oh dear god
edit: to everyone only reblogging this version I have a WHOLE thread for you!


#dc comics#batman#dc#bruce wayne#tim drake#dick grayson#dc universe#batfamily#batfam#dc fanart



seen from Malaysia

seen from United States

seen from T1

seen from United States

seen from United States

seen from Brazil
seen from Chile

seen from Algeria
seen from Japan
seen from Malaysia
seen from Germany
seen from T1

seen from Singapore
seen from India
seen from Malaysia
seen from China

seen from United States

seen from United States
seen from Canada
seen from Germany
oh dear god
edit: to everyone only reblogging this version I have a WHOLE thread for you!

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
let's all hate on a corporate implementation of an open standard!! yeah
A Collage for @tooeasilyconsidered‘s fic For Here Is Rest
After a devastating personal loss, Benjamin Tallmadge retreats from the life he knew in Connecticut. Seeking solace, he finds himself in rural Virginia fixing up a small house with only the company of the surrounding woods and his reclusive widower landlord, George Washington.
A spreedrun of the process is available here
How FHIR APIs actually work in production
Every FHIR integration starts the same way: someone reads the base spec, sees that resources are just JSON over REST, and assumes the hard part is the healthcare data — not the API. Then the project hits a payer sandbox, or a second EHR vendor, or a population-health export with four million patients in it, and the actual difficulty reveals itself. It was never the JSON. It's everything FHIR assumes you'll handle around the JSON: authorization scopes, pagination state, profile conformance, rate limits, and async job lifecycles that the base spec barely mentions.
This piece walks through what a FHIR integration actually looks like once it's live — not the resource model from the implementation guide, but the operational layer: auth, search, bulk export, and the specific failure modes that show up in week three of a production rollout rather than in the demo. Where it's useful, we link to Peerbits' API gateway architecture guide and related healthcare engineering services.
Why this matters more in 2026 than it did in 2024
FHIR adoption has been a slow grind for most of the last decade — widely endorsed, unevenly implemented. That changes on a fixed timeline now. CMS-0057-F, the Interoperability and Prior Authorization Final Rule, requires impacted payers to operationalize four FHIR-based APIs — Patient Access, Provider Access, Payer-to-Payer, and Prior Authorization — on a schedule that runs through January 2027. The Prior Authorization API alone is projected to save the industry roughly $15 billion over the next decade, mostly by replacing fax-and-phone authorization workflows that currently consume a meaningful share of physician administrative time every week.
At the same time, TEFCA — the federal Trusted Exchange Framework and Common Agreement — is maturing into the backbone for nationwide query-based exchange, and signals from CMS suggest TEFCA participation could eventually become tied to program eligibility. The practical effect: organizations that treated FHIR as a checkbox for ONC certification are now being asked to expose and consume FHIR APIs as live, monitored, production infrastructure — under regulatory deadlines, not on their own roadmap.
CONTEXT: Why "FHIR-first" matters strategically: An application built to natively produce and consume FHIR resources isn't locked to any single partner's API maturity. It can plug into whichever endpoint becomes available — a payer's new Patient Access API, a provider's bulk export, or a TEFCA-qualified health information network — without a bespoke integration for each one. That portability is the actual argument for FHIR-first development, separate from any compliance deadline.
The gap between a resource and a usable resource
A FHIR Patient resource is well-defined in the base spec. What's underspecified — deliberately, because FHIR is a framework, not a single dataset — is exactly which fields a given context requires. That's the job of an implementation guide (IG), and in US healthcare, the one that matters for almost everything is US Core, which defines the minimum must-support elements for resources used in USCDI-aligned exchange.
This is the first place integrations quietly diverge from the spec. A base Observation resource validates with almost nothing populated. A US Core-conformant Observation needs a category, a status, a coded value pulled from LOINC, and a subject reference that resolves. Two FHIR servers can both claim "FHIR compliance" while one only satisfies the base resource and the other satisfies US Core — and the difference only shows up when a downstream consumer expects the must-support fields that never arrived.
Mapping a legacy data model onto this is the part nobody budgets enough time for. HL7 v2 messages, proprietary EHR schemas, and decades-old custom databases were never built around discrete, codeable, must-support fields — they were built around free text and locally defined tables. Translating "diabetes" in a legacy problem list into a properly coded Condition resource with a SNOMED CT code and an ICD-10 cross-reference is not a data conversion task, it's a clinical terminology mapping task, and it's where most FHIR project timelines slip.
SMART on FHIR: scopes are the real access control
The authentication layer is where FHIR most clearly stops being "just REST." SMART on FHIR defines an OAuth 2.0-based authorization framework with a scope syntax built specifically for clinical data — patient/Observation.read, user/Condition.write, system/*.read — that determines not just whether a client can call the API, but exactly which resource types, and for which patient compartment, it's allowed to see.
