WhyStopped reason is not stored in the MedicationRequest resource.

Parents want to be "editors" on childrens records
Spouses want to be "viewers" on each other
Patient wants to be able to share records with Doctor/caregiver (temporarily & long term)

We currently support ~3k sources. By enabling Athena we'll be adding almost 16k sources.

Fasten will require pagination and searching capabilities.
AWS ElasticSearch Serverless may be a solution worth investigating.

related #49

Create an address book of all Doctors, Hospitals and Clinics that a Patient interacted with

• include contact information and a simple history

What is this

Feature request for multi factor authentication. Considering this is storing private health data it is important that it be as secure as possible.

Why is this needed?

Ideally MFA would be handled by an external authentication provider such as OIDC or Forward Authentication (preferred). However, in order to develop a zero knowledge model, Fasten would require a user-inputted secret, which neither OIDC and Forward Auth make available.

Hence, the MFA burden falls on the app itself. This is a similar problem to what BitWarden/VaultWarden face with their zero knowledge model.

Implementation

Lots of options out there, but I would personally request support for the following modes:

• Duo.com
• TOTP
• WebAuthn

I specifically request that email and SMS 2nd factor not be supported because of how insecure they are.

When is this needed?

Not now. This is obviously an advanced feature and other core features are higher priority in order to deliver basic functionality.

use ivmartel/dwv library for displaying DICOM image

https://ivmartel.github.io/dwv-angular/

• Primary care provider is fake, find a way to determine the real one.
• Remove fake Latex allergy.
• Add dates to Allergies
• Fix Ethnicity

We attempt to sync all FHIR resources by searching for all resources associated with a Patient ID.
We need to find a way to extract references to certain resources that cannot be searched in this manner.

  //"Binary",
  //"Location",
  //"Medication",
  //"MedicationRequest",
  //"Organization",
  //"Patient",
  //"Practitioner",
  //"Provenance",

• Others

What is this?

Enable the ability to use LDAP for Fasten. To simplify user management, enable the importing from and querying against of an LDAP server for authentication.

Implementation

Import users with live query on login - This is the preferred method, where an import form LDAP is enabled, either as a recurring job, or as a one time user triggered action, against a user-defined filter (e.g. memberOf=cn=fastenUsers,cn=groups,dc=domain,dc=com). Import would create a local user entity, tagged with LDAP and with no password defined. Upon login for an LDAP tagged user, an LDAP lookup is made to verify the password. This ensures that the user is always logged in against their most recent password, however it requires the LDAP server always be available, which is generally a safe assumption with LDAP.

Caching passwords - There is an option to cache the salted passwords locally so that there isn't a dependency on LDAP being live when login occurs, however this method is not recommended. If a user changes their password in LDAP, it would be up to either the Admin or a scheduled job to import the new salted password. This becomes a security risk during the all too common database leaks that are happening these days, e.g. LastPass, because old passwords would live longer than necessary after being changed.

Password Changes - There are two options here depending on if the admin wants to enable write access to the LDAP server. If write access is enabled, then a simple LDAP writeback can be performed upon password changes. If permissions are read only, the administrator can disable password changes for LDAP users and provide an external link to a password change tool.

Workflow

• Initial Configuration
  • Administrator configures LDAP search filters and access credentials
  • Administrator clicks "Test Import" and Fasten performs an LDAP look up and presents a preview of users who will be imported
  • Administrator clicks "Import" OR relies on a built in sync job (e.g. every 24 hours)
    • Fasten creates a user entity for every user imported. May import additional information such as email, displayName, photo, etc
• User attempts to login
  • Fasten checks if a user is flagged as LDAP
    • If not flagged as LDAP, regular login pathway is followed
  • Fasten opens a connection and bind request to the LDAP server to authenticate the user
  • If bind succeeds, user is logged in and may proceed as usual.

Security

LDAP protocol requires plaintext password exchange, which would necessitate ldaps for security. Optionally, Fasten may be able to reference the userPassword property of the LDAP query and salt the password internally to perform a comparison using Base64Encode(SHA1(password+salt)+salt). This would replace the second bind with the user submitted plaintext credentials.

When is this needed?

Sooner rather than later. While the current mechanism would work for myself as a single user, I would block rollout to my family contingent on LDAP. The only workaround would be if a functional export/import feature existed that would allow migrating to LDAP-imported accounts down the line.

