FHIR servers are not out-of-the-box solutions.
The cloud providers promote and sell them in this way, but the reality is very different. I don’t believe there is such a thing as a “production ready” FHIR server.
They all need a lot of help and a lot of custom code before they can be trusted with real-world data and real-world applications.
That custom code begins with an Intercept Layer.
Here are 8 reasons you should intercept requests BEFORE they reach your FHIR server.
- Implement operations not supported by your FHIR server
- Perform business validation on resources
- Apply version Ids to Provenance resource targets
- Create AuditEvent resources for every request
- Block access to unsupported resources
- Enforce conditional POST and PUT requests
- Alter the request body coming in
- Alter the response body going out
I go into more detail on each of these here.
---