Two authorization flows matter in production, and they solve different problems:
Where single-resource calls stop working: bulk data
Fetching one patient's record with standard RESTful search works fine until the use case becomes population-level — a payer's entire member panel, a health system's full attributed population for a value-based contract, a research cohort. At that point, per-resource pagination turns into hundreds or thousands of sequential requests, and that's the exact problem the FHIR Bulk Data Access API (often called Flat FHIR) was built to solve.
The mechanics are deliberately asynchronous. A client kicks off a $export operation, the server responds immediately with a polling URL rather than the data itself, and the actual export — which can run from minutes to hours depending on population size — happens in the background. When it's done, the client downloads one or more NDJSON files, with one resource per line, which is dramatically more efficient for large-scale processing than a stream of paginated search-set bundles.
This is also where a second set of production failure modes lives — distinct from the resource and auth issues above, and arguably the ones that do the most damage because they fail late, after a job has already run for an hour:
TIMEOUT
Long-running jobs die without a clean signal
Export jobs against large populations can run long enough to hit infrastructure timeouts, network interruptions, or server-side resource limits that have nothing to do with FHIR itself. Without job status tracking and retry logic built around idempotent re-requests, a failed three-hour export just silently needs to be re-run from zero.
DRIFT
The data changes faster than the export runs
A full population export that takes hours is, by the time it completes, already slightly stale for the patients whose records changed mid-export. The fix is incremental export using the _since parameter to pull only what's changed — but that requires a reliable high-water-mark tracking mechanism on the client side, which is its own piece of infrastructure.
THROTTLE
Rate limits hit differently than expected
A 429 on a single resource fetch is a minor speed bump. A 429 mid-pagination on a search-set bundle, or a throttled bulk ingest endpoint on a cloud FHIR server, can stall an entire pipeline if the client isn't built to back off and resume from the correct page or cursor — not restart from the beginning.
SEARCH
Pagination tokens don't always behave the same across vendors
Search-result pagination is one of the least standardized corners of FHIR in practice — different server implementations handle continuation tokens differently at scale, and what works against a small sandbox dataset can degrade badly against a production-sized index. Vendor-specific search performance is worth load-testing before committing to an architecture, not after.
Payers aren't fixing API issues because low usage hasn't exposed them. Everyone is waiting for everyone else to go first.
— on the interoperability chicken-and-egg problem, Health IT Answers, 2026
What changes once PHI is moving over an API
A FHIR endpoint that exposes patient data is, definitionally, a new PHI access surface — and it inherits every obligation that comes with that, on top of whatever the FHIR spec itself requires. None of this is exotic, but it's also not optional, and it's frequently treated as an afterthought layered on after the integration already works functionally.
Peerbits builds this security layer directly into the API gateway architecture rather than bolting it onto an existing FHIR server after the fact — partly because retrofitting audit logging and scope enforcement onto a live integration is materially harder than designing for it from the start, and partly because gateway-level enforcement gives a single place to reason about access across every FHIR-consuming application, not just the first one.
What to verify before a FHIR integration goes live
Most FHIR production incidents trace back to one of a small number of unverified assumptions — not a fundamental misunderstanding of the spec, but a gap between what the sandbox tested and what production actually does.
Confirm which implementation guide (US Core, a payer-specific IG, or both) your endpoints are actually validated against — not just "FHIR compliant" in the abstract
Test scope-mismatch behavior explicitly: request a broad scope, confirm exactly which resource types come back when only a narrower scope is granted
Load-test search pagination against a production-sized dataset, not the sandbox's seed data — vendor pagination behavior diverges meaningfully at scale
Build bulk export job tracking with idempotent retries and_since-based incremental sync before the first full population export, not after the first timeout
Verify BAAs are in place with every vendor and subprocessor in the data path, including any FHIR server hosted by a cloud provider
Confirm your client backs off and resumes correctly on a 429 — mid-pagination, not just on the first request
Peerbits builds and hardens FHIR integration layers as part of its healthcare software development engagements — from US Core-conformant resource mapping to SMART on FHIR authorization design and bulk data pipelines feeding multi-tenant platforms serving hundreds of provider organizations at once.
FHIR-Compatible Care Planning for SNFs
RE.DOCTOR’s SNF software anchors specific goals and interdisciplinary activities directly to native clinical data tables, ensuring FHIR-compatible care planning. Capture historical data, ambulatory aid usage, and secondary diagnoses to auto-tier residents—all while mandating clinical reassessments every 30 days or after incidents.
🔗 Explore interoperability: RE.DOCTOR Skilled Nursing Facility Software

