Healthcare: Epic + SharePoint + Power BI Integration

By Errin O'Connor | April 2026

Health systems running Epic want clinical data in Power BI dashboards and operational documents managed in SharePoint — but the integration architecture is not obvious, and getting it wrong creates HIPAA exposure. This guide covers the reference architecture, data flow patterns, security controls, and implementation approach we use for healthcare organizations integrating Epic with the Microsoft stack.

Why This Integration Matters

Epic is the clinical backbone for over 250 million patient records in the US. But Epic was not designed as an analytics platform or a document management system. Health systems need:

Operational dashboards that pull live data from Epic — ED throughput, bed management, OR utilization, staffing metrics — and present them in Power BI for leadership and clinical teams.
Clinical analytics built on Caboodle/Clarity data — quality measures (HEDIS, CMS Stars), readmission risk models, population health metrics — in a governed analytics environment.
Document management for clinical and operational documents — policies, procedures, care plans, credentialing files, training materials — in SharePoint with proper HIPAA controls.
Unified governance across the Epic-to-Microsoft data pipeline — data lineage, access controls, audit trails, and retention policies that satisfy HIPAA and Joint Commission requirements.

Reference Architecture: Epic to Microsoft Data Flow

The integration architecture has three primary data flow patterns, each serving different use cases:

Pattern 1: Caboodle/Clarity to Azure to Power BI (Historical Analytics)

This is the workhorse pattern for clinical and financial analytics. The data flow:

Extract: Scheduled extract from Epic Caboodle (data warehouse) or Clarity (reporting database) via SSIS, Azure Data Factory, or Epic's Cognitive Computing data export tools.
Land: Raw data lands in Azure Data Lake Storage Gen2 (bronze layer) with encryption at rest using customer-managed keys.
Transform: Azure Synapse Analytics or Microsoft Fabric lakehouse transforms raw data into analytical models — star schemas for clinical quality, financial, and operational domains.
Serve: Power BI Premium connects to the silver/gold layer via DirectQuery or Import mode, depending on data volume and refresh requirements.
Consume: Dashboards published to Power BI workspaces with row-level security (RLS) enforcing department-level and facility-level access controls.

Refresh cadence: Nightly for most clinical analytics. Weekly for financial reporting. The extract should complete by 4 AM so dashboards are current before 6 AM morning huddles.

Pattern 2: Epic FHIR APIs to Azure to Power BI (Near-Real-Time Operations)

For operational dashboards that need data fresher than nightly extracts:

Poll: Azure Functions poll Epic FHIR R4 APIs on a 5-15 minute interval for specific resource types — Patient, Encounter, Observation, Location (bed status), Schedule.
Ingest: FHIR resources are parsed, flattened, and written to Azure SQL Database (not Synapse — lower latency for real-time queries).
Serve: Power BI connects via DirectQuery to Azure SQL for live operational metrics.
Display: Auto-refresh dashboards on wall-mounted displays in ED, OR, and nursing stations update every 5-15 minutes.

Key FHIR resources for operational dashboards: Encounter (census, throughput), Location (bed availability), Appointment/Schedule (clinic utilization), Observation (vital signs for clinical alerts), and DiagnosticReport (lab turnaround time).

Pattern 3: SharePoint as Clinical Document Repository

SharePoint serves as the managed document repository for content that supports clinical operations but lives outside Epic:

Clinical policies and procedures: Version-controlled documents with approval workflows, retention policies, and access controls by department and facility.
Credentialing and privileging files: Provider credentialing documents managed in SharePoint with integration to credentialing systems via Power Automate.
Quality improvement documentation: Root cause analyses, corrective action plans, peer review documentation (with appropriate legal protections).
Training and education: Clinical training materials, competency documentation, and continuing education records.
Epic go-live and upgrade documentation: Implementation guides, testing scripts, change management materials organized by Epic module.

HIPAA Security Controls for the Integration

Every layer of this architecture handles ePHI and must be governed accordingly:

Network and Transport Security

ExpressRoute or VPN from on-premises Epic infrastructure to Azure — no public internet traversal for PHI data flows.
TLS 1.3 for all API communications including FHIR endpoints.
Azure Private Endpoints for Azure SQL, Synapse, and Storage accounts — no public IP exposure.
Network Security Groups (NSGs) restricting traffic to known source IPs.

Data Protection

Encryption at rest using customer-managed keys (Azure Key Vault) for all storage accounts, databases, and Synapse pools.
Column-level encryption for high-sensitivity fields (SSN, MRN, date of birth) in Azure SQL and Synapse.
Microsoft Purview sensitivity labels on all SharePoint sites and libraries containing PHI.
Data Loss Prevention (DLP) policies preventing PHI content from being shared outside the organization.

