sdhealthconnect / leap-cds Goto Github PK
View Code? Open in Web Editor NEWLEAP Consent Decision Service
Home Page: https://sdhealthconnect.github.io/leap
License: GNU General Public License v3.0
LEAP Consent Decision Service
Home Page: https://sdhealthconnect.github.io/leap
License: GNU General Public License v3.0
Content Class is part of the consent resource provision which enables a consent directive to limit the type of medical information that can be released under the provisions of the consent.
This should be implemented as obligations similar to security labels.
This will help statically-typed languages like Java to be able to create models automatically.
Recent changes to the FHIR Consent specs removes scope
and expects the scope to be recorded in the category
array. The LEAP-CDS must accommodate both models in order to ensure the old and new demos work seamlessly.
The CDS should generate AuditEvents at the respective Consent store when a consent is used to grant or deny access.
The client must be able to list more than one identifier for the actor in the context of the hook, to accommodate for cases where different actor identifiers may be used on the FHIR server side.
The strategy at the Consent Decision Service is to interpret this as matching "any of" the identifiers. For example if an organization has two different types of identifiers, the client should be able to list both in the hook context and the Consent Decision Service should match based on any of the provided identifiers.
This also requires a change in the schema of the hook context to identify the actor with an array of identifiers, rather than a single one.
Since the CBCP WG has voted to phased out the scope
parameter, we will make this an optional parameter in the LEAP-CDS request and ignore it in searching to fetch patient consents from consent stores.
After carefully examining the provisions semantics for the blog post and the proposed change request, there are some minor issues in the current provision logic that must be fixed to properly process the hierarchical provision structure.
The consent decision processing must consider the actor
attribute from the context of the request, which in the exchange use-case represents the recipient of the exchange, and take it into consideration in the consent decision.
The Consent Decision Service needs some authorization service. We will stick to a simple non-OAuth JWT-based access token for simplicity.
Parse and consume the validity period of a consent and take them into account in the consent decision.
Since we are already returning an XACML response as an extension in the CDS hooks response, it may make sense to have a direct XACML endpoint for querying Consent. Since the code to generate the response is already written, this only requires adding the code to validate and parse a request.
A script to upload all the required test resources (Patient, Organization, Consent) to a given FHIR server to populate the server with data required for test and demonstration.
These resources currently reside in https://github.com/sdhealthconnect/leap-cds/tree/master/test/fixtures
and are used for unit and integration tests.
The best way to implement this script is to use cURL
to submit all the resources in the form of a single bundle
and use a transaction POST
to upload all the data at once.
The consent discovery module which is in charge of finding and retrieving all applicable consents to a query context is currently not accessible to outside clients. However, there is value in exposing this service as a "consent directory" service to enable clients that are capable of processing consent on their own, or are interested in consent discovery for other reasons, to use LEAP CDS to find and retrieve patient consents.
Currently there is a base consent fixture and it's being edited and manipulated in the code for different test cases. It's better to have many fixtures instead so that the code for these tests get simpler and also we will have full resources that can be posted to an actual live server for live testing the same functionalities.
This may be a leap-ces-java-client library issue ...
REQUEST
{
"hook": "patient-consent-consult",
"hookInstance": "privacy-consent-scenario-H-UI",
"context": {
"patientId": [{
"system": "http://hl7.org/fhir/sid/us-ssn",
"value": "111111199"
}],
"scope": "adr",
"purposeOfUse": "ETREAT",
"actor": [
{
"system": "urn:ietf:rfc:3986",
"value": "urn:oid:1.1.8"
}
]
}
}
RESPONSE:
CDSHooks Request FailedCannot construct instance of `gov.hhs.onc.leap.ces.common.clients.model.card.Context$PurposeOfUse`, problem: ETREAT
at [Source: (String)"{"hook":"patient-consent-consult","hookInstance":"privacy-consent-scenario-H-UI","context":{"patientId":[{"system":"http://hl7.org/fhir/sid/us-ssn","value":"111111199"}],"scope":"adr","purposeOfUse":"ETREAT","actor":[{"system":"urn:ietf:rfc:3986","value":"urn:oid:1.1.8"}]}}"; line: 1, column: 200] (through reference chain: gov.hhs.onc.leap.ces.common.clients.model.card.PatientConsentConsultHookRequest["context"]->gov.hhs.onc.leap.ces.common.clients.model.card.Context["purposeOfUse"])
Response headers
The client must be able to specify a content type in the request to narrow down the type of data that's being accessed.
it makes more sense for the documentation to be hosted in its own repository since it will cover components and demo artifacts beyond the LEAP CDS repository.
The auto-deploy setup needs to be documented briefly so that the process is repeatable.
Client must be able to request that any human-readable portion of the the LEAP-CDS response to be in either Spanish or English.
Consent Discovery should be able to specify a Consent Scope and narrow down the search to a specific consent scope.
When using docker-compose up/down the original image is restored and any extension loaded via mirth administration is lost.
The Consent specs define nested provisions with 0..*
multiplicity so even though the examples use simple elements, these can be arrays. Currently the service assumes a single element which should be fixed.
request
has been deprecated, so it's best if we move away from this dependency.
https://medium.com/better-programming/request-has-been-deprecated-a76415b4910b
We need to set up a documentation folder to start recording thoughts and design decisions as well as feedback to the FHIR community. This can be set up in a way that can host a github pages website.
This is also a preamble to opening up the repo to public and promoting the project.
The Consent Decision Service must be able to discover and fetch a given patient's consent(s) from a fixed list of FHIR consent servers.
The Consent Decision Service must be able to verify the basic attributes defined in the context of the consent hook and return a consent decision accordingly.
Provide a rapidly developed interface for the Consent Decision Service based on the Clinical Decision Support Service Hooks to enable test. This mock service needs to provide the query/response interface without actually relying on a decision backed by processing a consent and enables rapid integration with the rest of the architecture while consent processing is being incrementally added.
Currently, the CDS returns a 404 response which is not helpful.
Responding to a CDS query requires finding the patient and then looking for the associated consents in every FHIR server attached to the CDS. Depending on the number of FHIR servers, this can increasingly involve a larger number of HTTP requests and therefore is not synchronously scalable and when the number of associated FHIR servers is large, requests may time out because they will have to wait for a large number of backend calls.
This can also cause issues if the backend FHIR servers are rate-limited, since a bust of traffic on the CDS can cause hitting rate-limits for these backend services.
To resolve this, the CDS needs to support asynchronous response to the client and instead of making backend http calls synchronously, these calls should be queued.
The client must be able to discover the CDS hook on this server and its specifications via the service discovery endpoint as defined by the CDS Hooks specs.
Set up continuous integration (automatic tests/linting checks) using github actions.
The consent decision processing must take into consideration the purposeOfUse
attribute and consider it in processing the consent and making a consent decision.
FHIR handling instruction valueset could potentially be leveraged for obligation IDs in the response from the API.
Currently the patient is identified in the request by a single identifier. This assumes that the same identifier is used in all FHIR servers where patient consents are hosted. This assumption may not hold if the patient is recorded with a different identifier type at different consent servers.
The expected behaviour in this case for the CDS is to read an array of identifiers from the request context and take into account consent from patients matching any of the identifiers listed in that array.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.