Skip to main content

· 2 min read
Reshma Khilnani

We at Medplum are pleased to share the news that we have recently completed our System and Organization Controls (SOC) 2 Type I audit.

Industry-Standard Accreditation

The SOC 2 audit is one the highest recognized standards of information security compliance in the world. It was developed by the American Institute of CPAs (AICPA) to allow a third-party auditor to validate a service company’s internal controls with respect to information security. Our SOC 2 Audited Report, which can be obtained upon request, is the auditor’s opinion on how our organization’s security controls meet the SOC 2 criteria.

We obtained our audited SOC 2 Report by partnering with Secureframe and Prescient Assurance who respectively helped us prepare for and review our internal controls including policies, procedures, and infrastructure regarding data security, firewall configurations, change management, logical access, backup management, business continuity and disaster recovery, security incident response, and other critical areas of our business.

Thanks to a company-wide effort here at Medplum, and with the help of our partners, we successfully achieved SOC 2 compliance and received an Auditor’s Report, which we are happy to share with you to demonstrate to you that our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria. A summary of our practices can be found in our security summary.

We go above and beyond the minimum requirements for SOC 2 by integrating our critical infrastructure to monitor compliance to the SOC 2 framework 24/7/354, not just during the audit window.

The successful completion of our SOC 2 Report is one of many ways that we have planned to earn and retain our customer's trust. SOC 2 is just one aspect of our growing security program. We are committed to continually improving our information security program and retaining an annual SOC 2 audit to ensure we keep supporting our customers’ needs.


· 2 min read

At Medplum we know that customizable forms are critical for any healthcare app. Is it even a healthcare app without tons of forms?

To serve that need, we have created a Form builder similar to common tools like SurveyMonkey or Google Forms but based on the FHIR Questionnaires.

FHIR Questionnaires are very powerful and are widely used in healthcare systems. Medplum can help you author questionnaires or import them from other systems and manipulate them programmatically to get the workflow and data capture you desire.

Here is a 2 minute video introducing the product.

Medplum FHIR Questionnaires

Here's how to get FHIR Questionnaires set up

  1. This tutorial assumes you have registered for an account. If you have not, you can do so here.
  2. You can create new questionnaires using the Questionnaire Tool on Medplum. (Here are all Questionnaires in your account.)
  3. You can use the Builder to add questions that have different types, and they can be common types like strings or integers, or they can be FHIR objects like Organizations or Patients
  4. Each questionnaire has one or more Subjects, which will link the Questionnaire in the tool to the Subject data type. For example if the Subject is a Patient, then the Questionnaire can be found in the Apps tab on the Patient object (see video to get a visual).
  5. Once the Form is filled out a QuestionnaireResponse will be created with all the appropriate data.
  6. This is an advanced topic which will be covered in another tutorial, but you can use Bots to create new FHIR objects and execute an advanced workflows.
  7. Questionnaires can be embedded in applications such as your webapp, this is also an advanced topic for another time but if you want to get started building app start here

Open Source Questionnaires

There are tons of standard questionnaires available online, and some institutions have proprietary ones that are tailored for a use case, or in some cases even validated experimentally.

Some institutions publish their questionnaires - for example:

  • MDCalc publishes a large number of questionnaires like PHQ9
  • Ages and Stages publishes widely used pediatric screening tools.

Having a well managed and documented Questionnaire set with version tracking and attribution can be a huge asset for an organization and we encourage everyone to think of it as such.

· 2 min read

Synthetic FHIR data is increasingly popular for people who are building healthcare apps. It's useful for testing, prototyping, partnerships, sales and more. In the implementations we see here at Medplum, more than half use synthetic data in some form or another!

Synthetic FHIR data is just what it sounds like. It's realistic patient data but it's completely synthetic, and can be shared and used for testing. It's useful to think of synthetic data as a "population" or set of records that correspond to a group of fictional patients.

At Medplum, some of our customers use a project called Synthea to generate this data. Here is some sample data, that shows what the tool generates as raw FHIR Objects. Below are instructions on how to generate some sample data and load it into your Medplum account.

  1. Setup Java 1.8+

    1. Try to run java from a Terminal: java -version
    2. Verify that you have Java 1.8+ installed, if not download and install.
  2. Download Synthea

    1. Go to Synthea Releases Page
    2. Download the latest synthea-with-dependencies.jar
    3. Move the jar file to it's own directory
  3. Run Synthea

    1. Open a Terminal and navigate to your recently downloaded synthea jar.
    2. Run: java -jar synthea-with-dependencies.jar
    3. This will create a folder called output
    4. In the folder output/fhir, there will be 3 new files - one representing a hospital, one representing a practitioner, and the third representing a patient.
  4. Import the data

    1. Go to Medplum Batch Create Page
    2. Copy the contents of the files one at a time, in the correct order
      1. hospitalInformation first
      2. practitionerInformation second
      3. patient last
    3. Once you have imported the data, you can go to the Patients page to browse the data you created.

Let us know if you need assistance with your data sets - we would be happy to help.

· 2 min read

You can use Medplum as a tool to help you learn FHIR quickly.

Fast Healthcare Interoperability Resources (FHIR) specification is a data standard for healthcare that defines how information can be exchanged between systems. (Read more about what FHIR is and it's philosophy and history here)

Major healthcare platforms such as Epic and Cerner, as well as big tech - Apple, Google, etc. support FHIR in various capacities, making it increasingly popular.

FHIR is very powerful and expressive, but that can make it hard to understand. It can feel intimidating, even for those with a healthcare background and a lot of domain expertise.

Medplum is designed to help you implement FHIR, of course, but also to help you learn FHIR. The app is built on a JAM stack (Javascript, APIs and Markup), and the API calls are... FHIR API calls!

Using Chrome Developer tools can see directly which calls are made to render the page and quickly get a feel for FHIR and how to write your own app. Here's a brief video tutorial:

FHIR Search Tutorial Video

To try for yourself:

  1. Pre-requisite, you have set up your Medplum account and created at least one patient instructions here and are using Google Chrome.
  2. Open the Medplum App and navigate to the Patient page.
  3. Open up Chrome Developer Tools and navigate to the Network tab and refresh the page instructions here.

Use the tool to help you construct the objects and searches that you need to build your application. Good luck, and let us know what you build!

· 2 min read

Developer infrastructure and tools for healthcare apps

Healthcare applications are famous for being complex, rigid and hideous, and we on the Medplum team have seen many up close and witnessed the problems firsthand. It's easy to dismiss the hideous phenomenon as lazy app developers or poor product management, but in reality, it's not that straightforward.

Delivering healthcare is very complicated - lives are at stake and tools and treatments are constantly evolving. Additionally, incentives and business models for patient care complex and heavily regulated. Any app built for healthcare by default serves many stakeholders.

Medplum approaches this complex environment from the developer perspective. We believe that a toolset that abstracts data, identity management, user interface and reporting will allow healthcare apps can be built quickly, and more importantly flexibly - i.e. they won't need to be re-written when new stakeholders are introduced. That's what we are building.

Our open source model is critical to building extensible, flexible apps. In healthcare, it is extremely common for vendors to lock in data. In the US - interoperability is regulated for this reason. Storing data natively in FHIR, and showing exactly how it is done, we believe, will prevent the rot that is so common in the industry.

Thank you for taking the time to check out Medplum. Please try it. We welcome your feedback.

Medplum Repo

Open an Issue