Skip to main content

FHIR profiles and FHIR APIs

A FHIR profile is a set of rules which allows a FHIR resource to be constrained or include extensions so it can add additional attributes. 

As well as defining a set of resources, and a mechanism for creating profiles. The HL7 FHIR provides a set of rules for how resources can be used in both traditional messaging and also in ReST APIs.

FHIR standards

HTTP operations

The FHIR standards sets out a set of standard HTTP operations an implementor can expose on their FHIR server to allow others to use the resources.  This includes the usual “create, read, update and delete” operations and sets out specific rules on how those should be exposed through standard HTTP verbs on specific paths.  


The standard also provides a set of standard search parameters that should be used to search for resources. To search for a patient ID would always look like [BaseURL]/Patient. The standard also provides a range of other mechanisms for more complex to search for a patient by ID would always look like [BaseURL]/Patient?identifier=12345.

Custom operations  

The standard also provides a range of other mechanisms for more complex searches or to retrieve groups of related resources in the response returned. Any system would choose how much of this they implement and declare in a capability statement which is also published on their FHIR server.

The FHIR standard provides a mechanism for defining your own custom operations “operation definition”.

This allows a more remote procedure call style of API to be defined.  Customising operations can be used along with standard operations.  However, customising the operation may limit the flexibility of what the consumer can do with your APIs as they will only be able to use them for the specific operations you have already defined and so may not be suitable for everything.   

Complementary standards

There are also some complementary standards such as SMART-on-FHIR which show how to use FHIR with OAuth to secure an API.   

We are working with INTEROPen to agree a set of NHS England wide care connect profiles to give us a level of consistency in how these resources are represented across FHIR implementations in England.


This provides the basis for an API which each system could implement relatively consistently to provide access to these FHIR resources. It does not however, provide a complete definition of everything you would need to build an implementation in a real system.

There are a few areas which FHIR does not try to define, like security. There are also other complementary standards including SMART-on-FHIR which define an approach to using FHIR alongside OAuth to secure an API.

These details would typically be defined by the implementor of an API in an implementation guide, which sets out all the information someone would need to make use of the API.

Further information

internal Fast Healthcare Interoperability Resources

Fast Healthcare Interoperability Resources (FHIR) is a global standard for passing healthcare data, and is the industry standard for passing this data between systems.

Last edited: 6 September 2021 5:13 pm