Skip to Main Content

IoT Cloud Integration with EMR Systems: The Ultimate Guide


In the digital healthcare era, seamless IoT cloud integration between connected medical devices and Electronic Medical Record (EMR) systems is crucial for enhancing clinical workflows, patient care, and device monitoring. Once a cloud-based backend system for a medical device is built, the logical next step is to ensure its interoperability with EMR systems. Clinicians rely heavily on EMR systems for comprehensive patient data, and integrating data from medical devices into these systems can significantly augment clinical decision-making processes. However, the limited capabilities of many EMR systems to accommodate external data sources often pose challenges during the integration process.

In This Ultimate Guide

This guide explores the most common standards for EMR integration, offers our strategic recommendations for identifying the most effective integration approach, and discusses the advantages and disadvantages of each method.

  1. Identify your data and integration needs
  2. Choose an EMR integration method
  3. Design a robust data pipeline
  4. Ensuring data security throughout the process
  5. Value of an IoT cloud integration partner

Considerations Across Cloud Development Stages

Both established medical device manufacturers and companies at all stages of development need to be aware of these integration considerations. Early awareness can inform design decisions, ease future integration efforts, and facilitate a smoother path to market. Understanding how cloud architecture can evolve to meet these needs is crucial, and our article on the optimal cloud architecture for each stage of your business provides valuable insights for startups and established companies alike, exploring the essential cloud architectural needs at different phases of an IoT project.

At Punch Through, we have seen firsthand how early planning and thoughtful cloud architecture design can significantly streamline the EMR integration process for our clients. With our team’s years of experience in medical IoT cloud system design and integration, particularly in the healthcare industry, we have developed a deep understanding of the challenges and best practices associated with EMR integration. Our team has successfully guided numerous clients through the process, helping them navigate the complexities of medical IoT cloud development and ensuring seamless integration with their chosen EMR systems. We hope you find these recommendations valuable in your cloud planning and development process.

Now, let’s begin by identifying your data and integration needs.

Identify Your Data and Integration Needs

The first step in any EMR integration project should be determining what data needs to be sent to the EMR system and how clinicians will view and utilize it once it’s there. It’s essential to recognize that EMR systems have limited built-in support for displaying data from devices, so understanding the data and its intended use will likely influence the integration method chosen.

1. Select the Right Integration Approach

When selecting an integration approach, it’s important to consider the limitations of each method. Some integration methods only allow you to read but not write certain data types to the EMR system. To ensure seamless integration, we recommend mapping each data type in your IoT system onto structures inside the EMR that make the most sense. The FHIR data spec can serve as a valuable guide in this process.

2. Choose EMR Systems for Compatibility

At this point in the process, you need to identify which EMR systems you plan to support. Epic holds a dominant market share in the U.S. EHR landscape, followed by Cerner and several smaller players. Ideally, you should pick an integration method that supports Epic, Cerner, Allscripts, and other systems that support the standards discussed later in this article. However, if standards-based methods cannot fulfill your requirements, you might have to resort to Epic or Cerner-specific integration methods.

3. Partner with Health Systems for Testing

To ensure a successful integration, we strongly recommend identifying at least one health system partner. This partnership will help you define the requirements for your first integration, allowing you to focus on how the data will be stored and displayed in a functioning EMR system. It’s essential to ensure that the health system’s technology team is willing and able to grant you access to a test environment where you can set up a test integration with fake data.

Choose an EMR Integration Method

Choosing the appropriate integration method ensures seamless data exchange between your IoT devices and EMR systems. Each integration method has advantages and disadvantages; some are better suited for specific use cases than others. At Punch Through, we have extensive experience working with various integration methods and can help you navigate the complexities of choosing the most suitable approach for your project. The following are some of the most common methods and standards:


Health Level 7 FHIR standard for IoT Cloud Integration
HL7 FHIR is the standard for healthcare data exchange.
About FHIR

The first integration method and standard to evaluate is FHIR (Fast Healthcare Interoperability Resources). FHIR is an industry standard for healthcare data exchange that utilizes messages and data types supported by major EMR systems such as Epic, Cerner, and AllScripts. These EMR systems expose a REST-based web API defined in the FHIR specification, with OAuth 2.0 as the authentication mechanism.

Diagram illustrating a medical device backend system calling out to an EMR's FHIR API via HTTPs to read and write data to the EMR's database.
Your medical device backend system can call out to the EMR’s FHIR API via a HTTPs to read and write data to the EMR’s database.
Advantages of FHIR

FHIR is an excellent choice when your device data maps easily to its supported data types. As a standard, FHIR enables you to support several different EMR systems, such as Epic and Cerner, with a single integration approach. Furthermore, FHIR’s REST-based web API over HTTPS makes it straightforward for developers to work with, streamlining the integration process.

