Admin App​

• We've added support for testing AccessPolicyV2 resources in the admin app. This allows you to test your AccessPolicyV2 resources and see the results of the evaluation.

UI​

• Added simplified views for Subscription creation/deletion and viewing.
• Condensed sidebar text
• Added IDP configuration

Server​

• We've altered how Operation Definitions are deployed. We now require users to deploy via the $deploy operation. This operation is invoked at the Operation Definition instance level and takes the code and environment variables as input parameters.

Security​

OIDC​

• We've added support for SMART on FHIR patient scopes. We use the HL7 patient compartment definition to determine which resources are accessible by a given patient scope.

Federated Identity​

• We've added support for federated identity providers. This allows you to authenticate users via an external identity provider such as Azure, Okta, or Auth0. You can read more about this here

Here is a quick demo showing how to connect Azure as an external identity provider:

General​

We are beginning work on performance improvements for single-value search parameters (search parameters whose type is not a collection). We are currently working on an optimized index for these parameters to improve search performance.

Updated Packages​

• @iguhealth/server: 0.23.4
• @iguhealth/admin-app: 0.16.0

Server​

Security​

AccessPolicy V2​

We have added support for a new version of the AccessPolicy resource. This version allows for more fine-grained control over access to resources. We use a rule engine based on XACML to evaluate whether a user can perform a given request. This is evaluated using fhirpath expressions on the request and the user's claims.

More information can be found in our RFC

General​

FHIRPath​

We've rewritten our FHIRPath parser to be more performant. Currently, we've seen a roughly 60% improvement in parsing time. This will allow us to index resources faster and improve the performance of our FHIRPath queries.

Expression component​

We've added a new component to our component library that allows you to view FHIRPath expressions. We have written a custom codemirror mode to highlight and format FHIRPath expressions.

Meta values​

We've altered the way we pull type information about resources. We've created a pre-generated hashtable of type information per resource and use this to validate resources and for type information in our FHIRPath queries.

Updated Packages​

• @iguhealth/server: 0.21.1
• @iguhealth/x-fhir-query: 0.4.0
• @iguhealth/components: 0.13.0
• @iguhealth/fhirpath: 0.9.0
• @iguhealth/fhir-validation: 0.11.0

Server​

Security​

OIDC​

• Added Support for RS384 for signing JWTs.
• Added support for Refresh tokens and added a UI to manage/revoe them.
• Added support for SMART Discovery document.
• Added support for SMART Launch Context.
• Added support for SMART V2 Scopes
• Added SMART Claims (fhirUser, Patient) to JWT on SMART Launches
• Added Scope interaction for Launches
• PKCE no longer supports plain text. Only S256 is supported (per SMART spec).

General​

Updated Packages​

• @iguhealth/server: 0.18.12

Terminology​

We now support the following external terminologies:

• BCP-13 Media Types
• ISO-4217 Currency codes
• ISO-3166 Country Codes

We will be adding support for Loinc, ICD-10, and RxNorm codes in the following weeks.

Server​

Conditional Updates​

We've added support for conditional updates. This allows you to update a resource only if certain conditions are met.

Migration to Async for FHIRPath and Canonical Resolution​

Our fhirpath library and canonical resolution have been migrated to use async functions. This is to allow for querying external services and databases for terminology and data.

Worker migration to HTTP​

Workers are separate processes we use for processing subscriptions and asynchronous tasks. We've migrated these workers to use HTTP to communicate and pull data from our server. This will allow us to scale workers horizontally and improve performance.

GZip Compression​

We've added support for GZip compression on all responses.

Security​

PKCE Support​

We've added support for Proof Key for Code Exchange. This is a security feature that helps prevent authorization code interception attacks. This will now be required for all authorization code flows. Our component library has been updated to make use of this feature.

CapabilityStatement Public​

CapabilityStatements are now public for all tenants. This will allow clients to query the server for the capabilities of the server without needing to authenticate.

Conformance Testing​

Finished the initial round of conformance testing via Touchstone. We currently have a 91% pass on the FHIR Standard R4 suite.

Bug fixes​

• We now allow undefined values on resources where the SD has a minimum set to 0 for the property.

General​

Updated Packages​

• @iguhealth/server: 0.17.0
• @iguhealth/admin-app: 0.10.0
• @iguhealth/fhirpath: 0.6.4
• @iguhealth/components: 0.9.0

Postman is a platform that allows you to use APIs with a user-friendly interface. It can be a great way to test your API endpoints and check for conformance and data quality. This guide will cover how to integrate with Postman.