Access Control and Audit

Entra ID Conditional Access with MFA enforcement for all users accessing Power BI dashboards and SharePoint PHI sites.
Power BI Row-Level Security (RLS) enforcing department and facility access boundaries — a nurse manager sees their unit's data, not the entire hospital.
SharePoint site-level permissions aligned with workforce role and minimum necessary requirements.
Unified Audit Log retention set to six years minimum for all Copilot, Power BI, and SharePoint access events.
Azure Monitor and Microsoft Sentinel for anomaly detection on data access patterns.

Power BI Dashboard Use Cases for Epic Data

The dashboards we most frequently build for health systems integrating Epic with Power BI:

Dashboard	Data Source	Refresh	Primary Users
ED Throughput	FHIR API (Encounter, Location)	5 min	ED leadership, bed management
Bed Management	FHIR API (Location, Encounter)	10 min	House supervisors, CNOs
OR Utilization	Caboodle (surgical scheduling)	Nightly	Perioperative leadership
Quality Measures (HEDIS/CMS Stars)	Caboodle (clinical measures)	Weekly	Quality team, CMO
Readmission Risk	Caboodle + predictive model	Nightly	Case management, hospitalists
Revenue Cycle	Clarity (billing/claims)	Nightly	CFO, revenue cycle team
Population Health	Caboodle (registry data)	Weekly	Population health team, ACO leadership

Implementation Approach

EPC Group's implementation approach for Epic + SharePoint + Power BI integration follows a phased model:

Phase 1 (Weeks 1-4): Discovery and architecture — Epic environment assessment, data dictionary review, FHIR API capabilities validation, Azure architecture design, HIPAA security requirements documentation.
Phase 2 (Weeks 5-12): Azure infrastructure and ETL — landing zone deployment, Caboodle/Clarity ETL pipelines, FHIR API integration, data transformation logic, security controls implementation.
Phase 3 (Weeks 9-16): Power BI development — semantic models, dashboard development, RLS configuration, refresh scheduling, user acceptance testing with clinical and operational stakeholders.
Phase 4 (Weeks 10-18): SharePoint configuration — site architecture, sensitivity labeling, document libraries, retention policies, workflows, permissions structure.
Phase 5 (Weeks 16-24): Training, go-live, and stabilization — role-based training, phased rollout by department, monitoring, and 90-day post-go-live support.

Frequently Asked Questions

Can Power BI connect directly to Epic's database?

Not recommended, and in most Epic implementations, not permitted. Epic's production databases (Clarity for reporting, Caboodle for data warehouse) should not be directly queried by external tools due to performance and security concerns. The correct architecture uses an intermediary: extract data from Clarity/Caboodle to Azure SQL Database or Azure Synapse via scheduled ETL, then connect Power BI to the Azure layer. This protects Epic performance, enables data transformation, and keeps HIPAA controls manageable.

Is Epic FHIR API mature enough for Power BI integration?

Epic's FHIR R4 API is production-ready for read operations on clinical data — patient demographics, encounters, observations, conditions, medications, and diagnostic reports. For Power BI dashboards that need near-real-time clinical metrics, FHIR APIs work well for patient-level and encounter-level data. For large-volume analytics (population health, financial reporting), Caboodle extracts remain more efficient. Most health systems use both: FHIR for real-time operational dashboards, Caboodle/Clarity for historical analytics.

How do we maintain HIPAA compliance when Epic data flows to SharePoint?

SharePoint must be configured as a HIPAA-compliant repository before any Epic data touches it. Requirements: Microsoft 365 E5 or E3 with compliance add-on, BAA with Microsoft, sensitivity labels applied to all PHI-containing sites and libraries, DLP policies preventing PHI leakage, conditional access enforcing device compliance and MFA, and audit logging with six-year retention. Documents containing PHI must be stored in sites with restricted permissions and Purview sensitivity labels — never in broadly accessible team sites.

What refresh architecture works for Epic + Power BI dashboards?

For operational dashboards (ED wait times, bed availability, scheduling): use Epic FHIR APIs with Azure Function polling every 5-15 minutes, writing to Azure SQL, with Power BI Direct Query or auto-refresh. For clinical analytics (quality measures, readmission rates): nightly Caboodle extract to Azure Synapse, Power BI scheduled refresh at 6 AM before morning huddles. For financial reporting: weekly or monthly Clarity extracts, full dataset refresh in Power BI Premium capacity. Always separate real-time operational data from historical analytics — different data sources, different refresh cadences, different Power BI workspaces.