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
Top 10 Healthcare Software Development Firms
Picking a healthcare software development partner can get weird fast.
Every vendor has a polished deck and says they understand compliance. Every vendor has a slide with EHR, telemedicine, analytics, cloud, AI, and security somewhere on it.
Then the project starts, and the useful questions get painfully specific.
Where does PHI show up in logs?
Who can access staging?
Has the team handled HL7 or FHIR beyond a proof of concept?
What happens during the first week after go-live?
That is where the vendor shortlist gets smaller.
The companies below show up often in healthcare software development conversations.
1. MEV
MEV is a software development partner for healthcare and other regulated industries. The team works on custom healthcare platforms, data-heavy systems, IoMT products, cloud modernization, and product engineering for teams that need technical depth from the start.
MEV is a fit when the project touches PHI, compliance-sensitive architecture, healthcare data flows, or systems that need to hold up after launch.
Good match for:
healthcare SaaS products
IoMT and device-connected platforms
modernization of healthcare systems
HIPAA-aware architecture
cloud and DevOps work for regulated teams
2. Itransition
Itransition fits healthcare organizations with large systems, legacy platforms, and long modernization roadmaps.
Think hospital portals, EHR/EMR work, CRM, lab systems, pharmacy workflows, reporting, and integrations that need to keep running while old systems change underneath.
A good fit when the project has a lot of moving parts and many internal stakeholders.
3. Orangesoft
Orangesoft works well for funded healthcare startups and mid-sized healthtech teams building product-led platforms.
Their lane includes telemedicine, remote patient monitoring, wellness products, mental health apps, web and mobile development, AI/LLM features, and IoMT work.
A good fit when the team needs to ship a healthcare product while keeping investors, users, and regulatory expectations in the same conversation.
4. ScienceSoft
ScienceSoft is a strong option for enterprise healthcare projects with heavy compliance expectations.
They work across EHR/EMR, telemedicine, healthcare analytics, patient portals, medical device software, and IT modernization. Their profile fits organizations where certifications, documentation, and audit readiness carry a lot of weight.
A good fit when compliance teams sit close to the product team.
5. SumatoSoft
SumatoSoft is a smaller healthcare software development vendor with focus on HIPAA-aware apps, FHIR and HL7 integrations, EHR add-ons, telemedicine, and analytics.
This kind of team can work well when the project needs standards knowledge without turning every decision into a large consulting process.
A good fit for agile healthcare builds with integration depth.
6. ELEKS
ELEKS makes sense for healthcare teams with data work ahead.
Their profile fits predictive analytics, risk scores, healthcare data platforms, EHR/EMR projects, telehealth, and systems where data needs to guide clinical or operational decisions.
A good fit when dashboards need to turn into decisions people can act on.
7. GloriumTech
GloriumTech sits closer to medtech and biotech.
They work on medical device software, mobile health apps, telemedicine, companion apps, device data handling, and clinician-facing tools connected to hardware.
A good fit when the product starts with a device, sensor, or medical workflow tied to hardware.
8. ITRex Group
ITRex Group covers a broad healthcare software portfolio: EMR/EHR, practice management, lab systems, remote patient monitoring, and decision support.
They can fit organizations that need a partner across several related healthcare systems instead of one isolated app.
A good fit when clinic operations, RPM, and system maintenance all land on the roadmap.
9. Arkenea
Arkenea focuses on telemedicine, patient portals, healthcare CRM, and device-aware software.
They can be a fit for teams balancing patient experience with healthcare standards, especially when the app sits near telehealth, connected devices, or regulated product requirements.
A good fit for patient-facing platforms with medical device considerations.
10. Moon Technolabs
Moon Technolabs often appears in conversations around mobile-heavy healthcare products and budget-sensitive builds.
They work on telemedicine apps, patient-facing apps, wellness platforms, and modernization of older health applications.
A good fit when the product has a strong mobile component and the team wants to pin down support, maintenance, and handoff details early.
What to ask before choosing a healthcare software vendor
A healthcare vendor shortlist gets better when you ask for proof instead of broad claims.
Start with these:
Where can PHI appear in logs, metrics, and traces?
How do you separate dev, staging, and production?
Which healthcare integrations have you shipped?
Have you worked with HL7, FHIR, DICOM, or EHR vendors?
What broke during a previous healthcare go-live?
Who joins architecture calls from your side?
How do you handle access reviews and audit logging?
What happens after v1 ships?
The strongest conversations usually sound specific.