Limitations of FHIR

Despite its advantages, FHIR does have some limitations. Currently, Epic and Cerner only support writing data for a small subset of the supported FHIR data types.


Being the most modern and effective integration approach, the FHIR API  would be our first choice–if it meets your needs and you can access it. FHIR’s standardized format and RESTful architecture make it ideal for seamless data exchange between IoT devices and EMR systems. By leveraging FHIR, you can ensure interoperability, reduce development time, and minimize the need for custom integrations.

However, it’s essential to carefully evaluate your specific data requirements and the limitations of the EMR systems you plan to integrate with. Epic and Cerner, for example, currently only support writing data for a small subset of the supported FHIR data types. If your device data needs to be written using unsupported data types, you should investigate alternative integration methods or explore Epic or Cerner’s proprietary APIs.

When considering FHIR as your integration approach, we recommend the following steps:

  1. Identify the data types your IoT device generates and map them to the corresponding FHIR resources.
  2. Research the FHIR support and limitations of your target EMR systems, focusing on their ability to read and write the specific data types you need.
  3. Evaluate the feasibility of using FHIR based on your data requirements and the EMR systems’ capabilities.
  4. If FHIR meets your needs, proceed with the integration using the standard. If not, explore alternative methods or proprietary APIs to accommodate your data requirements.

Health Level 7 (HL7)

Health Level 7 standard for IoT Cloud Integration
Health Level 7 is a global integration standard for healthcare data.
About HL7

HL7 (Health Level 7) encompasses a range of global standards for transferring healthcare data between systems. HL7 v2, in particular, is a messaging standard designed to support hospital workflows. The message format is text-based, with segments (lines) separated by a delimiter (typically the pipe “|” character) and fields within each segment separated by a sub-delimiter (usually “^”). Each segment has a specific message type with defined fields, allowing for structured data exchange.

Advantages of HL7

HL7 has been widely used by health systems for years to exchange data, and EMR systems have built-in support to process HL7 messages and map them to fields in their databases. For certain types of data, such as lab orders and lab results, HL7 is often the default integration method. One of the key advantages of HL7 is its flexibility and customization options, which allow it to adapt to various healthcare system requirements. However, this flexibility can also make integrations challenging, as only some healthcare systems use a particular field similarly.

A diagram illustrating a medical device backend system using a middleware service, like Mirth, to send HL7 messages via an IPsec tunnel to the EMR system.
Your medical device backend systems can use a middleware service, like Mirth, to send HL7 messages via an IPsec tunnel to the EMR system.
Limitations of HL7

Sending and receiving HL7 messages often relies on an IPsec tunnel between your system and the health system’s EMR or middleware provider. The IPsec tunnel ensures that all communications are encrypted, using TLS for secure data transfer. Setting up and maintaining these secure connections can add additional complexity to the integration process.

Fortunately, several middleware systems are available to help build, send, and process HL7 messages. Mirth Connect is an open-source solution that provides a Java-based messaging platform with a user interface for monitoring and configuring message processing. Mirth can parse the HL7 for you, and you can use its JavaScript-based API to process messages and send the contents to and from your system. Interfaceware Iguana is another commercial option in this space.


HL7 is a good method if the FHIR API method does not fulfill your requirements or is unavailable to you. When considering HL7 as your integration approach, we recommend:

  1. Evaluate your data exchange requirements and determine if HL7 fits your needs best.
  2. Research the HL7 support and capabilities of your target EMR systems. As part of this step, try to find a healthcare system to conduct your first integration and establish a data map for each HL7 message that you plan to send to them.
  3. Assess the need for middleware systems to simplify the process of building, sending, and processing HL7 messages.
  4. Establish secure connections, such as IPsec tunnels, to ensure the safe transfer of healthcare data.


SMART on FHIR standard for IoT Cloud Integration

SMART (Substitutable Medical Applications, Reusable Technologies) on FHIR is a framework that aims to provide a standard way for developers to build applications that can be launched by any EMR system, with access to that EMR’s data via the FHIR API. This framework enables EMR systems like Epic and Cerner to provide an “app store” for their platforms, where developers can create apps that theoretically work seamlessly within either system.

A diagram illustrating SMART on FHIR apps built in HTML & Javascript and connecting to the EMR’s FHIR API and web API.
SMART on FHIR apps are built in HTML & Javascript and can connect to the EMR’s FHIR API as well your web API.
Advantages of SMART

With SMART on FHIR, you can build a single-page application (SPA) in JavaScript that communicates with both your system’s web APIs and the FHIR API of the EMR system that launched the app. This communication occurs under the authentication and authorization of the current EMR system user. By leveraging this framework, you can create an application that launches directly from the EMR system’s user interface and displays data from the EMR system and your system. If you use this integration method, you might not need to send your device data to the EMR system; instead, you can display your data within the EMR using the SMART on the FHIR app. To ensure accurate data matching, confirm that your system and that of the EMR contain the same patient identifier.

