This is a FHIR server reference implementation of the FAST Interoperable Digital Identity and Patient Matching IG. It is built on the HAPI FHIR JPA Starter Project project and more detailed configuration information can be found in that repository.
A live demo is hosted by HL7 FHIR Foundry, where you may also download curated configurations to run yourself.
Building and running the server locally requires either Docker or
- Java 17+
- Maven
mvn spring-boot:runor
mvn -Pjetty spring-boot:rundocker compose up -dThe server contains patient matching operations as described in the IG in the Patient Matching section. These are reachable via a POST to the [host]/fhir/Patient/$match or [host]/fhir/Patient/$idi-match operation endpoints.
The server has the ability to validate an incoming patient parameter for its match operations against the three Patient profiles from the IG:
The level of required validation can be configured via the hapi.fhir.match-validation-level property or by supplying a valid validation level value in a request header. The name of this header can be configured via the hapi.fhir.match-validation-header property and defaults to X-Match-Validation. For example, to disable validation for a request, you can supply X-Match-Validation: NONE in the request.
The validation level can be set to one of the following values:
| Value | Description |
|---|---|
DEFAULT |
Requires that the Patient validates against an IDI-Patient profile specified in the meta.profile field. If no profile is provided, the Patient will be validated against the base IDI-Patient profile |
META_PROFILE |
Validate the Patient resource against the most restrictive IDI-Patient profile specified in the meta.profile field. If an expected IDI-Patient profile is not found, the validation will fail. |
NONE |
No validation is performed |
If the validation fails, the server will return a 400 Bad Request response with an OperationOutcome.
The server supports requiring an auth token for incoming requests and is integrated with the UDAP Reference Implementation which implements the FAST Security IG.
Security is toggled via the security.enable-authentication property. When enabled, a valid UDAP server is required to be set via the security.issuer property. This is set by default to the UDAP RI hosted in Foundry.
A valid certificate is also required. This can be set via the security.cert-file and security.cert-password properties. The security.cert-file property can be either a path to a p12/pfx certificate file or a base64 encoded string of a certificate.
The server also has the ability to use the UDAP RI's certificate generation endpoint to generate a test certificate. This can be toggled via the security.fetch-cert property. Using this method will create a certificate file named generated-cert.pfx in the server's working directory. This is only intended for local testing.
Security can also be disabled by supplying a header in the request. The name of this header is configured in the security.bypass-header property and defaults to X-Allow-Public-Access. No value is required for this header.
Warning
This feature is experimental.
The server supports the ability to perform a match operation against remote FHIR servers. This is enabled by supplying a special header in the POST to the match operation ($match or $idi-match).
The name of this header is configured in the hapi.fhir.remote-match-header property and defaults to X-Remote-Match. The behavior of this header is as follows:
| Value | cURL Header Example | Behavior |
|---|---|---|
| Blank | -H 'X-Remote-Match;' |
The server will perform a match operation against the remote server(s) specified in the hapi.fhir.remote-servers property. This property should be set to a list of base FHIR endpoints. |
| Comma-separated list | -H 'X-Remote-Match: http://localhost:8081/fhir,https://hapi.fhir.org/baseR4' |
The server will perform a match operation against each of the remote servers in the list. |
| No header | No remote matching will be performed even if the hapi.fhir.remote-servers property is set. |
Questions about the project can be asked in the FAST Identity stream on the FHIR Zulip Chat.
This project welcomes Pull Requests. Any issues identified with the RI should be submitted via the GitHub issue tracker.
As of October 1, 2022, The Lantana Consulting Group is responsible for the management and maintenance of this Reference Implementation. In addition to posting on FHIR Zulip Chat channel mentioned above you can contact Corey Spears for questions or requests.