Written by Technical Team | Last updated 30.01.2026 | 14 minute read
Secondary care Electronic Patient Record (EPR) integration is one of those topics that looks deceptively simple from the outside: “We just need system A to talk to system B.” In reality, secondary care is a dense ecosystem of clinical workflows, departmental systems, and data governance requirements, all operating under the pressure of live patient care. If you’re integrating a digital health product into an NHS Trust environment, you’re rarely dealing with one interface. You’re dealing with a web of dependencies: orders and results, ADT flows, clinical documents, observations, referrals, scheduling, identity matching, consent, alerts, and the practical reality that every Trust has its own configuration, policies, and legacy integrations.
That complexity is exactly why architecture matters. The integration approach you choose shapes everything that follows: delivery speed, total cost of ownership, clinical safety assurance, incident response, scalability across multiple Trusts, and how confidently you can evolve your product over time. The three most common patterns in secondary care EPR integration are point-to-point integration, engine-based integration (often via a Trust Integration Engine or interface engine), and API-led integration (usually FHIR-first, sometimes wrapped in an API management layer). Each pattern can be “right” in the right conditions — but each has predictable failure modes when it’s used in the wrong context.
This article breaks down how these architectures work in real NHS secondary care settings, what they optimise for, where they tend to go wrong, and how to choose an approach that supports safe, maintainable interoperability rather than creating an integration estate that becomes a permanent bottleneck.
Secondary care EPR integration isn’t only about moving data between systems. It’s about enabling a workflow, reliably, with the right patient, in the right context, at the right time — and doing so in a way that stands up to operational, technical, and governance scrutiny. In an NHS Trust, integration touches clinical safety, information governance, service management, supplier assurance, and often procurement constraints. If architecture decisions are made purely on technical preference, they will usually be revisited later under pressure.
A good architecture for secondary care EPR integration typically needs to support multiple data styles at once. You may need event-driven messaging for admissions, discharges, and transfers; transactional requests for “fetch the latest meds”; document exchange for discharge summaries; and bulk or near-real-time feeds for analytics, operational dashboards, or research pathways. It also has to cope with the reality that “the EPR” is often not a single system boundary. The EPR might be the clinical front-end, while pathology, radiology, ePMA, theatre systems, and community solutions remain distinct.
Across most Trusts, the same architectural requirements show up again and again:
A final, often overlooked requirement is operational fit. A technically elegant architecture that requires specialist skills the Trust does not have (or cannot retain) will drift into fragility. Conversely, an architecture that aligns with established Trust service management practices — monitoring, incident response, controlled releases, vendor access, and clear support boundaries — tends to survive.
Point-to-point integration is the direct connection model: system A talks to system B, often via a bespoke interface tailored to a specific workflow. In the early days of an integration programme, point-to-point can feel like the most pragmatic route. You define a message format, secure the connection, map the fields, test it, and go live. For single-use cases, it can be genuinely effective — especially where the integration scope is narrow and the operational environment is stable.
The key advantage of point-to-point is its apparent simplicity. There are fewer moving parts, fewer platforms to configure, and fewer layers to negotiate. For organisations that need a quick win — perhaps enabling a single departmental workflow such as sending demographics into a specialist system or receiving results back into the EPR — it can deliver value quickly.
Where point-to-point becomes dangerous is when it becomes a habit rather than a deliberate choice. The integration estate grows one interface at a time, and each interface is built with local assumptions: naming conventions, code sets, workflows, patient identifiers, timing expectations, and even “temporary” transformation logic that quietly becomes permanent. Over time, that estate becomes expensive to maintain and increasingly difficult to change safely.
The most common pain points are predictable:
In secondary care, point-to-point integration is also vulnerable to scale pressure. A digital health product might initially integrate with one EPR workflow in one Trust. Then you expand: another Trust, another configuration; another pathway; another dataset; another departmental dependency. The direct model that looked “lean” becomes a growing list of one-off adaptations, each one needing testing, clinical assurance, and production support.
Point-to-point is not inherently wrong. The key is to treat it like a tactical tool, not a strategic platform. If you choose it, you should also choose explicit boundaries: clear ownership, standardised message definitions, repeatable testing, and a plan for how you will avoid duplicating transformation logic as requirements grow.