This type of integration really shines when you have device data that doesn’t map easily to what the EMR systems can display. It also allows you to maintain a consistent user interface, which will be more familiar to clinicians already accustomed to working with your system.

Limitations of SMART

The disadvantages of this integration method involve the limitations of the “app store” model. To effectively use this method, your organization will need to join each intended EMR system’s developer program. You’ll also want to test your app in each of their sandboxes to ensure it works as expected. Some EMR systems, such as drug identifiers, may store data differently, so care must be taken to ensure your app works with each EMR system. Apart from that, there may be costs associated with distributing your SMART on FHIR application to the different health systems that want to use it.


SMART on FHIR is a good method if you need to display or capture data from EMR users within the EMR user interface. This method is worth considering as long as the health system is willing to install your app and you can agree to the “app store” business terms set by Epic and/or Cerner.

When evaluating SMART on FHIR as your integration approach, we recommend the following:

  1. Assessing your data display and capture requirements to determine if SMART on FHIR is the best fit.
  2. Evaluate the costs and business terms of distributing your SMART on the FHIR application.
  3. Join the developer programs of the EMR systems you plan to integrate with and test your app in their sandboxes.
  4. Ensure your app is compatible with the data storage and handling practices of each EMR system.

Third-Party Services

Third-party services have emerged to simplify the integration process between medical devices and EMR systems. These services have established integrations with a collection of health systems and offer a single web-based API that you can use to integrate with those health systems’ EMR systems. Redox and Rhapsody Health are two examples of such third-party services.

A diagram illustrating a medical device backend system calling a third party’s API via HTTPS and it handling communicating with each different health system’s EMR system.
Your medical device backend system can call the third party’s API via HTTPS and it will handle communicating with each different health system’s EMR system.

One of the main advantages of using third-party integrators is that they offer a single API to get your data into the connected health systems’ EMRs with minimal work on your side. This can significantly reduce the complexity and effort required to integrate multiple EMR systems. However, it’s essential to consider that these services introduce an intermediary into your process, which can limit your control over the workflow and the data types supported for transmission to the EMRs. Additionally, there are typically high fees associated with using these services, as it takes time and resources for the integrators to establish and maintain connections with the different health systems.


A third-party service could be a good solution if the health systems you target already have connections with one of these integrators and the integrator supports the data types you need. Before making a decision, we recommend:

  1. Identifying the health systems you plan to integrate and researching their connections with third-party integrators.
  2. Evaluating the compatibility of your data types and workflows with the integrator’s supported features.
  3. Assessing the third-party service costs and comparing them to the potential benefits and time-savings.
  4. Reviewing the level of control and customization you require over the integration process and whether the third-party service can accommodate your needs.

An EMR System’s Proprietary APIs

Proprietary APIs for IoT Cloud Integration
Cerner, Epic and Veradigm are popular EMR systems that offer their own proprietary APIs.

In addition to the standard-based IoT cloud integration methods, some EMR systems, such as Epic, Cerner, and Veradigm (formerly Allscripts) offer their own proprietary APIs. These APIs provide access to various functionalities, such as creating or updating data in the EMR that may not be currently available through their FHIR APIs. While proprietary APIs can be a viable integration option, using them as a last resort is generally recommended if the standards-based methods described above do not meet your specific requirements.

When working with proprietary APIs, remember that your system must include code that’s specific to each intended EMR system. This can increase the complexity of your codebase and make maintenance and updates more challenging, especially when combined with the intricacies of IoT cloud development. Additionally, to access information about the APIs and testing sandboxes, you will likely need to join each EMR system’s developer program, which may involve additional costs and resources.


In many cases, proprietary APIs are used when the required functionality is unavailable through standard-based methods, such as FHIR or HL7.

When considering the use of proprietary APIs, it’s essential to:

  1. Evaluate your integration requirements thoroughly and determine if the desired functionality is genuinely unavailable through standard-based methods.
  2. Assess the impact of proprietary APIs on your system’s codebase, especially with the added complexity and maintenance.
  3. Understand the costs and resources associated with joining each EMR system’s developer program, accessing their API documentation, and testing sandboxes.
  4. Plan for the long-term implications of relying on proprietary APIs, as changes or updates to these APIs may require significant modifications to your integration.

Selecting the most suitable IoT cloud integration method is critical in ensuring the successful data exchange between your medical device and the targeted EMR systems. By carefully evaluating your specific requirements, the capabilities of the EMR systems, and the advantages and limitations of each integration approach, you can make an informed decision that will lay the foundation for a seamless and efficient IoT cloud integration.

