HL7 + FHIR support
HL7 v2.x messages over MLLP for clinical systems. FHIR R4/R5 APIs for modern integrations. Both parsed, mapped, and routable from the same flow.
Healthcare data integration
HIPAA-grade integration. For real healthcare data.
HL7 v2.x, FHIR R4/R5, X12 EDI — first-class, not afterthoughts. SOC 2 Type II, BAA available, and on-prem deployment when PHI can't leave your network. Built for payers, providers, health tech, and clinical research.
- HIPAA
- Compliant infrastructure
- SOC 2
- Type II audited
- BAA
- Standard, not extra
- 3
- Healthcare standards
The problem
Most “HIPAA-friendly” tools aren't.
Modern ETL platforms claim healthcare support but fall apart on the details. They don't speak HL7. They won't sign a BAA. Their on-prem story is “use our SaaS but in a different region.” Healthcare data integration is its own discipline — and it shows when a tool wasn't built for it.
What generic ETL gets wrong
“We're HIPAA-aware” isn't HIPAA-compliant.
Healthcare data integration means HL7 v2.x messaging your clinical systems still depend on, FHIR APIs your modern integrations require, X12 transactions for claims and eligibility, and a compliance posture that holds up under audit. Not a marketing page that mentions HIPAA. Etlworks ships these as first-class capabilities — used in production by payers, physician networks, and health tech vendors handling real PHI every day.
Capabilities
What healthcare teams actually need.
EDI for healthcare
X12 transactions for claims (837), remittance (835), eligibility (270/271), enrollment (834). NCPDP for pharmacy. Validated, transformed, routed.
HIPAA-compliant infrastructure
SOC 2 Type II audited. PHI encrypted at rest (AES-256) and in transit (TLS 1.2+). Customer-managed keys on Enterprise. Same posture across all deployments.
BAA available
Business Associate Agreement is standard for any plan handling PHI — not an enterprise-only upsell. Template published, signed during onboarding.
Read our BAA template →On-prem & hybrid
Run Etlworks fully on-prem when PHI can't leave your network. Or use hybrid agents — SaaS control plane, on-prem data. Same compliance posture either way.
See deployment options →Audit logs & PHI access controls
Every PHI access logged with user, timestamp, and action. RBAC with PHI-tier separation. Configurable retention. Exportable for compliance reviews.
Receipts
The proof, not the claim.
Healthcare buyers ask for documents, not assertions. Here's what we publish and what we send during procurement.
Published
HIPAA Compliance Statement
Public document covering technical, administrative, and physical safeguards.
PublishedBAA template
Standard BAA available before signature. Reviewed by legal counsel. Signed during onboarding.
On requestSOC 2 Type II report
Most recent audited report under NDA. Provided during eval. Annual refresh.
On requestPen test summary
Annual third-party penetration test. Executive summary available under NDA.
Specifications
Standards, transports, controls.
Every healthcare standard, transport protocol, and compliance control supported. The detail your security and integration teams need.
Clinical standards
HL7 v2.x
v2.3 through v2.8 · ADT, ORM, ORU, MDM, SIU, DFT message types · Z-segments supported
HL7 FHIR
R4 and R5 · REST APIs, Bulk Data Export · search parameters, references, contained resources
CDA / C-CDA
Clinical Document Architecture · structured and narrative sections · supported via XML connectors
B2B & pharmacy
X12 EDI
837P/I/D, 835, 270/271, 276/277, 278, 834, 820 · validation, acknowledgments (TA1, 999), routing
NCPDP
Pharmacy claims and eligibility · supported via custom format mapping
Transport
MLLP
Minimal Lower Layer Protocol for HL7 v2.x · TLS support · acknowledgment handling
HTTPS / FHIR REST
TLS 1.2+ · OAuth2 / SMART on FHIR · client credentials and authorization code flows
SFTP / AS2
Secure file transport for EDI batches · key-based auth · message-level encryption
Compliance & security
Compliance frameworks
HIPAA · HITECH · SOC 2 Type II · GDPR · same posture across cloud, hybrid, on-prem
Encryption
AES-256 at rest · TLS 1.2+ in transit · field-level encryption supported · CMK / BYOK on Enterprise
Identity & access
SSO (SAML, OIDC) · RBAC with PHI-tier separation · MFA · audit logs with configurable retention
Data residency
US-only deployment available · regional control · customer-controlled key management
Comparing healthcare ETL? See Etlworks vs Mirth, Rhapsody, and Boomi
Proof
Trusted by health tech and payers.
“Etlworks gives us the integration depth we need without the enterprise overhead. HL7, FHIR, claims data, member data — same platform, same team, same operating model.”
CHPW
Community Health Plan of Washington
Healthcare payer · production data integration
Also in production
Sermo — global physician network, real-time clinical data integration. And other healthcare and life sciences customers running production flows on Etlworks today.
FAQ
Common questions.
Will you sign a BAA?
Yes — for any customer handling PHI. Our BAA template is published on our Legal page so you can review it before signing. We don't gate BAA availability behind enterprise plans or extra fees. If your team needs minor edits — naming changes, jurisdictional language — we accommodate where reasonable.
What HL7 versions are supported?
HL7 v2.3 through v2.8 (the workhorse versions still running in clinical systems), and HL7 FHIR R4 and R5 (the modern REST API standard). For HL7 v2.x, we support all common message types — ADT, ORM, ORU, MDM, SIU, DFT — and Z-segments. Transport via MLLP with TLS, or batch via files.
Can I integrate with Epic, Cerner, MEDITECH, or Allscripts?
Yes — via HL7 v2.x, FHIR R4/R5, or direct database connections, depending on your EHR's available interfaces. EHR integration is generally a project rather than plug-and-play because each EHR vendor has specific configuration requirements (interface engines, custom segments, security models). We work with your team during implementation. If your EHR exposes data via standard interfaces, Etlworks can integrate.
How is PHI handled in transit and at rest?
In transit: TLS 1.2+ for all connections. PHI never travels unencrypted. At rest: AES-256 encryption for stored data, including staging files, audit logs, and configuration. Field-level encryption for specific PHI fields supported. Customer-managed keys (CMK / BYOK) on Enterprise plans — bring your own AWS KMS, Azure Key Vault, or HashiCorp Vault keys.
Can I deploy entirely on-prem so PHI never leaves my network?
Yes. Full on-prem deployment is supported across Windows, Linux, Docker, and Kubernetes. No outbound traffic required — fully air-gappable. Or use hybrid mode: Etlworks SaaS hosts the control plane (UI, scheduling), but your data stays in your network via local agents. Most healthcare customers pick hybrid; defense-grade healthcare customers pick full on-prem. See deployment options →
What's your audit log retention?
Configurable. Default: 1 year online for live queries, indefinite cold storage. Enterprise plans can extend online retention to 7 years to match HIPAA's standard recommendation. All logs are immutable, queryable, exportable for compliance reviews and audits, and can be forwarded to your SIEM in real time.
Do you support 837 claims and 835 remittance?
Yes. Full X12 EDI support for healthcare transactions — 837 (professional, institutional, dental claim variants), 835 (remittance), 270/271 (eligibility request/response), 276/277 (claim status), 278 (services review), 834 (enrollment), 820 (premium payment). Validation, acknowledgments (TA1, 999), and routing handled. Compatible with clearinghouses, payers, and provider systems.
Start your trial
14 days. No card. BAA on request.
Spin up a free trial, send a test HL7 message, or load an X12 837 file. Need a BAA before you start? Tell us — we'll send the standard one within the day.