Engine-based integration introduces a hub between systems. Instead of every system connecting directly to every other, systems connect to an integration engine (or Trust Integration Engine), and the engine handles routing, transformation, orchestration, and monitoring. In NHS secondary care, this model is extremely common because it aligns with how Trusts manage interoperability across multiple vendors and decades of evolving systems.
The strength of an engine-based architecture is control. The engine becomes the place where you standardise mappings, manage message queues, implement routing rules, and apply consistent operational practices. When done well, it reduces the number of direct dependencies between systems, which makes changes safer and onboarding faster. If you remove or replace a system, you can often do so with limited impact on other integrations, provided the engine has been used as the abstraction layer rather than as a dumping ground for bespoke logic.
Engine-based approaches also fit the multi-standard reality of secondary care. Many engines are comfortable handling HL7 v2 messaging, documents, bespoke flat files, SOAP services, and increasingly FHIR and REST. That flexibility is helpful when you are integrating into a Trust estate that includes both modern and legacy components. It also supports phased modernisation: you can start with HL7 v2 feeds and later introduce FHIR APIs without having to redesign everything at once.
However, engine-based integration can fail in its own distinctive ways. The most common failure mode is treating the engine as an infinite buffer for complexity rather than a platform with design discipline. If every integration is solved by adding more transformation scripts, more custom routes, and more exceptions, the engine becomes a brittle monolith. You gain a hub, but you also create a single point where all complexity accumulates.
A healthy engine-based architecture usually requires three deliberate practices:
First, canonical modelling. Even if you can’t create a full canonical data model for everything, you can define canonical representations for key workflows (ADT, orders/results, observations, documents). This reduces the “N-to-N mapping” problem by ensuring you map each system to a common shape rather than mapping every system to every other system’s idiosyncrasies.
Second, operational product thinking. The engine is not just a technical component; it is a service that needs monitoring, alerting, security hardening, audit, access control, and documented support processes. In Trust environments, this matters because integration is operationally critical. If the engine goes down, clinical workflows can degrade rapidly. Observability — the ability to trace messages end-to-end, correlate events, and diagnose delays — is not a “nice to have”.
Third, governed change control. Engine-based estates often support dozens or hundreds of interfaces. Without disciplined versioning, deployment practices, and regression testing, small changes become risky. A good engine-based programme establishes consistent interface patterns, reusable components, and a clear release process aligned with clinical safety assurance and information governance.
For digital health vendors integrating into secondary care EPRs, an engine-based approach often becomes the most practical route when working across multiple Trusts. It aligns with what many Trust IT teams already operate, and it allows you to integrate once into the engine “shape” and then adapt per Trust through configuration rather than rewriting your product integration repeatedly. The key is to define boundaries: what logic belongs in the vendor product, what belongs in the engine, and what belongs in the EPR configuration — and to resist the temptation to put everything into the engine just because it can do it.
API-led integration is often presented as the modern alternative: expose well-defined APIs, use standards such as FHIR, secure them properly, and let systems interact through clean contracts rather than message feeds and transformation scripts. In secondary care, this approach is increasingly attractive because it supports richer, more interactive workflows: real-time retrieval of patient context, fine-grained writes with validation, and user journeys that require immediate responses rather than asynchronous messaging.
A key benefit of API-led architecture is productisation. Instead of building one-off interfaces, you build a set of reusable capabilities: “patient search”, “retrieve encounters”, “read observations”, “write documents”, “subscribe to updates”. If you maintain stable API contracts, you can evolve underlying systems without breaking consumers, which is precisely what you need when onboarding multiple Trusts or scaling a vendor product across regions.
API-led integration also supports better governance. With API management, you can centralise authentication and authorisation, throttle traffic, monitor usage, manage versions, and enforce consistent security patterns. In NHS settings, that matters because integrations often cross organisational boundaries and involve sensitive data. A well-designed API layer can align neatly with information governance requirements by making access explicit and auditable.