What does this integration typically cost to implement?

A full Epic + SharePoint + Power BI integration for a mid-size health system (500-2,000 beds) typically runs $250,000-$500,000 over 6-12 months. This includes: Azure infrastructure setup ($30,000-$50,000), ETL/FHIR integration development ($75,000-$150,000), Power BI dashboard development ($50,000-$100,000), SharePoint document management configuration ($25,000-$75,000), security and compliance implementation ($25,000-$50,000), and training/change management ($25,000-$50,000). Ongoing operational costs (Azure compute, Power BI Premium, support) add $5,000-$15,000/month.

Plan Your Epic + Microsoft Integration

EPC Group designs and implements Epic + SharePoint + Power BI integrations for health systems — from architecture through go-live with full HIPAA compliance. Call (888) 381-9725 or schedule an integration assessment.

Schedule an Integration Assessment

Healthcare: Epic + SharePoint + Power BI Integration

By Errin O'Connor | April 2026

Why This Integration Matters

Epic is the clinical backbone for over 250 million patient records in the US. But Epic was not designed as an analytics platform or a document management system. Health systems need:

Operational dashboards that pull live data from Epic — ED throughput, bed management, OR utilization, staffing metrics — and present them in Power BI for leadership and clinical teams.
Clinical analytics built on Caboodle/Clarity data — quality measures (HEDIS, CMS Stars), readmission risk models, population health metrics — in a governed analytics environment.
Document management for clinical and operational documents — policies, procedures, care plans, credentialing files, training materials — in SharePoint with proper HIPAA controls.
Unified governance across the Epic-to-Microsoft data pipeline — data lineage, access controls, audit trails, and retention policies that satisfy HIPAA and Joint Commission requirements.

Reference Architecture: Epic to Microsoft Data Flow

The integration architecture has three primary data flow patterns, each serving different use cases:

Pattern 1: Caboodle/Clarity to Azure to Power BI (Historical Analytics)

This is the workhorse pattern for clinical and financial analytics. The data flow:

Extract: Scheduled extract from Epic Caboodle (data warehouse) or Clarity (reporting database) via SSIS, Azure Data Factory, or Epic's Cognitive Computing data export tools.
Land: Raw data lands in Azure Data Lake Storage Gen2 (bronze layer) with encryption at rest using customer-managed keys.
Transform: Azure Synapse Analytics or Microsoft Fabric lakehouse transforms raw data into analytical models — star schemas for clinical quality, financial, and operational domains.
Serve: Power BI Premium connects to the silver/gold layer via DirectQuery or Import mode, depending on data volume and refresh requirements.
Consume: Dashboards published to Power BI workspaces with row-level security (RLS) enforcing department-level and facility-level access controls.

Refresh cadence: Nightly for most clinical analytics. Weekly for financial reporting. The extract should complete by 4 AM so dashboards are current before 6 AM morning huddles.

Pattern 2: Epic FHIR APIs to Azure to Power BI (Near-Real-Time Operations)

For operational dashboards that need data fresher than nightly extracts:

Poll: Azure Functions poll Epic FHIR R4 APIs on a 5-15 minute interval for specific resource types — Patient, Encounter, Observation, Location (bed status), Schedule.
Ingest: FHIR resources are parsed, flattened, and written to Azure SQL Database (not Synapse — lower latency for real-time queries).
Serve: Power BI connects via DirectQuery to Azure SQL for live operational metrics.
Display: Auto-refresh dashboards on wall-mounted displays in ED, OR, and nursing stations update every 5-15 minutes.

Pattern 3: SharePoint as Clinical Document Repository

SharePoint serves as the managed document repository for content that supports clinical operations but lives outside Epic:

Clinical policies and procedures: Version-controlled documents with approval workflows, retention policies, and access controls by department and facility.
Credentialing and privileging files: Provider credentialing documents managed in SharePoint with integration to credentialing systems via Power Automate.
Quality improvement documentation: Root cause analyses, corrective action plans, peer review documentation (with appropriate legal protections).
Training and education: Clinical training materials, competency documentation, and continuing education records.
Epic go-live and upgrade documentation: Implementation guides, testing scripts, change management materials organized by Epic module.

HIPAA Security Controls for the Integration

Every layer of this architecture handles ePHI and must be governed accordingly:

Network and Transport Security

ExpressRoute or VPN from on-premises Epic infrastructure to Azure — no public internet traversal for PHI data flows.
TLS 1.3 for all API communications including FHIR endpoints.
Azure Private Endpoints for Azure SQL, Synapse, and Storage accounts — no public IP exposure.
Network Security Groups (NSGs) restricting traffic to known source IPs.