A vendor who has been through healthcare delivery will talk about bad test data, clinical workflow surprises, security reviews, rollout limits, and the tiny details that delay go-live. That is what you want to hear.
Read more about top healthcare software development companies in the canonical MEV article: Top 10 Companies in Healthcare Software Development
Improving Healthcare Interoperability Without a Full System Overhaul
TL;DR
You do not have to replace the EHR to fix interoperability. A thin architectural layer over the systems already in production (FHIR facades, canonical data models, patient identity resolution, and compliance built into the pipeline) is enough to meet TEFCA, the CMS Interoperability and Prior Authorization Final Rule, and the FHIR R4 mandates. The organizations pulling ahead in 2026 are not the ones with the cleanest stack. They are the ones treating interoperability as a continuous engineering discipline rather than a one-time migration project.
Introduction
Healthcare interoperability is usually framed as a sequencing problem. First, replace the legacy EHR. Then, modernize the data layer. Then, adopt FHIR. Then, build the clinical workflows that depend on it. By the time a hospital finishes step one, the budget for the rest has been redirected somewhere else. That is why so many interoperability programs stall at exactly the same point: the rip-and-replace is too expensive and too disruptive to clear, and nothing else can start until it does.
The premise of this article is that the sequence is wrong. Modern interoperability does not require a full system overhaul. It requires a thin architectural layer over the systems that are already in production, and the discipline to keep building it.
The Adoption Gap Nobody Has Closed With Replacement
The data exchange numbers in 2026 still tell the same uncomfortable story. Roughly 70% of US hospitals participate in some interoperable data exchange, but only 43% do it routinely, per the Office of the National Coordinator for Health IT. Less than 42% of clinicians routinely use the health data they receive when treating patients. In the UK, 93% of NHS trusts have electronic patient records but only 30% have fully integrated bi-directional data flows across the rest of their stack.
FHIR was supposed to be the leveling event. The standard is now widely supported by EHR vendors, and ONC data on hospital API use shows roughly 70% of hospitals offer FHIR-based patient access. But underneath that statistic, the picture changes. The same hospitals still route most of their day-to-day clinical exchange through HL7 version 2 messages and CDA documents. The modern standard exists at the edge. The plumbing inside the building is still mostly legacy.
That gap is exactly why the replacement strategy keeps losing. Hospitals do not need every internal system to speak FHIR. They need every internal system to be reachable through FHIR. Those are different problems with very different price tags.
The FHIR Facade and Why It Changed the Math
The architectural shift that made incremental modernization viable is the FHIR facade. The pattern is straightforward. An API gateway sits in front of the legacy system. When an outside application asks for a patient record, the facade translates the FHIR request into whatever the legacy system natively speaks, retrieves the data, transforms the response into a FHIR resource, and returns it. The legacy system never changes. The outside world sees a clean, standards-compliant API.
Typical implementations combine an OAuth2 authentication layer (typically SMART on FHIR), a translation engine for FHIR-to-HL7v2 conversion, a cache layer, and a connection pool with a circuit breaker for the legacy backend. None of those components require touching the EHR, and they are deployable in months rather than years.
The same pattern is now sufficient to meet the new mandates. The CMS Interoperability and Prior Authorization Final Rule requires impacted payers to begin reporting API use metrics in January 2026, with Patient Access, Provider Directory, and Prior Authorization APIs built on FHIR R4 due in full by January 2027. None of that obligation reaches into the underlying clinical or claims systems. It applies at the API surface, and a well-designed facade gets a payer or provider into compliance without changing a single line of legacy code.
Canonical Data Models and Patient Identity
The FHIR facade solves the format problem. It does not solve the data problem. Two systems that both speak FHIR can still disagree on what a patient looks like, how a diagnosis code is structured, or which medication record is current. Without a layer that resolves those disagreements, the integration delivers fast exchange of unreliable records.
The incremental fix at this layer is a canonical data model. Pick the clinically critical fields, define them once, and normalize the data as it moves through the facade. Patient identity is the single most important field in this set. A USCDI-aligned profile that resolves the same person across the EHR, the lab system, the billing platform, and the patient portal does more for interoperability than any standard adoption decision a CIO will make this year. Once identity is reliable, exchange is reliable. Until it is, every other layer is patching around an underlying inconsistency.
