A Secure Rest implementation for the HL7 FHIR Specification. For API documentation, please see https://github.com/Asymmetrik/node-fhir-server-core/wiki.
The Asymmetrik Extensible Server Framework for Healthcare allows organizations to build secure, interoperable solutions that can aggregate and expose healthcare resources via a common HL7® FHIR®-compatible REST API. This server framework currently supports both DSTU2 (1.0.2) and STU3 (3.0.1) simultaneously. You can decide to support both or just one by editing the configuration.
The framework defines a core server, node-fhir-server-core, a simple, secure Node.js module built according to the FHIR specification and compliant with the US Core implementation.
For an example implementation using MongoDB, please refer to our Github repository that we used for the ONC FHIR Secure API Server Showdown Challenge, https://github.com/Asymmetrik/node-fhir-server-mongo.
Node.js version later than 7.6, but not 8.5 (see Attention), and an understanding of promises usage are required.
Familiarity of the FHIR specification and whatever database containing the resources will assist in querying data and returning them in a format conforming to specification.
Install node-fhir-server-core as followed:
# For yarn users
yarn add git+https://github.com/Asymmetrik/node-fhir-server-core.git
# For npm users
npm install --save git+https://github.com/Asymmetrik/node-fhir-server-core.gitOnce installed, the server can be required in the application.
const FHIRServer = require('@asymmetrik/node-fhir-server-core');
const { VERSIONS } = FHIRServer.constants;
/**
* The server will not run unless you have specified
* at least one valid profile configuration
*/
const config = {
profiles: {
patient: {
service: path.resolve('./profiles/patient/patient.service'),
versions: [ VERSIONS['3_0_1'] ]
}
}
};
let main = function () {
let server = FHIRServer.initialize(config);
server.logger.info('FHIR Server successfully validated.');
// Start our server
server.listen(3000, () =>
server.logger.info('FHIR Server listening on localhost:' + 3000)
);
};
main();For a complete list of all configuration options, supported profiles, their setups, best practices, authentication, etc. please consult our Wiki. More documentation and examples will be added over time.
- Support for more versions
- Multiple versions within DSTU2 and STU3
- R4
- Remaining Endpoints (Terminology Operations)
- Validation Service
- Enhancing Authentication and adding additional scope checks
- Better documentation on setup and configurations
- Implementation guides and demos
Our project vision is to build an easy to use FHIR server that supports all resource profiles defined in the US Core implementation guide and is built with security in mind from the ground up. We decided to use a plugin style architecture so implementors could focus on writing queries and not worry about all the other technical difficulties of securing the server. As this project matures, we plan to support more resources, custom extensions, versions, write capabilities, etc.
We believe in establishing a robust security, especially when it comes to health information. Part of the ONC Secure API Server Challenge was to stand up a server and let penetration testers have a go at it (you can see their results here). We are committed to continuing this practice and we will continue fixing any vulnerabilities discovered so we can do our best to make this server as secure as possible. For authentication, we are actively working on methods for simplifying integration with SMART on FHIR.
Please see CONTRIBUTING.md for more details regarding contributing issues or code.
This library makes use of node's path module. This is potentially exploitable in node version 8.5, see here. When deploying this, you need to deploy with a node version later than 7.6 BUT not 8.5.
@asymmetrik/node-fhir-server-core is MIT licensed.