Data Protection

Encryption at rest using customer-managed keys (Azure Key Vault) for all storage accounts, databases, and Synapse pools.
Column-level encryption for high-sensitivity fields (SSN, MRN, date of birth) in Azure SQL and Synapse.
Microsoft Purview sensitivity labels on all SharePoint sites and libraries containing PHI.
Data Loss Prevention (DLP) policies preventing PHI content from being shared outside the organization.

Access Control and Audit

Entra ID Conditional Access with MFA enforcement for all users accessing Power BI dashboards and SharePoint PHI sites.
Power BI Row-Level Security (RLS) enforcing department and facility access boundaries — a nurse manager sees their unit's data, not the entire hospital.
SharePoint site-level permissions aligned with workforce role and minimum necessary requirements.
Unified Audit Log retention set to six years minimum for all Copilot, Power BI, and SharePoint access events.
Azure Monitor and Microsoft Sentinel for anomaly detection on data access patterns.

Power BI Dashboard Use Cases for Epic Data

The dashboards we most frequently build for health systems integrating Epic with Power BI:

Dashboard	Data Source	Refresh	Primary Users
ED Throughput	FHIR API (Encounter, Location)	5 min	ED leadership, bed management
Bed Management	FHIR API (Location, Encounter)	10 min	House supervisors, CNOs
OR Utilization	Caboodle (surgical scheduling)	Nightly	Perioperative leadership
Quality Measures (HEDIS/CMS Stars)	Caboodle (clinical measures)	Weekly	Quality team, CMO
Readmission Risk	Caboodle + predictive model	Nightly	Case management, hospitalists
Revenue Cycle	Clarity (billing/claims)	Nightly	CFO, revenue cycle team
Population Health	Caboodle (registry data)	Weekly	Population health team, ACO leadership

Implementation Approach

EPC Group's implementation approach for Epic + SharePoint + Power BI integration follows a phased model:

Phase 1 (Weeks 1-4): Discovery and architecture — Epic environment assessment, data dictionary review, FHIR API capabilities validation, Azure architecture design, HIPAA security requirements documentation.
Phase 2 (Weeks 5-12): Azure infrastructure and ETL — landing zone deployment, Caboodle/Clarity ETL pipelines, FHIR API integration, data transformation logic, security controls implementation.
Phase 3 (Weeks 9-16): Power BI development — semantic models, dashboard development, RLS configuration, refresh scheduling, user acceptance testing with clinical and operational stakeholders.
Phase 4 (Weeks 10-18): SharePoint configuration — site architecture, sensitivity labeling, document libraries, retention policies, workflows, permissions structure.
Phase 5 (Weeks 16-24): Training, go-live, and stabilization — role-based training, phased rollout by department, monitoring, and 90-day post-go-live support.

Healthcare: Epic + SharePoint + Power BI Integration

Why This Integration Matters

Reference Architecture: Epic to Microsoft Data Flow

Pattern 1: Caboodle/Clarity to Azure to Power BI (Historical Analytics)

Pattern 2: Epic FHIR APIs to Azure to Power BI (Near-Real-Time Operations)

Pattern 3: SharePoint as Clinical Document Repository

HIPAA Security Controls for the Integration

Network and Transport Security

Data Protection

Access Control and Audit

Power BI Dashboard Use Cases for Epic Data

Implementation Approach

Frequently Asked Questions

Can Power BI connect directly to Epic's database?

Is Epic FHIR API mature enough for Power BI integration?

How do we maintain HIPAA compliance when Epic data flows to SharePoint?

What refresh architecture works for Epic + Power BI dashboards?

What does this integration typically cost to implement?

Plan Your Epic + Microsoft Integration

Ready to get started?

Healthcare: Epic + SharePoint + Power BI Integration

Why This Integration Matters

Reference Architecture: Epic to Microsoft Data Flow

Pattern 1: Caboodle/Clarity to Azure to Power BI (Historical Analytics)

Pattern 2: Epic FHIR APIs to Azure to Power BI (Near-Real-Time Operations)

Pattern 3: SharePoint as Clinical Document Repository

HIPAA Security Controls for the Integration

Network and Transport Security

Data Protection

Access Control and Audit

Power BI Dashboard Use Cases for Epic Data

Implementation Approach

Frequently Asked Questions

Can Power BI connect directly to Epic's database?

Is Epic FHIR API mature enough for Power BI integration?

How do we maintain HIPAA compliance when Epic data flows to SharePoint?

What refresh architecture works for Epic + Power BI dashboards?

What does this integration typically cost to implement?

Plan Your Epic + Microsoft Integration

Ready to get started?