How to integrate Postman with Iguhealth​

Download Postman​

1. Download Postman from the official website.

Setup IGUHealth​

1. Go to the admin application and create a new ClientApplication.
2. Set the name to Postman
3. Set the grant type to client_credentials.
4. Set the response type to token.
5. Set the secret to a secure value.
6. Hit Actions and create
7. Mark down the client ID and secret.
8. Click Security->AccessPolicyV2 in the admin app and create a new access policy.
9. Create AccessPolicyV2 with the engine set to `Full Access'.
10. Under Target.Link reference the ClientApplication created on step 5.

Authorize Postman​

1. Open Postman and create a new request.
2. Under Authorization set type to OAuth 2.0.
3. Under Configure New Token set Grant Type to Client Credentials.
4. Set ClientID and ClientSecret to the values from step 7.
5. Set the Access Token URL to value at User -> Settings -> Endpoints -> Security -> Token
6. Click Get New Access Token and confirm that you get an access token.

Test​

1. Get R4 endpoint from User -> Settings -> Endpoints -> FHIR -> R4
2. Make get requests in Postman to the ${r4Endpoint}/metadata
3. Confirm that you get a 200 response with CapabilityStatement in body.

Server​

Date ranges and Prefixes​

Ranges​

Date range support is now handled properly for date and datetime values. You can now search for a year like _lastUpdated=2024 or by month _lastUpdated=2024-02.

Date prefixes now supported​

The following prefixes are now supported for date queries:

Headers​

The following headers are now returned in the response:

Conformance Testing​

We've begun testing our conformance using Touchstone https://touchstone.aegis.net/touchstone. We expect to be finished with their FHIR Standard R4 suite by EOW.

Migrated Internal tests to Testscripts on CI​

For CI we were testing our APIs using Jest. We've now migrated to using TestScripts. This allows us to test our APIs in a more FHIR compliant way. And to publish our results to our site at https://iguhealth.app/reports

CLI​

Operation invocation is now supported on the CLI. You can now invoke operations on the CLI as follows:

System​

iguhealth api invoke_system r4 --data $Parameters

Type​

iguhealth api invoke_type r4 $ResourceType --data $Parameters

Instance​

iguhealth api invoke_instance r4 $ResourceType $ResourceId --data $Parameters

Documentation Updated​

We've updated our API Documentation for FHIR operations. You can find it here.

Postman Integration guide​

We've added a guide on how to integrate Postman with Iguhealth. You can find it here.

General​

Updated Packages​

• @iguhealth/server: 0.15.1
• @iguhealth/admin-app: 0.9.0
• @iguhealth/artifacts: 0.6.0
• @iguhealth/cli: 1.5.0
• @iguhealth/client: 0.9.0
• @iguhealth/codegen: 0.7.0
• @iguhealth/components: 0.8.0
• @iguhealth/fhir-pointer: 0.5.0
• @iguhealth/fhir-types: 0.7.0
• @iguhealth/fhirpath: 0.6.0
• @iguhealth/testscript-runner: 0.1.0
• @iguhealth/hl7.fhir.r4.core: 0.4.2
• @iguhealth/iguhealth.fhir.r4.core: 0.5.10
• @iguhealth/hl7.fhir.r4.test-data: 0.2.1
• @iguhealth/hl7.fhir.r4b.core: 0.2.2

Updated Dependencies​

• typescript: 5.5.2
• react-router-dom: 6.24.0
• @headlessui/react: ^2.1.1

Testing​

Documentation​

We've updated our documentation to include a guide on how to write and run TestScripts. You can find it here.

Migrations​

We've finished migrating our API tests to TestScripts here. These tests are run on all PRs and the main branch.

Publishing Test Reports​

We now publish test reports on our main site. You can view them here. These tests are generated off the main branch for the latest published version of our server.

Support for Variables​

Variables are now supported on our TestScript runner. You can use them to create dynamic parameters for your testscripts. An example can be found here

Support for Operations and Assertions​

We now support the following operations and assertions:

• Assert: CompareToSourceExpression
• Operation: history
• Operation: patch

General​

Updated Packages​

• @iguhealth/server: 0.14.33
• @iguhealth/components: 0.7.22
• @iguhealth/generated-ops: 0.5.15
• @iguhealth/cli: 1.4.15
• @iguhealth/testscript-runner: 0.0.8

Testing​

We our beginning our migration to TestScript resources. This will replace our jest tests against our API and allow us to publish results as TestReports on our main site.

TestScript Runner​

We've published our TestScript Runner as an NPM package here.

