This is a FHIR server reference implementation of the FAST Interoperable Digital Identity and Patient Matching IG. It is built on the HAPI FHIR JPA Starter Project project and more detailed configuration information can be found in that repository.
A live demo is hosted by HL7 FHIR Foundry, where you may also download curated configurations to run yourself.
Building and running the server locally requires either Docker or
- Java 17+
- Maven
mvn spring-boot:runor
mvn -Pjetty spring-boot:rundocker compose up -dThe server contains patient matching operations as described in the IG in the Patient Matching section. These are reachable via a POST to the [host]/fhir/Patient/$match or [host]/fhir/Patient/$idi-match operation endpoints.
The server has the ability to validate an incoming patient parameter for its match operations against the three Patient profiles from the IG:
The level of required validation can be configured via the hapi.fhir.match-validation-level property or by supplying a valid validation level value in a request header. The name of this header can be configured via the hapi.fhir.match-validation-header property and defaults to X-Match-Validation. For example, to disable validation for a request, you can supply X-Match-Validation: NONE in the request.
The validation level can be set to one of the following values:
| Value | Description |
|---|---|
DEFAULT |
Requires that the Patient validates against an IDI-Patient profile specified in the meta.profile field. If no profile is provided, the Patient will be validated against the base IDI-Patient profile |
META_PROFILE |
Validate the Patient resource against the most restrictive IDI-Patient profile specified in the meta.profile field. If an expected IDI-Patient profile is not found, the validation will fail. |
NONE |
No validation is performed |
If the validation fails, the server will return a 400 Bad Request response with an OperationOutcome.
The server supports requiring an auth token for incoming requests and is integrated with the UDAP Reference Implementation which implements the FAST Security IG.
Security is toggled via the security.enable-authentication property. When enabled, a valid UDAP server is required to be set via the security.issuer property. This is set by default to the UDAP RI hosted in Foundry.
A valid certificate is also required. This can be set via the security.cert-file and security.cert-password properties. Additionally, the server has the ability to use the UDAP RI's certificate generation endpoint to generate a certificate. This can be toggled via the security.fetch-cert property. Using this method will create a certificate file named generated-cert.pfx in the server's working directory. This is intended for local testing.
Security can also be disabled by supplying a header in the request. The name of this header is configured in the security.bypass-header property and defaults to X-Allow-Public-Access. No value is required for this header.
Questions about the project can be asked in the FAST Identity stream on the FHIR Zulip Chat.
This project welcomes Pull Requests. Any issues identified with the RI should be submitted via the GitHub issue tracker.
As of October 1, 2022, The Lantana Consulting Group is responsible for the management and maintenance of this Reference Implementation. In addition to posting on FHIR Zulip Chat channel mentioned above you can contact Corey Spears for questions or requests.