The same principle shows up in non-clinical work. When a global medtech company operating in more than 150 countries rebuilt its order fulfillment and ERP integration, the engineering problem was the same shape as a clinical interoperability problem: multiple systems holding versions of the same record, no canonical identity, and a manual reconciliation layer that absorbed staff time. The fix was not to replace the underlying systems. It was a unified Salesforce-based commerce layer with ERP and payment integration, anchored on a single record per customer interaction. The missing piece in most interoperability programs is not the standard. It is the canonical identity that lets a standard mean the same thing in every system it touches.
Compliance Built In, Not Bolted On
Healthcare runs under HIPAA, HITECH, and a growing patchwork of state privacy regulations. The Information Blocking Rule has already generated about 1,300 complaints, and CMS interoperability penalties reach $1.5 million per violation category per year. Compliance is not a final review. It is a constraint that has to live inside the architecture.
Compliance should be engineered directly into the architectural foundation - encryption in transit and at rest, audit logging for every access, SMART on FHIR-based fine-grained authorization, and formal BAAs with every vendor in the data flow. When a telemedicine platform serving over a million clinicians needed to scale, the engineering team did not begin with new clinical features. They built the foundation first: 100% Infrastructure as Code via Terraform, continuous monitoring through CloudWatch, and HIPAA controls embedded in the deployment pipeline. The features that came after worked because the foundation underneath them was trustworthy.
That ordering applies to interoperability just as cleanly. A FHIR facade without observability is a security audit waiting to happen. A canonical patient identity layer without lineage is a clinical incident waiting to happen. Building HIPAA-secure infrastructure is specialized work, and the engineering capacity for it is the bottleneck in most health systems that have tried to do this in-house.
Where the Network Effects Are Already Showing Up
The federal infrastructure to support all of this has matured faster than most operators have noticed. TEFCA, the Trusted Exchange Framework and Common Agreement, designated its first Qualified Health Information Networks in late 2023. By the end of 2025, 464 million documents had been exchanged across TEFCA, up from roughly 10 million before that year began. That is a 40-times growth curve in a single year, and the trajectory is still steepening as more QHINs go live.
For a hospital, the practical effect is that the network it needs to connect to is already running. The work is to expose its own data into that network reliably, which is again a facade-layer problem, not a platform-replacement problem. The same is true for pharmaceutical and life sciences organizations building ML-powered audit and analytics on top of regulated data. The model only works because the data pipeline underneath it is designed for traceability and explainability. Replace the model and the work continues. Replace the pipeline and the program stops.
The Operating Discipline That Actually Closes the Gap
The organizations making real progress on interoperability in 2026 share three habits. They expose data through a facade rather than replacing the system that holds it. They resolve patient identity at the canonical layer before they worry about everything downstream. And they treat compliance as an architecture decision, not a final approval. None of that requires a new platform. All of it requires sustained engineering discipline.
The interoperability rules are now strict enough, and the federal exchange networks are now mature enough, that the question for most health systems is no longer whether to modernize. It is how to modernize without putting clinical operations at risk in the process. The incremental path does that. It is the path the regulators are now designing around, the path the federal infrastructure is now built to support, and the path the operators who are actually shipping have already chosen.
What Is FHIR? The Standard Helping Your Doctors Share Data
Health care systems have long struggled to share information, forcing patients to repeat tests or carry paper records between offices. A technical standard called FHIR (pronounced "fire") aims to fix this by creating a universal format for electronic records. Think of it as a common language that lets different computer systems exchange medication lists, lab results, and allergies. However, adopting FHIR does not mean all your history becomes instantly available. Some hospitals use it only for recent visits, while older records may stay in separate systems. There is also a related system called SMART on FHIR. While FHIR structures the data, SMART on FHIR manages security permissions, letting patients safely authorize specific apps to pull information from their charts. Support varies by provider, so automatic sharing is not yet universal.
Understand FHIR health data interoperability, what SMART on FHIR means for patients, where adoption stands, and why record sharing still fee