Agents on FHIR
Agents on FHIR — June 11, 2026
Nikolai Ryzhikov
Nikolai Ryzhikov
CTO at Health Samurai
Arjun Sanyal
Arjun Sanyal
Principal Antidote Solutions
Jun 11, 2026

Topics discussed:

  • The recipe is deliberately unglamorous: log into your national patient portal, record the browser traffic as you click through it, export it as a HAR file, strip the personal data out, and hand it to a skill that maps the proprietary model to FHIR R4. No documentation, no cooperation from the portal, nothing changed on their side. Jens reckons the agent does about 95% of the work — the decompiling and packet-staring that used to eat weeks and months now takes hours. He was emphatic about sanitising the dump before it goes anywhere near a model you don't control.
  • All the facades share the same design principles: read-only, stateless, and pass-through auth — the proxy borrows the session token you legitimately got by logging in and impersonates the portal, so the security model, the audit trail and the data integrity all stay exactly as they were. Jens described it as Home Assistant for healthcare. The argument the whole exercise makes is that FHIR is just a data model: the same data in different attributes, no new risk, so what exactly is anyone waiting for?
  • Nikolai Ryzhikov suggested cutting the manual step — drive Chrome over the DevTools Protocol directly instead of exporting HAR by hand, since Playwright is built on top of CDP and Claude knows the low-level JSON-RPC well enough to sniff the network, open tabs and navigate for itself, sharing the session with you while you log in. Jens's answer was a fair one: he kept the toolchain boring on purpose, because every extra tool raises the bar to getting started.
  • The Danish proxy embeds an MCP server in the facade, so the agent can talk to the FHIR view of your own record conversationally. Two auth modes, with a real trade-off: bootstrap the facade with a session token and it's locked to one user, or pass the token per invocation for flexibility and accept that it leaks into the agent session. Asked about personal health agents generally, Jens argued the blocker isn't technical at all — anyone could build one today on existing models — it's that you can't tell where your data ends up, and that question has to be answered first. Nikolai's counter: this won't stop anyone, people are already asking these questions of chatbots, and it's better to ask with part of your record attached than with no context at all.
  • On policy, Finland is the only Nordic country whose national portal openly supports FHIR as an entry point — Sweden, Denmark and Norway don't. The Nordics have a structural advantage worth envying: heavy centralisation means one national entry point covers most of a citizen's data for a population of six to eight million. Jens sees EHDS as the forcing function, the first common EU-level requirement that you can get your own data in a structured format, and notes he has covered roughly 7% of the 27 member states with very little effort. Arjun Sanyal drew the contrast from the other direction: the US arrived at interoperability through patient right-of-access mandates and has been arguing about it for fifteen years, with fragmentation instead of one portal.