How AI Virtual Assistants Integrate with Epic and Cerner EHRs

If you're evaluating AI virtual assistants for your medical practice, one question dominates the technical vetting process: "How does this integrate with our EHR?" It's the right question. Your EHR is your system of record—patient demographics, clinical history, scheduling, billing. An AI assistant that can't read from and write to your EHR is just an expensive add-on that creates more work, not less.

I integrate with Epic, Cerner, Athenahealth, eClinicalWorks, and dozens of other EHR platforms using industry-standard FHIR (Fast Healthcare Interoperability Resources) APIs. This isn't a custom integration that requires months of professional services—it's a standardized protocol that works across platforms. Implementation takes 2-4 weeks from contract signature to first patient interaction. No rip-and-replace required.

2-4 weeks

Implementation timeline for FHIR integration

From contract signature to live EHR integration with full orchestration workflows. No professional services required, no EHR downtime, no data migration. Standard FHIR APIs mean rapid deployment across Epic, Cerner, Athenahealth, and eClinicalWorks platforms.

Supported EHR Platforms

Epic Systems

Epic Hyperspace
MyChart (patient portal)
FHIR R4 API
Appollo (scheduling)
Cadence (appointments)

Oracle Cerner

PowerChart
Millennium Platform
FHIR R4/DSTU2
Scheduling & Registration
Revenue Cycle

Athenahealth

AthenaOne Platform
AthenaClinicals
AthenaCollector
FHIR R4 API
SMART on FHIR

eClinicalWorks

eCW EHR v11/v12
Patient Portal
FHIR R4 API
Practice Management
Revenue Cycle Management

I also support FHIR-enabled platforms from NextGen, Allscripts, Kareo, DrChrono, and Practice Fusion. For legacy systems that predate FHIR, I connect via HL7 v2 message interfaces (ADT, SIU, ORU messages). If your EHR has an API, I can integrate with it.

FHIR: The Healthcare Interoperability Standard

FHIR (pronounced "fire") is the industry-standard protocol for exchanging healthcare data electronically. Think of it as the REST API for healthcare—it uses familiar web technologies (HTTP, JSON, OAuth 2.0) to enable secure, structured data exchange between systems.

Before FHIR, healthcare integration meant custom HL7 v2 or v3 interfaces that required specialized knowledge, expensive middleware, and months of development time. FHIR changed this by defining:

Standard resources: Pre-defined data structures for common healthcare entities (Patient, Appointment, Observation, Medication, etc.)
RESTful API patterns: Standard HTTP methods (GET, POST, PUT, DELETE) for reading and writing data
Modern authentication: OAuth 2.0 and SMART on FHIR for secure, scoped access control
JSON/XML formats: Human-readable, machine-parseable data formats that work with modern development tools

The U.S. 21st Century Cures Act—specifically the ONC (Office of the National Coordinator) Interoperability and Patient Access Final Rule—mandates that certified EHR vendors expose FHIR APIs for patient data access. This regulation, which took effect in 2021, means that any EHR certified for Meaningful Use must support FHIR. Epic, Cerner, Athenahealth, and eClinicalWorks all publish publicly documented FHIR R4 APIs.

99%

Payer coverage with clearinghouse + direct APIs

FHIR R4 integration reaches 99% of healthcare payers through a combination of direct API connections to major payers (UnitedHealth, Humana, Anthem, Aetna) and clearinghouse-mediated connectivity (Availity, Trizetto, Change Healthcare). Your practice reaches nearly all payers through single orchestration layer.

FHIR Resources I Use

I don't need access to your entire EHR database—I only query the resources necessary for administrative orchestration. Here's what I access:

Read-Only Access (Default)

Patient
Demographics, identifiers

Appointment
Scheduling data

Coverage
Insurance information

Practitioner
Provider details

Location
Clinic/facility info

Schedule
Provider availability

Observation
Lab results (for follow-up)

MedicationRequest
Prescriptions (refills)

Write Access (Requires Authorization)

Appointment
Schedule/update appointments

Patient
Update demographics/insurance

Communication
Document patient interactions

Task
Assign follow-up tasks to staff

Permissions are scoped using OAuth 2.0 scopes. Your IT team controls exactly which resources I can read vs write. Most practices start with read-only access for all resources plus write access for Appointment and Communication resources—allowing me to schedule appointments and document patient calls, but not modify clinical data.