• Empty list
• Loading spinner

• Fix filtering & Categories
• Add logos for all Cerner sources
• Add table for all manually uploaded sources
• Add overlay if the connected source is older than x days
• When scrolling down the long list, add a "back to top" button.

• Each condition should have a "Summary" in patient friendly (non-clinical) format
• CareTeam email addresses should be linked if provided.
• Binary resources should be added under an attachment section
• If no Location is specified in the Encounter, see if theres an associated Location resource.
• DiagnosticReports should forward the user to the Observations Report.
• BUG cannot merge composition types
  • Introduced in #20
• Add Goals/CarePlan information to the condition
• Add Pagination & Caching (large histories take 8+ seconds to load)

Development ongoing in https://github.com/fastenhealth/fasten-onprem/tree/grid-development branch.

• Replace dashboard with a draggable Widget based UI.
• See https://github.com/fastenhealth/docs/blob/main/technical/design/UI%20Widgets.md
  

When I click on the "CVS Health & Minute Clinic" tile, it launches the https://mychart.minuteclinic.com auth page, but then when I complete authenticating, it just loads the normal MyChart site for CVS/MinuteClinic. Nothing gets added to fasten.

What am I doing wrong?

Just trying to get started ... clicking "Anthem" tile redirects me to auth'ing Anthem ... but if I try another tile, it just stares back at me ... no action, plenty of errors in the console. e.g. hitting the SSM Health tile doesn't do anything.

Super happy that you're getting this off the ground - lemme know what else would be helpful.

• Display name
• source type slug
• Platform type
• Logo available

Hidden/under development sources should go into a separate file or into a collapsible block.

When attempting to connect to some Epic Sources, either the OAuth2 flow will fail or the syncing of the resources after getting the authorization token will fail due to a strict CORS configuration for the Epic instance we're trying to connect to.

I tested this against OptumCare East, which I know has their CORS set incorrectly for both their OAuth Endpoints and their FHIR endpoints but I know other health systems sometimes have the OAuth endpoints set correctly but the FHIR ones set incorrectly.

on mobile, when redirected from a provider, the app doesnt know that we're logged in and no data is stored.

• Create a billing report page
• include a summary of insurance information & billing codes for each encounter.
• Cost of Benefits / Explaination of Benefits

users can already upload records manually using FHIR Bundles, however this is difficult for non-developers. We need a way to allow users to enter their records manually.

• Show grouping dropdown, allowing user to select specific DiagnosticReports
• Add Patient Friendly summary to each Observation type.
• Add Sort By dropdown
  • Status (acceptable, problematic results)
  • Date
  • Name
  • Report
  • Panel type

List of All COde Systems

• https://build.fhir.org/ig/HL7/UTG/CodeSystem-v3-CodeSystem.html
• https://build.fhir.org/terminologies-valuesets.html

Practitioner/PractitionerRole

Roles for Practitioners

• https://terminology.hl7.org/CodeSystem-v3-RoleCode.html
• http://terminology.hl7.org/CodeSystem/v3-nuccProviderCodes
• http://nucc.org/provider-taxonomy
• https://build.fhir.org/valueset-participant-role.html
• https://build.fhir.org/valueset-practitioner-role.html
• https://build.fhir.org/valueset-provider-taxonomy.html

Organization

• http://terminology.hl7.org/CodeSystem/v3-nuccProviderCodes
• https://build.fhir.org/valueset-c80-facilitycodes.html

MedicationRequest

• Dispense Reason - https://build.fhir.org/valueset-medicationdispense-status.html

Countries

• https://build.fhir.org/valueset-country.html
• https://tx.fhir.org/r4/ValueSet/$expand?_format=json&url=http://hl7.org/fhir/ValueSet/iso3166-1-2
• https://tx.fhir.org/r4/ValueSet/$expand?url=http://hl7.org/fhir/ValueSet/iso3166-1-2

Datasets

• https://www.nyam.org/library/collections-and-resources/data-sets/
• https://healthdata.gov/browse?limitTo=datasets&sortBy=newest&utf8=%E2%9C%93

Trying to add the Aetna source immediately results in:

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<status>
<statusCode>400</statusCode>
<detail>Bad Request</detail>
<severity>E</severity>
<additionalStatus>
<statusCode>400</statusCode>
<serviceName>v1fhirserverauthoauth2authorization</serviceName>
<detail>Missing client_id in Request</detail>
<severity>E</severity>
<loginAttempts>No Login Attempts made</loginAttempts>
</additionalStatus>
</status>