FHIR-first integration is often the foundation of API-led architecture in healthcare because it provides a shared vocabulary for resources such as Patient, Encounter, Observation, Medication, and DocumentReference. That shared vocabulary can reduce the mapping burden and help vendors avoid rebuilding bespoke data models for each Trust. Even when Trusts implement different subsets or profiles, starting from a common baseline usually improves repeatability compared to entirely proprietary interfaces.
That said, API-led approaches are not automatically simpler. They move complexity into different places. Instead of managing message transformations and queues, you must manage API contracts, backwards compatibility, performance, and transactional integrity. Secondary care workflows often rely on event ordering and eventual consistency — realities that can be awkward if you assume APIs always represent the latest truth in real time. Many systems still depend on event-driven feeds for high-volume updates, while APIs handle query and write operations. In practice, a hybrid model is common: APIs for interactive workflows and FHIR-aligned access, with messaging for high-throughput event streams.
API-led integration is also sensitive to EPR vendor capability and local configuration. Some EPR environments offer robust API ecosystems; others offer limited or carefully controlled endpoints. Even where APIs exist, Trust-specific configuration can affect what is available, how data is coded, and what workflows are supported. This is where experience matters: you need to understand not only “what the API can do” but also “what the operational environment can safely support”.
For organisations that “need help integrating with IM1”, it’s worth understanding where IM1 fits in the wider landscape. IM1 is typically discussed in the context of primary care clinical systems and consistent interface mechanisms. When your digital product spans pathways across primary and secondary care, API-led thinking becomes even more important: you want a coherent approach where different interface mechanisms (including IM1 for primary care access patterns, and secondary care EPR APIs or engines) can be composed into an end-to-end architecture without duplicating logic or creating disconnected patient journeys. The architectural goal is continuity: consistent identity handling, consistent audit, and consistent safety and governance practices across the pathway.
Most teams don’t choose an architecture in a vacuum. They inherit constraints: Trust preferences, existing integration engines, EPR vendor capabilities, programme timelines, clinical pathway urgency, and budget realities. The best decision is usually not “pick one architecture forever” but “choose a primary pattern for this stage, while designing for the next stage”.
A practical way to choose is to start with the workflow and non-functional requirements, then work backwards to the architecture. Ask: is this workflow tolerant of asynchronous updates, or does it require immediate confirmation? Is this a single Trust deployment or multi-Trust scale-out? Do you need a consistent interface across many downstream systems, or is this integration tightly coupled to one EPR module? Are you going to be supporting this for years, with upgrades and evolving standards, or is this time-limited?
Here are patterns that commonly work well in secondary care:
In practice, many successful programmes adopt a layered hybrid: an engine-based hub for routing, transformation, and operational monitoring; a standards-based API layer for reusable access patterns; and carefully limited point-to-point connections only where they are genuinely the simplest and safest option. The nuance is deciding where each concern lives. For example, you might use the engine for event ingestion and normalisation, then expose a curated FHIR-aligned API for consumers. Or you might implement API-led writes for clinical documentation, while relying on HL7 v2 messaging for high-volume ADT and results feeds.
There are also lifecycle considerations that can make or break your decision. If you’re a digital health supplier, you need to think beyond go-live: how will you support incidents, handle EPR upgrades, manage version changes, and onboard additional Trusts without rewriting everything? Architecture choices that reduce regression testing effort, centralise observability, and keep transformation logic consistent will compound benefits over time.
A strong decision process usually ends with a roadmap, not a verdict. You might decide: “Start with engine-based integration in Trust A because that’s the fastest safe route, but design the mappings and logging so we can introduce an API-led layer for reuse as we expand.” Or: “Implement an API-led integration contract for our product, but deliver through the Trust engine initially, because that’s the operationally accepted perimeter.” The most important thing is to avoid the trap of building what looks like a short-term solution that quietly becomes the long-term architecture.
Secondary care EPR integration succeeds when it is treated as a long-lived capability rather than a one-off project. Choose an approach that fits the workflow, fits Trust operations, and fits how you intend to scale. If you do that, you’ll spend less time firefighting interface issues and more time delivering what integration is supposed to enable: safer, faster, more connected care.
Is your team looking for help with secondary care EPR integration? Click the button below.
Get in touch