Integration architecture

EHR Integration for Medical AI: How AI Reads and Writes to Your EHR Safely

A medical AI agent is only as useful as its connection to the chart. This is the technical reference for how MedReception AI integrates with 23 production EHR and practice management systems, what the AI is allowed to read and write, and how the integration stays safe when an upstream API has a bad day.

FHIR R4 · HL7 v2 · Vendor REST · RPA Fallback

EHRs Integrated

23

Production EHR and PM systems in active use

FHIR Native

14

Systems supported via FHIR R4 read and write

RPA Fallback

9

Legacy systems automated via secure UI workers

Write Success

99.7%

Successful writes across all integration paths

Integration approaches

Four Ways the AI Talks to Your EHR

No single integration approach covers every EHR. MedReception AI uses the highest-fidelity path each vendor supports, then falls back through a documented hierarchy when needed. The AI agent is identical across approaches, only the transport changes.

FHIR R4 (preferred)

  • • SMART on FHIR OAuth 2.0 client credentials
  • • Patient, Appointment, Slot, Practitioner resources
  • • Native read and write with vendor-issued client IDs
  • • Used by Athena, Epic, Cerner, ModMed, Elation, DrChrono, Cerbo
  • • Sub-second average response time

Vendor REST APIs

  • • Tebra Kareo REST, Jane App API, AdvancedMD JSON
  • • Per-tenant API keys stored in AWS Secrets Manager
  • • Schedule, demographics, insurance, task endpoints
  • • Rate-limit aware client with exponential backoff
  • • Two to four second average round-trip

HL7 v2 over MLLP

  • • SIU (scheduling) and ADT (demographics) messages
  • • Inbound listener for chart updates, outbound for writes
  • • Used where vendors expose interface engine only
  • • Tunneled over VPN or AWS PrivateLink
  • • ACK-tracked with automatic retry on AE/AR responses

RPA / UI automation (fallback)

  • • Headed Playwright workers running on isolated EC2
  • • Used for Office Ally, Accuro Cloud (Citrix), legacy Allscripts
  • • Vision fallback (xdotool + screenshot OCR) for Citrix
  • • Session keeper holds login warm to avoid 24h cooldowns
  • • Four to seven second round-trip including page transitions

Read scope

What the AI Reads From Your EHR

Read scope is intentionally narrow. The AI pulls only the data it needs to confirm a patient, book a slot, or answer a clinical question, and nothing else. Every read is logged with the caller phone number and the field accessed.

Scheduling context

  • • Provider schedule for the next 90 days
  • • Slot availability filtered by appointment type
  • • Room and resource constraints per visit type
  • • Blocked time, lunch breaks, holiday closures
  • • Existing appointment for the caller (reschedule lookup)

Patient identity

  • • Demographics: name, DOB, address, phone
  • • Active insurance plan and member ID
  • • Preferred pharmacy on file
  • • Established vs. new patient status
  • • Assigned PCP or specialty provider

Clinical summary (opt in)

  • • Active problem list (last 24 months)
  • • Last visit date and visit type
  • • Active medication list for refill verification
  • • Allergy list (drug allergies, anaphylaxis flags)
  • • Outstanding lab and imaging orders

Practice configuration

  • • Provider roster and accepted insurance per provider
  • • Appointment type catalog with duration rules
  • • Location list and per-location intake requirements
  • • Specialty-specific triage and safety protocols
  • • Self-pay pricing and deposit rules

Write scope

What the AI Writes Back to Your EHR

Write actions are scoped, auditable, and reversible. Every write produces a tenant-side audit row plus an EHR-side note tagged with the AI agent identity. Clinical orders are never written, only flagged as tasks for staff review.