Url:
https://vteapif1.aetna.com/fhirdemo/v1/fhirserver_auth/oauth2/authorize?redirect_uri=https%3A%2F%2Flighthouse.fastenhealth.com%2Fv1%2Fcallback%2Faetna&response_type=code&response_mode=fragment&state=3b587e1c-7544-4a35-a8b8-383d8e337b5f&client_id=&scope=fhirUser+launch%2Fpatient+patient%2F*.read+profile&aud=https%3A%2F%2Fvteapif1.aetna.com%2Ffhirdemo%2Fv1%2Fpatientaccess&code_challenge=Tgfyx_93THXCgpdtQwDFAuaD8wdLP3vgmTomPhbO5xk&code_challenge_method=S256

Installed via Docker from today's email.

Fasten is designed for family use - so an AuthN/AuthZ system is required. And on-top of that, given the fact that its storing healthcare information, I don't feel comfortable making it accessible without a password.

However, I do have plans to support authentication via delegation to an external system -- like Authelia, Authentik, Keycloak etc.

https://discord.com/channels/1023634406935642223/1023634407480885400/1099367475184926740

• Aetna - missing Production - requested Access. see #33
• Kaiser - waiting for sandbox creds, requires PKCE with Confidential = true
• Cigna - requires Audit.
• CVS - broken portal see #65
• Anthem - timeout occassionally, requires retries. see #99
• Optum/Epic/Allscripts sources require CORS during auth. see #64
• Medicare - 401 - 401 Unauthorized [{\"detail\":\"Authentication credentials were not provided.\"}]"}}"
• Aetna Sandbox broken.
• Kaiser prod is broken (extra sandbox scope)

this is a known issue:

• nodejs/docker-node#1335
• bddvlpr/untis-ics-sync#2
• chatwoot/chatwoot#5619
• yarnpkg/yarn#5259 (comment)

OMG - https://blog.thesparktree.com/docker-multi-arch-github-actions

• Last Updated should be pulled from database
• Header should include contact information for most recent PCP - Primary Care Provider

EMR systems can "launch" external applications with the authentication partially completed. (See Logica) It would be interesting to support this usescase in Fasten, as the self-hosted application could parse the data (users could enter their "selfhosted" url -- including localhost)

https://build.fhir.org/ig/HL7/smart-app-launch/scopes-and-launch-context.html#apps-that-launch-from-the-ehr

http://localhost:9090/fhir-app/launch.html?iss=https%3A%2F%2Fgw.interop.community%2FFastenSandbox%2Fdata&launch=ZrWdC2

USA

• https://clinicaltables.nlm.nih.gov/

Canada

• https://www.healthguideusa.org/canadian_medical_license_lookup.htm
• https://mcc.ca/examinations/minc/
• https://www.minc-nimc.ca/licensed-users/
• https://www.healthguideusa.org/canadian_medical_license_lookup.htm

UK

• https://www.gmc-uk.org/registration-and-licensing

related #42

This application looks very promising and I'm so glad something like this is finally being created. I just setup a docker instance, and this is what I found:

When using the following command, no database file is generated:

docker run --name=FastenHealth -p 9090:8080 -v /mnt/12Bay/docker/FastenHealth/db/:/opt/fasten/db/ ghcr.io/fastenhealth/fasten-onprem:main

Creating this issue to stash some resources we have found to find "patient-friendly" descriptions of LOINC/SNOMED/etc codes.

I will post resources here shortly.

crypto.subtle is only available on either secure contexts (HTTPS) or local non-secure contexts (localhost, *.localhost, 127.0.0.1).

When self-hosting things (especially when quickly testing something new) things may be non-local, but not https (e.g. accessed by IP or internal DNS). There should probably be some sort of check when accessing the page (which could be done even before login) as to whether the context is secure and SubtleCrypto is available. The only indication of this issue I have found is a console message when attempting to add a provider (ERROR Error: Uncaught (in promise): TypeError: can't access property "digest", crypto.subtle is undefined)

edit: It may also be desirable to have some sort of way to set a "base url" that users get redirected to when attempting to access fasten from the "wrong" URL, and that is used for any links within the app. The app could refuse to even start if the "base url" is a context that would allow the usage of SubtleCrypto. This is also important if the app were to e.g. send an email, it needs to know what URL to reolve relative paths and such against without the benefit of a user being on a page that it can use to determine that.

as discussed in FHIR Zulip

We've received constant feedback that users would also like the ability to create records themselves:

• their institution may not be supported by Fasten
• their institution may be international (and not have a patient-accessible portal)
• they have old records that no longer exist
• they have relevant medical data that has never been tracked by an institution
• etc.

