Verdict: For engineering teams building healthcare applications in 2026, Medplum is the most credible open-source alternative to monolithic, closed-loop legacy systems. By providing a FHIR-native backend, a pre-built clinical UI library, and event-driven automation, Medplum reduces the "compliance tax" on new health-tech startups from months to weeks.
Last verified: 2026-06-19 · Key Differentiator: FHIR-native architecture (no mapping needed) · License: Apache 2.0 · Best for: Telemedicine, EHR extensions, and digital health startups. Note: Pricing and regulatory requirements evolve; always verify with local counsel before self-hosting.
Why does healthcare software feel stuck in the 1960s?
The healthcare industry is notoriously dominated by legacy systems like Epic and Oracle (Cerner), which combined control over 65% of US acute care hospital beds as of 2026. Many of these systems still rely on underlying architectures like MUMPS—a programming language developed in 1966. These "walled gardens" are expensive, closed-loop, and force developers into proprietary workflows that make interoperability a nightmare.
Medplum is the "open-source bet" against this centralization. It is a developer-first platform designed to act as the "Firebase for Healthcare," providing the infrastructure so builders can focus on patient care logic rather than re-implementing auth, auditing, and clinical data models from scratch.
What is Medplum and how does it work?
Medplum is a clinical data repository (CDR) and developer toolkit built entirely on FHIR R4 (Fast Healthcare Interoperability Resources). Unlike traditional databases where clinical data must be "mapped" to an export format, Medplum stores data natively in FHIR resources (Patients, Observations, Appointments).
The platform provides a full-stack experience:
- Backend: A Node.js API server backed by PostgreSQL and Redis.
- Frontend: A React component library (based on Mantine) for clinical screens.
- Automation: "Bots" (TypeScript lambdas) that trigger on data events.
- Security: Built-in OAuth2, OpenID Connect, and SMART on FHIR support.
Is Medplum truly HIPAA compliant?
Medplum provides the technical controls required for HIPAA and SOC 2 compliance, such as row-level access control (RBAC), detailed audit logs, and encryption at rest. However, using Medplum does not grant automatic compliance.
If you use the Medplum hosted cloud (starting at $2,000/month), they provide a Business Associate Agreement (BAA) and handle the infrastructure liability. If you self-host (via Docker or AWS CDK), you are responsible for securing the boxes and maintaining the policies required by regulators.
How do "Medplum Bots" automate clinical workflows?
Bots are one of Medplum's most powerful features for 2026-era applications. They allow you to run server-side logic without managing your own backend workers.
- Trigger: A new Lab Result (Observation) is uploaded.
- Action: A Bot checks the values, flags abnormal results, and triggers a notification via a custom AI agent OS.
- Outcome: The loop is closed in seconds, not days, through standard webhooks (Subscriptions).
Can Medplum connect to legacy hospital machines?
Yes. Through the Medplum Agent, the platform can bridge the gap between modern cloud APIs and legacy on-premise hardware. The agent speaks HL7 v2 and DICOM (imaging) protocols, allowing it to "listen" to hospital machines and pipe that data into the cloud-native FHIR server. This is critical for any team trying to deploy enterprise AI at scale in traditional clinical environments.
What this means for you
If you are a builder or small business owner in the health space, Medplum represents a shift from "access" to "ownership."
- Speed: Stop building auth and data schemas; use the FHIR-native SDK.
- Interoperability: Be "interop-ready" from day one by speaking the language regulators (and the 21st Century Cures Act) demand.
- Sovereignty: Self-hosting allows you to keep your data private and local, similar to how the Local Hermes Engine keeps your AI models under your control.
FAQ
Q: Is Medplum a full EHR? **A: No, it is a "Headless EHR" platform. It provides the database, API, and components, but you build the specific clinician or patient experience on top of it.
Q: How much does it cost? **A: Medplum is open-source (Apache 2.0) and free to self-host. Their managed cloud version starts at $2,000/month for production workloads requiring a BAA and SOC 2.
Q: Does it support SMART on FHIR? **A: Yes, Medplum is a certified SMART on FHIR server, meaning your apps can launch directly inside legacy systems like Epic or Oracle while pulling data through Medplum.
Q: Can I use it for AI-assisted medical coding? **A: Yes. In 2026, many teams use Medplum Bots to send clinical notes to LLMs for summarization or ICD-10 code extraction, then store the results back as FHIR resources.
Discussion
0 comments