Testing on CLI​

You can run our testscript runner via our latest cli update:

iguhealth test run -i testscripts -o testreports

• -i , --input: The directory where the testscripts are located.
• -o , --output: The directory where the testreports will be output.

Server Enhancements​

Stronger restrictions on CSP​

We have added stronger restrictions on CSP headers in particular to disallow inline scripts and styles.

Conditional Deletes​

We now support conditional deletes on the server. You can now delete resources based on a conditional query.

DELETE /Patient?name=John

Client Alterations​

Invoke by code​

We now support invoke operations via Client with code instead of an Operation Instance. For this you pass a Parameter Resource instead of the simplified JS Object.

const invocation = await client
    .invoke_type("validate", {}, R4, "Patient", {
      resourceType: "Parameters",
      parameter: [
        {
          name: "resource",
          resource: patient,
        },
      ],
    } as Parameters)

General​

Updated Packages​

• @iguhealth/cli: 1.4.11
• @iguhealth/client: 0.8.10
• @iguhealth/components: 0.7.18
• @iguhealth/fhirpath: 0.5.6
• @iguhealth/generated-ops: 0.5.11
• @iguhealth/server: 0.14.28
• @iguhealth/testscript-runner: 0.0.4
• @iguhealth/admin-app: 0.8.11

Server Enhancements​

Alterations to the User Data Model​

Our data model had the concept of a root user that could be connected to multiple tenants. This was done to allow a user to easily access multiple tenants that they were a member of. We've removed this, and instead, each user is now entirely isolated and connected to a FHIR Membership resource.

Tenant Discovery​

On root login, we now return a list of tenants that a user is registered with (via email). After selecting a tenant a user is directed to that tenants login.

Local Development​

Docker​

We now have the following Docker compose files for local development:

• docker/services-compose.yml: Will setup all the services needed for local development.
• docker/iguhealth-compose.yml: Will setup services and the iguhealth server and admin app.

Security​

OperationDefinition Execution​

OperationDefinitions must now be tied to an AccessPolicy resource to access and mutate data back on the server.

General​

Updated Packages​

• @iguhealth/server: 0.14.17
• @iguhealth/components: 0.7.10
• @iguhealth/admin-app: 0.8.3

Dependencies Updated to Latest​

We've updated the following dependencies to their latest versions:

• tailwind: 3.4.4
• prettier: 3.3.1
• headless/react: 2.0.4
• pg: 8.12.0
• jose: 5.4.0
• ajv: 8.16.0
• adm-zip: 0.5.14
• json-schema-to-typescript: 14.0.5

Server Enhancements​

Author Parameter​

We've moved the author parameter from being a token search parameter to a reference parameter. Custom operations, ClientApplications with client credentials, and Membership users who make any updates will now be displayed as an extension pointing back to them.

Below is an example of the extension (which is automatically generated on all resources under meta.extension).

      {
        "url": "https://iguhealth.app/author",
        "valueReference": {
          "reference": "Membership/NuqYfcMykSm1Qsq2wHUNet"
        }
      }

You can now also perform chained searches against the author parameter as an example:

iguhealth api search_type r4 Patient _iguhealth-author.email=[email protected]

Alignment with new root users​

Root users are now treated like every other member, with a membership resource being used to determine their role and access to newly created tenants.

Remove _ from ID generation​

Per FHIR Spec, this is not compatible with the id regex.

See here for more information about how Vanya Client uncovered this on our server.

Admin Application Enhancements​

Settings​

Settings now displays links to R4, R4B, and OIDC endpoints, which are pulled from our .well-known/openid-configuration. Additionally, we've updated our libraries to use well-known/openid-configuration for pulling OIDC endpoints instead of hardcoding them.

History View​

Versioned resources can now be viewed as a diff from the previous version.

Invite Modal​

The invite modal will now allow you to specify a user role and tie an access policy to them.

General​

Updated Packages​

• @iguhealth/iguhealth.fhir.r4.core: 0.5.8
• @iguhealth/admin-app: 0.7.8
• @iguhealth/cli: 1.4.4
• @iguhealth/client: 0.8.4
• @iguhealth/components: 0.7.7
• @iguhealth/fhir-validation: 0.7.2
• @iguhealth/fhirpath: 0.5.2
• @iguhealth/generated-ops: 0.5.4
• @iguhealth/jwt: 0.4.1
• @iguhealth/meta-value: 0.5.2
• @iguhealth/operation-execution: 0.7.2
• @iguhealth/server: 0.14.9

Dependencies Updated to Latest​

We've updated the following dependencies to their latest versions:

• Storybook
• ioredis