FHIR adoption solved interoperability for many healthcare teams. The harder problems usually appear later.
Teams start building operational infrastructure around the FHIR platform itself: analytics exports, reporting databases, subscription processors, de-identification workflows, and forms integrated directly into EHR environments through SMART on FHIR.
A lot of the April 2026 Aidbox and Formbox release focuses on making those workflows easier to run closer to the platform itself.
De-Identification Inside SQL-on-FHIR
Research access and analytics workflows often introduce another transformation layer around operational data.
Aidbox 2604 adds HIPAA Safe Harbor compliant de-identification directly into SQL-on-FHIR ViewDefinition workflows. Instead of exporting data into separate anonymization pipelines first, de-identification rules can now live closer to the query definitions themselves.
The release also restores SQL-on-FHIR compliance with the test suite, including implementation of the %rowIndex FHIRPath function and fixes around FHIR Schema validation.
Databricks and Lakebase Connections
Aidbox 2604 also adds Databricks identity authentication support for Lakebase connections.
Databricks OAuth tokens can now be used through BYOT (Bring Your Own Token) authentication in addition to standard PostgreSQL credentials.
This reflects a broader shift in how analytical workloads interact with operational healthcare infrastructure. Systems that used to remain completely separated are increasingly expected to work much closer together.
More Control Over Query Execution
The SQL Console was significantly reworked in 2604. Execution settings are now configurable per tab, including transaction mode, statement timeout, fetch size limiting, and foreground or background execution.
These changes become important once analytical queries start running against the same environment handling transactional workloads.
Aidbox RLS also received a major update. JWT sub and iss claims can now propagate into PostgreSQL session variables through BOX_DB_PASS_AUTH_VARS, making them available directly inside PostgreSQL Row-Level Security policies. CRUD, Search, and $sql requests now execute inside a transaction so those variables apply consistently per request.
Subscription Infrastructure and Downstream Processing
A large amount of healthcare integration still depends on polling-based synchronization.
Aidbox 2604 pushes more processing logic directly into subscription workflows themselves.
Custom AidboxTopicDestination handlers now receive both previous and current resource versions, making diff-based payload generation possible without external comparison workers.
The release also adds several operational improvements around delivery handling and tracing:
- delivery logging through
enableLogging - unique message IDs
- version-aware focus references through
includeVersionIdInFocusReference
These additions simplify debugging and make it easier to reconstruct downstream payload history when needed.
Cleanup and Deprecation Work
A noticeable part of 2604 is operational cleanup.
Changes in this release include:
- legacy DB Console now redirects to the new SQL Console
- legacy ZEN UI removed
- legacy MDM implementations scheduled for removal in 2605 LTS
- Entity/Attribute validation and ZEN validation moving toward deprecation in favor of FHIR Schema validation
The release also normalizes canonical URL handling across Aidbox IG packages while keeping older URL formats backward-compatible.
Formbox Updates
Formbox also received several infrastructure-focused updates in 2604.
The biggest addition is SMART on FHIR integration, with Formbox now able to operate as a SMART app for EHR integration workflows. The implementation currently supports read flows and has been tested with Cerner.
The release also introduces a new Formbox UI, currently available in beta. A switch banner is now available directly on the main Forms page, allowing teams to move between the old and new interfaces during the transition period.
These changes continue pushing Formbox toward tighter integration with operational clinical systems instead of treating forms as isolated workflows.
Toward Operational Analytics on FHIR
The operational boundary between transactional systems and analytical workflows is gradually becoming thinner.
SQL-on-FHIR continues evolving. De-identification now lives closer to query definitions. Security context can propagate directly into PostgreSQL policies. Subscription handlers can work with both previous and current resource states.
The upcoming SQLQuery support moves further in the same direction.
Read the full release notes or join the discussion on Zulip.
