Closed surfdoc closed 1 week ago
@minrk @ryanlovett @maryamv @fperez @scarini @jpp9 This is the WIP documentation for the September MVP. Once we have the link to the recording from today we can add that as well. We will plan on updating this issue as we update the documentation. Please feel free to tag folks that you feel would benefit from this information as well. Thanks.
@surfdoc Thanks! Do you want to add this as a doc via PR, even in its WIP status? I'm guessing that MyST will be able to render it mostly as-is, including the mermaid diagrams. It'd probably be easier to update the doc as a file in the repo compared to editing it via the issue tracker. Since you're the ones making changes however, whatever is easiest for you.
@ryanlovett Yep. That is a much better idea that having it in an issue. I have created a PR and tagged you as a reviewer. Feel free to make any changes and updates. Thanks.
RFC 2024-05-08 CHCS Identity & Access Management
Background
CommonHealth-CloudStorage (CHCS) is a web app built with Django that is used to share a patient's medical device data with researchers via the Common Health Android app. The established CHCS was required to support deployment to third-party servers without compromising data privacy and security. This was achieved by extensive use of cryptography and proxy design patterns, as outlined in this Google doc.
Problem
The cryptographic requirements for researchers to access and integrate with CHCS are impeding adoption.
Proposal
Drop the requirement to host CHCS on third-party servers and therefore the dependency on cryptography and instead support standards for authentication, authorization and integration.
The new implementation will support the following use cases for researcher end-users:
Researcher access:
Researcher creates study groups and invites colleagues to study groups.
Researcher searches for existing patients or registers new patients. If SMART on FHIR launch, patient details are pulled from the EHR context.
Researcher invites selected patients to selected study group (pending consent).
Deep Link is sent by SMS or E-mail to patients.
Patients launch deep link via Common Health Android app and give explicit consent for their specific medical device data to be shared with a specific study group.
The Common Health Android app periodically downloads vendor medical device data to the patient's phone.
The Common Health Android app periodically uploads medical device data to CHCS.
Researcher views, sorts and downloads patient device data for the specific study.
A REST API with OAuth2 for programmatic access
Technical Design
Authentication and Authorization
Direct Browser Access
E-mail/password sign-up and sign-in will be supported using the conventional django-oauth-toolkit using OIDC and OAuth2.
EHR Launch
A separate URI will be set up for EHR SMART on FHIR launches and the application will map the user's FHIR ID in
users.identifier
(see ERD below). The token checks in django-oauth-toolkit will need to be extended to switch for verification of tokens using the EHR keys for SMART launches (eg see Epic docs). The EHR launch may include contextual information such as the Patient ID that can be used by CHCS to shortcut to the corresponding patient screen.Access Control
A user may choose to consent/share only a specific subset of scopes (eg Heart Rate) from a specific subset of device data (eg iHealth) with a specific study group. This fine-grained access control requires joining study groups (organizations) and device data (observations) with a reference to scopes.
The original requirements envisioned this IAM web app to be only concerned with authentication and authorization and retain the existing CHCS for data management. However to support the required fine-grained access control, the IAM web app needs to maintain a database with references to the complete catalog of data (or at minimum proxies for all data records). To achieve this with two different databases requires a syncing process to keep both databases up to date which adds significant complexity. It is therefore proposed to consolidate the IAM app and database with the CHCS app and database.
SMART Scopes
SMART v2 supports scopes to include search parameters, so in addition to scoping by resource (eg Observation) codes (eg Heart Rate) can be used to filter from the database and restrict access accordingly, eg
A
code
parameter will be used to map SMART scopes to the corresponding Open mHealth SNOMED scope egOMHealthResource.HeartRate.Read
Extensibility Considerations
Deep Link launches from Web Browsers
Data Model
Open mHealth
Device data is expected to be in the Open mHealth (JSON) format however the system can be easily extended to support binary data attachments or individual observation records. Binary JSON database fields (such as
jsonb
in Postgres) allow the structured JSON data to be queried from SQL.FHIR
Tables and columns use a subset of the FHIR standard as a guide to support future extensibility and integration compatibility, for example the column
user.name_family
maps to the FHIRPerson.name.family
. The FHIR Observation supports avalue.valueAttachment
field to attach binary data, in this case binary JSON data in Open mHealth format. The FHIR CodeableConcept is used for scopes to reference the Open mHealth SNOMED code, eg 78564009 for Heart Rate.Users (FHIR Person)
identifier
is used to reference the EHR User identifier for SMART launches.Organizations (FHIR Organization)
part_of
to reference a parentorganization.id
.type
is a subset of https://build.fhir.org/valueset-organization-type.htmlSMART Client Configs
Study Groups (FHIR Group)
Study Groups belong to exactly one Organization.
Study Groups have one or more Patients.
Study Groups can have zero or many Users (this allows for collaborators outside of the Organization)
Observations (FHIR Observation)
code
references a FHIR CodeableConcept, eghttp://purl.bioontology.org/ontology/SNOMEDCT/78564009 (Read Heart Rate)
study_group_observation_consents.consented == false
study_group_observation_consents.consented == true
study_group_observation_consents.scope_action
is the SMART scope action component which will always ber
for "read" but is included for completenessCodeableConcepts (FHIR CodeableConcept)
Integration with CommonHealth Android App
Tech Stack
Capability Statement
/metadata
endpoint will be implemented to respond with a subset of the FHIR Capability Statement that introspects the service and describes the Observation resources available (including the search/filter by coded Open mHealth type) and how they can be accessed via the REST API.OIDC/OAuth2+SMART Scopes Flow
SMART Client Flow
Reference Material
Established System
Information on the established system can be found at the following resources:
Established Flow
Related Software
Considerations
./well-known
CHCS as a SMART Server
CHCS as a SMART Client and Server