Appointments

  • • Book new appointment with provider, slot, type
  • • Reschedule existing appointment (cancel and rebook)
  • • Cancel with reason code from the conversation
  • • Confirm and mark arrived for inbound check-in calls
  • • Add appointment note with caller intent

Demographics and insurance

  • • Update address, phone, email on file
  • • Capture or refresh insurance card details
  • • Update emergency contact and preferred pharmacy
  • • Flag patient as deceased or moved on caller report
  • • Merge candidate when duplicate is detected

Staff tasks and messages

  • • Refill request routed to the prescribing provider
  • • Lab or imaging result inquiry as a task
  • • Billing question routed to the billing inbox
  • • Voicemail with transcription attached to chart
  • • Clinical callback request with urgency level

Audit and chart notes

  • • Call summary appended to patient chart
  • • Full conversation transcript stored per-tenant
  • • Action log with timestamp, agent ID, intent
  • • Recording link (when state law and consent allow)
  • • Outcome code for analytics (booked, transferred, voicemail)

Security architecture

How PHI Stays Safe in Transit and at Rest

The AI never sees more than it needs. Security is layered across credentials, transport, storage, and audit. Every tenant has its own isolated credential set and its own encryption key.

Per-tenant encryption

  • • Dedicated AWS KMS key per practice
  • • EHR credentials in AWS Secrets Manager, never in source
  • • DynamoDB at-rest encryption with tenant-scoped IAM
  • • TLS 1.2+ enforced on every outbound API call
  • • Recordings stored in S3 with bucket-policy isolation

Audit and observability

  • • Every read and write logged with caller ID and field
  • • Seven-year retention on audit trail (HIPAA aligned)
  • • CloudWatch alarms on anomalous read volume
  • • Daily reconciliation against EHR change feed
  • • Per-tenant access reports available on request

BAA and minimum necessary

  • • Signed BAA before any integration credential is issued
  • • Read scope locked to documented field list
  • • Prompts redacted of PHI before LLM logging
  • • No clinical decision support, no diagnosis generation
  • • Staff escalation for anything outside scripted scope

Network and identity

  • • AWS PrivateLink or VPN for HL7 v2 endpoints
  • • Per-integration IAM role with least privilege
  • • Credential rotation alarms on 90-day cadence
  • • Failed-login lockout protection (one attempt, then alert)
  • • No shared bot account across tenants, ever

Failure modes

When the EHR API Goes Down, What the AI Does

Every integration eventually fails. The AI is designed to degrade safely: it never invents a slot, never confirms a booking it cannot verify, and always tells the caller the truth about what just happened.

EHR completely unreachable

  • • Caller is told the booking system is briefly offline
  • • Callback request is captured with preferred time window
  • • Sentinel alarm fires within 60 seconds to on-call
  • • Practice staff get Slack and SMS notification
  • • Auto-recovery test runs every 5 minutes

Write succeeds but verification fails

  • • Post-write read confirms the appointment landed
  • • If verification fails, AI does not tell the caller it booked
  • • Booking is queued for staff manual confirmation
  • • Caller is told staff will confirm by SMS within 1 hour
  • • Reconciliation job catches orphaned writes overnight

Rate limit or auth expired

  • • Exponential backoff with jitter, max 3 attempts
  • • Auth refresh runs in parallel with first retry
  • • If still failing, falls back to staff transfer
  • • Credentials flagged as DEAD for 24h cooldown
  • • Persistent failure raises permanent alert, not a retry loop

RPA worker desynced

  • • Session keeper detects login screen vs. expected page
  • • Relogin is attempted in a fresh browser tab
  • • If two attempts fail, worker is marked DEAD
  • • Inbound calls fall back to staff transfer immediately
  • • Healed state automatically restores AI routing

Integration depth

What Depth You Actually Get Per EHR

Integration depth varies by what the vendor exposes. These four hubs show the full range: native FHIR with deep write support, vendor REST with full booking, RPA fallback for legacy, and a Canadian system with hybrid handling.

Security posture

Review the Security and HIPAA Stack

Per-tenant KMS keys, signed BAAs, seven-year audit retention, and minimum-necessary read scope. The full security architecture and HIPAA control mapping is published.

See it on your stack

Test the Integration Against Your EHR

Bring your EHR, your credentials, and a real call. We will demo a live booking end to end and show you the audit row that lands in your chart.

Keep exploring

More on EHR Integration

EHR Integration for Medical AI: How AI Reads and Writes Safely | Medreception AI