This study addresses the lack of effective concurrency control mechanisms in HL7 FHIR platforms, which hinders the detection of race condition vulnerabilities in shared healthcare resource access. To tackle this issue, the authors propose the FHIR Resource Access Graph (FRAG) model, introducing graph-theoretic methods for the first time into FHIR concurrency security analysis. FRAG formally defines and identifies three clinically relevant classes of race conditions: concurrent write conflicts, Time-of-Check-to-Time-of-Use (TOCTOU) authorization violations, and cascading update races. By modeling resource interactions as directed graphs and employing a three-pass graph traversal algorithm—validated against synthetic FHIR R4 transaction logs—the approach achieves an F1 score of 90.0% under fully concurrent scenarios, representing a 64.5-percentage-point improvement over baseline time-window-based methods.

In a healthcare environment, the healthcare interoperability platforms based on HL7 FHIR allow concurrent, asynchronous access to a set of shared patient resources, which are independent systems, i.e., EHR systems, pharmacy systems, lab systems, and devices. The FHIR specification lacks a protocol for concurrency control, and the research on detecting a race condition only targets the OS kernel. The research on FHIR security only targets authentication and injection attacks, considering concurrent access to patient resources to be sequential. The gap in the research in this area is addressed through the introduction of FHIR Resource Access Graph (FRAG), a formally defined graph G = (P,R,E, λ, τ, S), in which the nodes are the concurrent processes, the typed edges represent the resource access events, and the race conditions are represented as detectable structural properties. Three clinically relevant race condition classes are formally specified: Simultaneous Write Conflict (SWC), TOCTOU Authorization Violation (TAV), and Cascading Update Race (CUR). The FRAG model is implemented as a three-pass graph traversal detection algorithm and tested against a time window-based baseline on 1,500 synthetic FHIR R4 transaction logs. Under full concurrent access (C2), FRAG attains a 90.0% F1 score vs. 25.5% for the baseline, a 64.5 pp improvement.