Server Requirements

    • CapabilityStatement.rest.security.service extension support
    • _tag search parameter availability
    • AuditEvent resource write permissions

  3. Network Configuration

    • Minimum TLS 1.2
    • VNET integration capabilities
    • Private endpoint support

Why Medbackend?

Problem Space

Traditional FHIR implementations face challenges with:

  • Authorization Complexity: Tight coupling between auth providers and RBAC
  • API Limitations: REST constraints in mobile-first ecosystems
  • Storage Costs: Binary bloat in FHIR databases
  • Client Management: Manual client credential provisioning

Solution Approach

Medbackend addresses these through:

  1. Decentralized Authorization
    Security policies stored as FHIR Resources (Parameters, SearchParameters)

  2. GraphQL Federation
    Combines FHIR resources with custom business logic in unified API

  3. Storage Tiering
    Automatic binary offloading to cost-effective blob storage

  4. Client Registry
    Self-service onboarding using Device and DeviceAssociation resources