Design a robust data pipeline

Establish Clean and Aggregate Data

Once you’ve determined the data you need to send to the EMR and decided on the integration method, the next step is to design a data pipeline between your system and the EMR. The goal is to establish a process for delivering clean and aggregated data, which can be challenging to update once it’s been sent to the EMR system. Ensure that the data you intend to send is correct and includes pre-calculated values that the EMR system can effectively work with.

A diagram illustrating data flows across a medical ecosystem data pipeline.
This diagram illustrates the flow of data, from new data being sent to your medical device backend system (1) to the data being marked as successfully sent to the EMR (6).

Optimizing Data Transmission Frequency and Format

Determining the optimal frequency for sending data to the EMR system is essential. First, consider clinicians’ expectations: do they require near real-time data flow, or is a daily feed sufficient? Then, evaluate whether clinicians will view the data in aggregate or if they need access to individual data points within the EMR system. Answering these questions will help you design a system component that stores data in a format optimized for transmission to the EMR.

Designing a Reliable System for Data Delivery

With the data cleaned, aggregated, and optimized, the next step is to design a reliable system for sending the data to the EMR system. It’s crucial to ensure that any records that fail to be sent for any reason are tracked to allow for re-sending, preventing the EMR’s data set from becoming out of sync with your system. To achieve this, consider using a middleware solution between your system and the EMR. Middleware can help translate between the format expected by the EMR and the format your system can provide. Mirth Connect offers helpful tools for tracking HL7, file transfers, and web API calls. Cloud-based messaging services like Azure Service Bus or AWS’s SQS are also options to ensure reliable, repeatable delivery.

Ensuring Data Security Throughout the Process

Though this should go without saying, data security is paramount when dealing with sensitive patient health information. It is crucial to ensure that data is encrypted at rest (where it’s stored) and in transit (when it’s transmitted). EMR integrations typically involve using HTTPS for secure web-based communication and a secure tunnel with TLS (Transport Layer Security) for HL7 message exchange.

To maintain the highest level of security, you must verify that any middleware systems or services you employ also store their data in an encrypted data store. In addition, you can design the message processing so that no sensitive data is included in the message itself. Instead, sensitive information can be looked up during message processing time, minimizing the risk of exposure.

When implementing data security measures, consider the following best practices:

  1. Use industry-standard encryption algorithms and protocols, such as AES (Advanced Encryption Standard) for data at rest and TLS 1.2 or higher for data in transit.
  2. Regularly update and patch your systems to address known vulnerabilities and maintain the most up-to-date security features.
  3. Implement access controls and authentication mechanisms to ensure that only authorized personnel can access sensitive data.
  4. Conduct regular security audits and assessments to identify and address any potential weaknesses in your data security infrastructure.
  5. Develop and maintain a comprehensive data security policy that outlines the procedures and responsibilities for handling sensitive patient information.

By prioritizing data security throughout the IoT cloud development and EMR integration process, you can protect patient privacy, maintain trust, and ensure compliance with relevant regulations, such as HIPAA (Health Insurance Portability and Accountability Act) in the United States.

The Value of an IoT Cloud and EMR Integration Partner

Integrating medical IoT applications with EMR systems is a complex process that requires careful planning and execution at every stage. From selecting the appropriate IoT cloud integration method to ensuring data security, each step plays a crucial role in the success of your project. However, by following best practices and partnering with experienced medical IoT cloud development and EMR integration partners, you can navigate these complexities and achieve a seamless, efficient, and secure solution that enhances clinical workflows and improves patient care.

If you find yourself unsure about navigating the complexities of IoT cloud integration with EMR systems, it may be beneficial to seek a trusted partner to guide you through the process. An experienced IoT cloud development partner who understands the intricacies of device-to-cloud connectivity, cloud development, and EMR integration can be invaluable in helping IoT product owners successfully integrate their applications with EMR systems.

When selecting a development partner, look for a team with a proven track record of delivering secure, efficient, and scalable solutions in the medical IoT space. They should have deep expertise in IoT cloud architectures, data pipeline design, and ensuring data security and compliance with relevant regulations, such as HIPAA.

By collaborating with a knowledgeable and experienced partner, such as Punch Through, you can more effectively navigate the challenges of IoT cloud development and EMR integration, make informed decisions, and ultimately achieve a seamless IoT cloud integration that enhances clinical workflows and improves patient care.

Streamline Your IoT Cloud Development with Punch Through

At Punch Through, every article you read is a testament to our engineers' dedication and technical prowess in each project, not just in EMR integration but across the IoT development spectrum. We don't just share insights—we're in the trenches, building secure, seamless solutions that bridge technology and healthcare. Bringing your Medical IoT device to life with robust, scalable, and secure cloud infrastructure.

Related Articles – IoT Cloud Development

To further support you on your medical IoT cloud integration and development journey, explore these additional resources: