FHIR Sandbox Alternatives: Epic, HAPI, Cerner, Verial

TL;DR

• No single FHIR sandbox is enough to test a healthcare AI agent. Epic covers read-path parsing with 18 patients, HAPI covers write paths without auth, and Logica covers SMART on FHIR. Realistic testing needs layers, not one tool.
• Epic now runs the acute care EHR at a commanding share of US hospitals after a net gain of 176 hospitals in 2024 (KLAS). If your agent ships to hospitals, Epic-shaped data is table stakes.
• 70% of US hospitals enabled FHIR-configured patient apps in 2024 (ASTP/ONC Data Brief 79), so FHIR is the integration surface agents must handle.
• 81.3% of US hospitals still have not adopted AI and 77% of health systems cite immature AI tools as the main barrier (JAMIA 2025). Shipping into that market requires proof your agent works on real data.

The sandbox gap that breaks agents

Most healthcare AI teams run the same playbook. They sign up for Epic's Open FHIR sandbox, pass a few integration tests, and declare the agent production-ready. Then the first real deployment surfaces bugs in OAuth refresh, missing US Core extensions, write-path failures on DocumentReference, and payer workflows that never hit Epic at all.

The root cause is that each FHIR sandbox was built for a different purpose. None were built to test an autonomous agent operating across EHR, payer, voice, and fax.

"As long as hospitals buy an EHR and then spend a $100 million customizing it to their workflows, then interoperability is going to be a challenge."

Grahame Grieve, FHIR Product Director, HL7 (HIStalk interview)

Grieve's point matters for testing. Customization means every production FHIR endpoint looks different from every sandbox. If your test harness is the sandbox, your agent has never seen production.

Epic Open FHIR Sandbox

Epic's sandbox is the most-used FHIR test environment in healthcare, and for good reason. Epic holds the largest share of US acute care hospitals after winning nearly 70% of new hospital contracts in 2024 (KLAS). If you ship to hospitals, you will hit Epic.

What you get: Roughly 18 synthetic patients, FHIR R4 read access, simplified SMART on FHIR OAuth, and App Orchard/Showroom review eligibility.

Where it breaks for agents:

• 18 patients cannot cover scenario-driven testing. You cannot produce a diabetic on insulin needing a CGM approval from UnitedHealthcare, or a back-pain patient who has exhausted conservative care and needs a prior auth for surgery.
• Write support is limited. DocumentReference, ServiceRequest, CarePlan, and Task creation are mostly untestable. That is exactly where agent bugs live.
• Sandbox OAuth hides token refresh mid-workflow, per-patient launch context, and scope negotiation that varies by health system.
• No Bulk FHIR $export, no Subscriptions.

Cerner / Oracle Health Sandbox

Oracle Health holds 22.9% of the US acute care EHR market and lost 74 hospitals net in 2024 (KLAS). The sandbox offers around 30 synthetic patients and better write coverage than Epic, with Cerner-specific data shapes (contained Practitioner resources, proprietary extensions).

Best for: Teams shipping to Oracle Health sites that need to validate Cerner-specific FHIR quirks before review.

Limits: Still sparse and templated. Cerner extensions do not generalize to Epic or Meditech, so you end up maintaining parallel test data.

HAPI FHIR

HAPI is the open source FHIR server from University Health Network, maintained by Smile CDR under Apache 2.0. It is the fastest way to get a FHIR server running locally. One Docker command and you have full CRUD on every resource type.

Where it wins: Prototyping, building FHIR infrastructure, writing interceptors and custom operations.

Where it breaks for agents:

• No authentication by default. The public server at hapi.fhir.org has no SMART on FHIR, no OAuth, no scopes. Your auth code is untested until production.
• Shared data on the public instance. Another developer's test run can overwrite your fixtures overnight.
• No US Core enforcement. HAPI accepts a Patient without us-core-race, us-core-ethnicity, or us-core-birthsex. Production US Core servers reject these.
• Empty by default. You bring your own data, which usually means hand-crafted happy paths or generic Synthea output.

Logica Health

Logica Health (formerly HSPC) offers a hosted FHIR sandbox with SMART on FHIR auth, sample patients, and write support. It is the closest free option to a production-like auth flow without self-hosting.

Best for: Testing SMART on FHIR launch context and token lifecycle without standing up your own authorization server.

Limits: Shared environment, generic patients, FHIR only. No voice, fax, or portal for agents that work across channels.

Inferno Test Suite

Inferno is the ONC's open source conformance tool. It validates that a FHIR server correctly implements US Core, SMART on FHIR, and Bulk FHIR.