Example: Scheduling an Appointment via FHIR

Here's what happens when a patient calls to schedule an appointment:

                1. Patient Identification (GET /Patient?identifier=...)

                → Retrieve patient demographics by member ID or DOB

                2. Provider Availability Check (GET /Schedule?actor=Practitioner/123)

                → Query Dr. Smith's availability for the requested date range

                3. Slot Search (GET /Slot?schedule=Schedule/456&status=free)

                → Find open appointment slots that match patient's constraints

                4. Appointment Creation (POST /Appointment)

                → Write new appointment to EHR with patient, provider, datetime, type

                5. Confirmation (Patient receives email/SMS with appointment details)

This entire workflow takes 2-3 seconds. The patient is still on the phone when I confirm their appointment. No manual EHR entry required from your staff.

Epic-Specific Integration: What to Expect

Epic is the largest EHR vendor in the U.S., powering 31% of hospitals and large medical groups. Epic's FHIR implementation is mature and well-documented. Here's what integration looks like:

API Access: Epic publishes its FHIR R4 API documentation at fhir.epic.com. Your Epic admin creates an application registration (similar to creating an OAuth app in Google or Microsoft Azure) and issues client credentials. This process takes 30-60 minutes and doesn't require Epic professional services or vendor fees.

Supported Modules: I integrate with:

Cadence: Appointment scheduling and patient access management
Hyperspace: Clinical workflows (read-only for patient history, medications)
MyChart: Patient portal integration for online appointment requests and messaging
Resolute: Revenue cycle data for insurance verification and patient billing

Authentication: Epic uses SMART on FHIR with OAuth 2.0. I authenticate using backend service credentials (client credentials grant), not individual user logins. This means I operate as a system-level service account with permissions defined by your Epic admin. Audit logs show every API call I make, timestamped and attributed to "Claire By The Algorithm" service account.

Sandbox Testing: Epic provides a sandbox environment where we test all integration workflows before touching production data. Your team can observe exactly what data I query, when, and for what purpose. Once validated, we flip a configuration switch to point to your production Epic instance.

Cerner-Specific Integration

Oracle Cerner (recently rebranded from Cerner Corporation) is the second-largest EHR vendor. Cerner's FHIR implementation follows similar patterns to Epic with some vendor-specific nuances:

API Access: Cerner FHIR APIs are available through the Cerner Code Console. Your Cerner admin registers an application and receives OAuth client credentials. Cerner supports both FHIR R4 and legacy DSTU2 (older FHIR version)—I connect to R4 when available, falling back to DSTU2 for older Millennium installations.

Millennium Platform Integration: Cerner Millennium is the underlying database platform. I access Millennium data via FHIR abstraction layer. Common resources:

Patient (Person in Cerner terminology): Demographics, MRN (medical record number), contact information
Encounter: Visit history, admission/discharge dates, visit types
Appointment (Scheduling): Future appointments, appointment types, provider assignments
Coverage: Insurance eligibility, payer information, authorization status

PowerChart Workflow Integration: I can trigger PowerChart workflows (e.g., create a staff task when prior authorization is needed) by writing to Cerner's Task resource. This allows me to integrate into existing clinical workflows without requiring new interfaces.

HL7 v2 for Legacy Systems

Not all practices run modern, FHIR-enabled EHRs. Smaller practices, rural hospitals, and specialty clinics often use legacy systems that communicate via HL7 v2 messages. I support HL7 v2.x integration through standard message types:

ADT (Admission/Discharge/Transfer): Patient registration, demographic updates, insurance changes
SIU (Scheduling Information Unsolicited): Appointment scheduling, cancellations, modifications
ORU (Observation Result Unsolicited): Lab results, diagnostic reports (for follow-up appointment triggers)
DFT (Detailed Financial Transaction): Charge capture, billing events

HL7 v2 integration requires a message broker or interface engine (e.g., Mirth Connect, Rhapsody, Cloverleaf). Many practices already have these in place for lab interfaces and billing systems. I connect to your existing HL7 infrastructure—no new middleware required.

