$import Documentation

[joshua-hiltunen]

Documentation refers to kicking off submission using the $import operation repeatedly, however I've been unable to locate general documentation around $import. The closest thing I've found is a pair of draft proposals from three years ago.

Current UDS+ IG documentation indicates:

The Data Receiver SHALL download the NDJSON formatted, de-identified data from the health center using the links provided by the Data Submitter following the protocol specified in the manifest file.

Documentation around manifest arguments is fairly light (and referred to specifically around $export), but does have an argument for requiresAccessToken which seemed to fit the bill for 'the protocol specified in the manifest file".

However on a previous UTC call (1/17?) I had asked a question regarding whether the Receiver would make OAUTH access token requests in order to retrieve data from the protected urls in the manifest, and the response was something along the lines of "No, we aren't going to store our own clientID/secret for retrieving the data, but temporary access tokens can be provided in the manifest itself."

I've been searching for documentation around that process for the last two weeks without any significant results. Is there documentation that you can point me to? Is there an extension involved that should be referred to? The FHIR Artifacts page for $import is a little bit light.

[nbashyam]

The following links should help in gaining more clarity on the process. https://fhir.org/guides/hrsa/uds-plus/reportingguidance.html https://fhir.org/guides/hrsa/uds-plus/requestresponseexamples.html

Are you looking for definition of the data elements or looking for more documentation of the step by step process. The latter is explained in the above artifacts. The former (data elements) is explained in the Manifest profile.

[joshua-hiltunen]

So the part that's missing from that documentation is how the HRSA system is going to negotiate the OAUTH calls to the urls from the manifest. This stems from a question I asked a call or two back on this front. The urls from the manifest are all OAUTH protected. What was communicated in response was "you'll provide a temporary access token in the manifest", but I have found no documentation around the manifest that provides a mechanism to do so.

For the sake of cross referencing, I think there's another thread also tied up in this at https://github.com/drajer-health/uds-plus/issues/16.

[nbashyam]

Joshua Here is the relevant documentation: https://fhir.org/guides/hrsa/uds-plus/StructureDefinition-uds-plus-import-manifest.html

Please review this section. Also the Manifest file has the "importAccessToken" data element that can be provided so that we can use the same on the query back. Registering HRSA as client across all the EHRs and their systems to authenticate/authorize and get an access token is not in the roadmap currently.

Providing Security Tokens

A Health Center may wish to make sure that the HRSA Data Receiver provide a security token during the download of the UDS Plus data. In order to facilitate these tokens, the Data Submitter may echo a “security token” of type “bearer” in the manifest file for each UDS Plus file that needs to be downloaded. This bearer token will be echo’ed back by the Data Receiver in the HTTP header during the download process. This further enhances the security protocols between the Data Submitter and the Data Receiver systems.