Best for: Teams building FHIR servers, or verifying a vendor's claims about US Core compliance.

Limits: Inferno tests servers, not clients. It does not check whether your agent handles production data correctly. It is a complement to a sandbox, not a replacement.

Verial

Verial provides isolated FHIR sandboxes with scenario-driven synthetic patients, SMART on FHIR auth, full read/write, and multi-interface simulation across FHIR, voice IVR, fax, and payer portals.

Best for: Agents that span more than the EHR. Prior auth, referrals, clinical documentation, and revenue cycle workflows all cross channels.

Limits: Not open source, not free, not the right tool for building a FHIR server or running conformance suites.

Side-by-side comparison

Feature	Epic	HAPI	Cerner	Logica	Inferno	Verial
Patient count	~18	BYO	~30	Generic set	N/A	Scenario-driven
Write support	Limited	Full	Partial	Full	N/A	Full
Authentication	Simplified	None	Simplified	SMART on FHIR	N/A	SMART on FHIR
Data isolation	Per app	Self-host only	Per app	Shared	N/A	Per environment
US Core	Partial	Optional	Partial	Optional	Validates	Enforced
Vendor shapes	Epic only	None	Cerner only	None	None	Configurable
Multi-interface	No	No	No	No	No	Yes
Bulk FHIR	No	Yes	Limited	Yes	Tests it	Yes
Cost	Free	Free	Free	Free	Free	Paid

How to layer them

The mistake is picking one. The right answer is a stack that matches where your agent is in its lifecycle.

1. Early development. Start on HAPI. Write FHIR code fast, iterate on resource parsing, throw it away daily.
2. Vendor validation. Add Epic and Cerner sandboxes to confirm your agent handles vendor-specific extensions and OAuth quirks.
3. Auth hardening. Use Logica to test SMART on FHIR launch context, token refresh, and scope negotiation under realistic conditions.
4. Conformance. Run Inferno against any FHIR server you build or expose.
5. Agent-level evaluation. For scenario coverage, isolated environments, and multi-channel workflows, a purpose-built platform fills the gap the free sandboxes leave open.

This matters because the integration cost of getting it wrong is real. EHR integration for a single AI application runs $150,000 to $750,000 and roughly 60% of healthcare AI projects fail in deployment (JAMIA 2025). Test infrastructure is cheaper than a failed go-live.

For how these failure modes play out in practice, see our FHIR sandbox problem deep dive.

Key takeaways

• Epic's sandbox validates Epic-shaped data parsing. It does not validate your agent.
• HAPI is the right foundation for building FHIR code and the wrong foundation for testing auth.
• Cerner and Logica fill specific gaps (vendor shapes and SMART on FHIR) but do not provide scenario coverage.
• Inferno tests servers. It is useless for testing a client agent.
• Agents that touch payer portals, IVR, or fax need a test environment that goes beyond FHIR.
• Layer your sandboxes. A Phase 1 tool will not cover a Phase 3 workflow.
• The $150K-$750K cost of EHR integration (JAMIA 2025) makes test fidelity a financial decision, not a nice-to-have.

FAQ

Can I use Epic's sandbox to test a prior authorization agent?

No. Epic's 18 patients will not include the specific combinations of diagnosis, coverage, and prior treatment history that prior auth workflows require. You also cannot write ServiceRequest or DocumentReference resources, which is where most prior auth agents produce output. Use Epic for read-path validation only.

Does HAPI FHIR enforce US Core?

Not by default. HAPI accepts any valid FHIR resource, including Patients missing us-core-race, us-core-ethnicity, or us-core-birthsex extensions. Production servers compliant with US Core will reject these. You can configure HAPI to validate US Core, but it requires extra setup most teams skip.

What is the difference between Inferno and a FHIR sandbox?

Inferno is a conformance test suite that checks whether a FHIR server correctly implements specifications like US Core and SMART on FHIR. A sandbox is an environment where you run your own code against sample data. Inferno tests the server. A sandbox lets you test your client or agent.

Do I still need Epic's sandbox if I use a paid platform?

Yes, if you are going through Epic's App Orchard or Showroom review. Epic requires sandbox testing as part of that pipeline. Use it alongside other environments rather than as your only test harness.

How many FHIR sandboxes do most healthcare AI teams use?

Teams that ship to production typically run three or more in parallel. One for vendor-specific validation (Epic, Cerner), one for auth testing (Logica or self-hosted HAPI with SMART configured), and one for scenario-driven agent evaluation. Relying on a single sandbox is the most common reason production deployments surface new failure modes.