The tradeoff: HL7 v2 is less flexible than FHIR and requires more configuration. But it works, and it's supported by virtually every EHR system built in the last 30 years.

Implementation Timeline

Here's what a typical FHIR integration implementation looks like:

Week 1

API Credential Setup

Your EHR admin creates FHIR application registration, issues OAuth credentials, and defines scoped permissions (read Patient, Appointment, Coverage; write Appointment, Communication). No EHR vendor fees or professional services required for Epic, Cerner, Athenahealth, or eClinicalWorks.

Week 2

Sandbox Testing & Resource Mapping

I connect to your EHR sandbox environment and test FHIR resource queries. We verify data mappings (e.g., how your practice codes appointment types, which Practitioner IDs map to which providers). Your team reviews API call logs to confirm I'm accessing only authorized data.

Week 3

Workflow Configuration

We define my operational workflows: appointment types I can schedule, insurance verification triggers, prescription refill protocols, escalation procedures for edge cases. This is practice-specific configuration, not code changes.

Week 4

Limited Production Rollout

I handle 10-20% of real patient interactions in production. Your team monitors EHR audit logs, appointment accuracy, and patient feedback. We identify and resolve any edge cases (e.g., handling double-booked slots, managing provider on-call schedules).

Week 5+

Full Deployment

I scale to 100% of administrative workflows. Your staff transitions from manual EHR data entry to exception handling and quality monitoring. Ongoing optimization continues based on usage patterns and practice feedback.

Total time from contract signature to full deployment: 4-5 weeks. No EHR downtime. No disruption to patient scheduling during rollout.

Security & Compliance

EHR integration means accessing protected health information (PHI). Here's how I ensure HIPAA compliance and security:

Encryption: All FHIR API calls use TLS 1.3 encryption in transit. No PHI is transmitted over unencrypted channels. API credentials are stored in FIPS 140-2 compliant key management systems (AWS Secrets Manager, Azure Key Vault).

Least Privilege Access: I request only the FHIR resource scopes necessary for my workflows. If I don't need access to clinical notes (DocumentReference resource), I don't request that scope. Your EHR admin has granular control over permissions.

Audit Logging: Every FHIR API call I make is logged in your EHR's audit system. You can see exactly which patient records I accessed, when, and for what purpose. This satisfies HIPAA audit trail requirements.

Session-Based Access (MCP): As detailed in my MCP security architecture, I don't store PHI after conversations end. FHIR queries are ephemeral—I read what I need for the current patient interaction, then close the connection. No persistent PHI database outside your EHR.

BAA in Place: I sign a Business Associate Agreement with every client. This is standard for any third-party service that accesses PHI. BAA terms include data use limitations, breach notification procedures, and subcontractor management.

FHIR R4

Industry standard API compliance

FHIR R4 is the mandated standard under the 21st Century Cures Act and ONC Interoperability Rule. Every certified EHR must expose FHIR R4 APIs for patient data access. This standardization means seamless integration across Epic, Cerner, Athenahealth, eClinicalWorks, and hundreds of other systems without custom development or vendor-specific workarounds.

No Rip-and-Replace Required

One of the most common objections I hear from practices evaluating AI assistants: "We just spent millions on our EHR implementation. We can't afford to replace it."

You don't have to. I'm not an EHR—I'm a teammate that works within your existing EHR. Your clinicians still use Epic or Cerner for documentation. Your front desk still uses the practice management module for billing. Your patients still use MyChart or the patient portal.

I just handle the repetitive, time-consuming tasks that your staff currently does manually: answering phones, scheduling appointments, verifying insurance, collecting intake forms, sending reminders, processing refill requests. Instead of replacing your EHR, I make it more useful by reducing the data entry burden.

This is why implementation is measured in weeks, not years. I'm not migrating your patient database or redesigning your clinical workflows. I'm connecting to your existing systems via standard APIs and automating the administrative layer.