As a founder, you wear a lot of hats. One of mine is handling the security reports that land in our inbox.
Thanks to a strong security posture, including regular third-party pen tests, genuine vulnerability reports are rare. However, like any online business, we see a steady stream of security inquiries. These tend to fall into two distinct camps: the valuable, good-faith reports from legitimate researchers... and the noise.
Healthcare technology relies on established systems like Electronic Health Records (EHRs) and is now incorporating concepts like Unified Digital Health Platforms (UDHPs). Understanding this evolution is key to navigating the industry's direction.
Forking can look like the fastest path to control, but it often becomes a long‑term maintenance tax. Here’s a pragmatic checklist to decide—and alternatives that usually win.
As the open source healthcare developer platform of choice for innovators worldwide, Medplum continues to evolve with the rapidly changing technology landscape. We're excited to announce our upcoming major version release, Medplum v5, scheduled for October 2025. This post outlines the significant changes coming in this release to help our users prepare accordingly.
In the Medplum community of implementors, a common use case is building an application that serves multiple clinics in the form of a Managed Service Organization (MSO). An MSO is a separate business entity that provides non-clinical services—e.g., revenue-cycle management, HR, IT, compliance, facilities, and purchasing—to physician groups or other provider organizations.
Andrei Zudin is a healthcare interoperability expert and advisor to the Medplum community. He is the former CTO and co-founder of Health Gorilla.
A Technical Guide to TEFCA Integration for Software Developers and Health IT Professionals (Download as PDF)
This white paper aims to provide a technical guide for software developers and healthcare IT professionals seeking to integrate their systems with the Trusted Exchange Framework and Common Agreement (TEFCA). It delves into the technical aspects of TEFCA, including the various participation models, QHIN connectivity, data exchange methods, and security considerations. It also explores the incentives for TEFCA participation and how Medplum can help organizations achieve TEFCA compliance and leverage its benefits.
Modern Healthcare Integration in the Wake of NextGen's Announcement
This week, NextGen Healthcare announced that Mirth Connect, the healthcare integration engine that has been a cornerstone of interoperability for countless organizations, will no longer be available. As long-time healthcare integration engineers ourselves, we recognize this news creates significant uncertainty for the many organizations that rely on Mirth Connect for critical healthcare workflows.
We've heard many success stories from enthusiastic early adopters who have smoothly upgraded to v4. Thank you all for your support and your feedback in this process!
However, we've identified an issue affecting some Medplum deployments that are configured to automatically pull the :latest Docker tag. With our recent release of Medplum 4.0.0, these deployments may be caught in a failing deployment loop. This post explains why this is happening and how to resolve it.
Medplum v4.0.0 is coming soon! Many of the new features in this release have already been rolled out incrementally, making the v4.0.0 designation more symbolic of the semantic versioning. We prioritize stability and backwards compatibility and work hard to minimize unnecessary changes. However, sometimes changes are necessary to keep the platform up-to-date and secure. This document outlines the key updates in v4.0.0, including important information for self-hosting deployments and TypeScript SDK users.
On January 15, 2025 Medplum & Flexpa held a JPMorgan companion event for the community. During the event, there were demos of many different open source tools that aid in development for life science workflows.