Since our system already uses and understands FHIR documents, we should store patient manually-created documents in the same format, however FHIR editors seem complicated, requiring patients to understand the FHIR spec.

Some ideas for how medical history can be "manually" ingested by Fasten

• a UI library that generates "simple" forms for each (or multiple) FHIR resource type?
• using the FHIR Questionnaire resource/wizard for prompting users for their medical information?
• an ML based system to parse free-text into records.
• a simple DSL (similar to FSH) that can generate FHIR records.
• a question/answer style chatbot for generating records

It would be nice to have images for arm64, armv7 etc.

• Netherlands
  • MedMij - https://medmij.nl/en/home
• UK.
  • https://digital.nhs.uk/developer/api-catalogue?filter=fhir&filter=patient-citizen
  • only 2 that have sandboxes and seem worth integrating:
    • https://digital.nhs.uk/developer/api-catalogue/gp-connect-patient-facing-access-record-fhir
    • https://digital.nhs.uk/developer/api-catalogue/immunisation-history-fhir
    • https://digital.nhs.uk/developer/api-catalogue/personal-demographics-service-fhir
    • https://digital.nhs.uk/developer/api-catalogue/summary-care-record-fhir
• Canada
  • https://infocentral.infoway-inforoute.ca/en/standards/canadian/fhir
  • https://www.infoway-inforoute.ca/en/component/edocman/6444-connecting-you-to-modern-health-care-shared-pan-canadian-interoperability-roadmap/view-document?Itemid=101
  • https://www.canada.ca/en/health-canada/services/health-care-system/advisory-panel-healthcare-innovation.html
• Poland
  • https://api.nfz.gov.pl/app-itl-api/
• Europe (Slovenia, AT, HR, HU, IT)
  • From /u/shorto on Reddit:

    In most of Europe with the exception of Estonia which is fully digitized, the system is basically a PDF storage. In Slovenia, only you can export (same is in AT, HR, HU, IT), a single PDF for every doctor's note you get. There is no mass export feature or anything like that, The login has to be made with a state issues certificate. So if you plan to expand to EU, the best way to do it, is to allow people to manually import the PDF's DICOM images etc that they get, organise them etc.
    Some of the practices will simply send it to your email, others use the state-issued system I mentioned above. I asked if an API will be available and it won't due to security reasons and concerns expressed by the EU.

• Australia ⚠️
  • https://developer.digitalhealth.gov.au/resources/news/my-health-record-fhir-gateway-v2-1-released
  • https://myrecord.ehealth.gov.au/

  I've begun the process of registering as a developer and following the My Health Record developer guides, however the "DH-3710-2023 - My Health Record - App Vendor Guide to the Connection Process v1.2.pdf" document has some verbiage that I'd like some clarification on:
  Under "App developer requirements" on page 10 are the following sample requirements (emphasis mine):

  • The app developer must have a head office and be registered in Australia.
  • My Health Record data cannot leave Australia - and cannot be accessed, backed up, or managed by service providers from overseas (for example, onshore technical support only).
  • There must be a clear mechanism in place for obtaining informed consent from consumers to collect, use or disclose their My Health Record data. This should be in a simple and user-friendly reading format.
  • The app must be for the purpose of healthcare.
  • If not already applicable, the app developer must opt-in to being subject to the Privacy Act, and therefore be required to adhere to the rules relating to, for example, data privacy and informed consent.
  • The app must utilise strong cryptography to secure My Health Record data at rest, and when in transit.

related #48

implemented in this function: https://github.com/fastenhealth/fasten-sources/blob/main/clients/internal/base/fhir401_extract_resource_metadata.go

Hi, I'm the creator of graph and coincidentally noticed this ToDo:

I'd like to point out that graph v0.16.0 will provide a Store interface and thus come with first-class support for database storages. Just FYI 🙂

A localization would be great to expand accessibility to people who are not comfortable with English.

i18n (other variants exist) is a frequently used module in self hosted projects. Most of them use Crowdin to aggregate translations. They offer free plan for open source projects.

I personally recommend it (as least as translator and proofreader).

Voilà!

I could help you, by promoting me to manager on Crowdin :)

Have a great day

• create a Medications report, which summarizes all medication the patient is taking.