search

uwrit / leaf

Leaf Clinical Data Explorer
https://www.youtube.com/watch?v=ZuKKC7B8mHI
Other
86 stars 47 forks source link

Problem with LowCellSizeMasking #549

Closed artgoldberg closed 1 year ago

artgoldberg commented 1 year ago

Hello Leaf folks

I'm testing Leaf 3.11 with LowCellSizeMasking.Threshold: 10 (in /var/opt/leafapi/api/appsettings.json): image But nevertheless it's displaying counts less than 10: image This really perplexes me because I tested code that I believe is the same on June 16 with a threshold of 100 and it worked: image

My appsettings.json:

{
  "Runtime": {
    "Mode": "FULL"
  },
  "Jwt": {
    "SigningKey": "LEAF_JWT_KEY",
    "Password": "LEAF_JWT_KEY_PW",
    "Certificate": "LEAF_JWT_CERT",
    "Issuer": "urn:leaf:issuer:leaf.mssm.edu"
  },
  "Db": {
    "App": {
      "Connection": "LEAF_APP_DB",
      "DefaultTimeout": 600
    },
    "Clin": {
      "Connection": "LEAF_CLIN_DB",
      "RDBMS": "MSSQL",
      "DefaultTimeout": 600,
      "Cohort": {
        "QueryStrategy": "CTE",
        "MaxParallelThreads": 5
      }
    }
  },
  "Authentication": {
    "Mechanism": "SAML2",
    "SessionTimeoutMinutes": 480,
    "InactivityTimeoutMinutes": 120,
    "Logout": {
      "Enabled": false,
      "URI": ""
    },
    "SAML2": {
      "Headers": {
        "ScopedIdentity": "nameID"
      }
    }
  },
  "Authorization": {
    "AllowAllAuthenticatedUsers": true,
    "Mechanism": "APPDB"
  },
  "Attestation": {
    "Enabled": true,
    "Type": "HTML",
    "Text": [
      "<b>By logging in you agree to the following:</b><p>",
      "<p style='margin-left: 20px'>  <ul>  1. For Human Subjects research uses, I certify that I have completed Mount Sinai training required by the Program for Protection of Human Subjects, and agree to abide by all PPHS requirements pertaining to access, storage, sharing and review of data.<br style=\"line-height: 14pt\" />",
      "  2. I will limit my review of data elements in the Data Warehouse, or any Datamarts, to only those data elements and date ranges in the scope of my IRB approved project, or for authorized Hospital uses as necessary to carry out my job responsibilities.<br style=\"line-height: 14pt\" />",
      "  3. For any custom reports or datasets that I request, I will limit my request to only those data elements and date ranges in the scope of my IRB application and approval, or for authorized Hospital uses as necessary to carry out my job responsibilities.<br style=\"line-height: 14pt\" />",
      "  4. When using data provided without identifiers for research purposes I will not attempt to re-identify patients from any data that I may see in the Data Warehouse or any Datamarts or reports. This restriction applies to all uses, including data being used in preparation of a project, or for purposes of research that is considered not federal regulated human subjects research.<br style=\"line-height: 14pt\" />",
      "  5. For any identified (i.e., containing PHI) Datamarts, data sets or reports made available to me, I will exclude any subjects personally known to me or co-investigators except in a formal provider/patient relationship.<br style=\"line-height: 14pt\" />",
      "  6. Data supplied for projects with IRB approval shall not be re-used or re-disclosed without explicit permission from the IRB.<br style=\"line-height: 14pt\" />",
      "  7. I certify that I understand and agree to abide by the guidelines of the PPHS, the rules and regulations of the Mount Sinai Medical Center, and all applicable federal and state laws and regulations.<br style=\"line-height: 14pt\" />",
      "  8. I understand that all access is audited, and that unauthorized access or inappropriate usage of data may result in disciplinary action up to and including termination.</ul></p><b>A De-identified Data Set with the following limitations:</b><br></p>",
      "<p style='margein-left: 30px'><ul>  <li>Patients with an age of 89 and older are masked with a value of \"Greater than 89\".</li>  <li>Cohorts less than 10 are masked with a value of \"Less than 10\".</li>  <li>Dates in the dataset are shifted equally per patient based on the date shift value. This ensures that the relative distance between dates in the patients' chronology remains intact.</li>  </ul></p>"
    ]
  },
  "Compiler": {
    "Alias": "@",
    "FieldPersonId": "person_id",
    "FieldEncounterId": "visit_occurrence_id"
  },
  "Cohort": {
    "RowLimit": 200000,
    "ExportLimit": 5000
  },
  "Export": {
    "REDCap": {
      "Enabled": false,
      "ApiURI": "https://redcap.example.edu/api/",
      "BatchSize": 10,
      "RowLimit": 5000,
      "Scope": "washington.edu",
      "SuperToken": "LEAF_REDCAP_SUPERTOKEN",
      "IncludeScopeInUsername": true
    },
    "CSV": {
      "Enabled": true
    }
  },
  "Import": {
    "REDCap": {
      "Enabled": false,
      "ApiURI": "https://redcap.example.edu/api/",
      "BatchSize": 1000
    }
  },
  "Deidentification": {
    "Patient": {
      "Enabled": false,
      "DateShifting": {
        "Increment": "DAY",
        "LowerBound": -365,
        "UpperBound": 365
      }
    },
    "Cohort": {
      "Enabled": true,
      "Noise": {
        "Enabled": false,
        "LowerBound": -10,
        "UpperBound": 10
      },
      "LowCellSizeMasking": {
        "Enabled": true,
        "Threshold": 10
      }
    }
  },
  "Client": {
    "Map": {
      "Enabled": false,
      "TileURI": "https://server.arcgisonline.com/ArcGIS/rest/services/World_Street_Map/MapServer/tile/{z}/{y}/{x}"
    },
    "Visualize": {
      "Enabled": true,
      "ShowFederated": false
    },
    "Timelines": {
      "Enabled":  false
    },
    "PatientList": {
      "Enabled": true
    },
    "Help": {
      "Enabled": true,
      "Email": "",
      "URI": "https://scicomp.mssm.edu/jira/servicedesk/customer/portal/14"
    }
  },
  "Notification": {
    "Enabled": false,
    "Email": {
      "Server": "server",
      "UseSSL": true,
      "Sender": {
        "Address": "sender@u.edu"
      },
      "Receiver": {
        "Address": "receiver@u.edu"
      },
      "Credentials": {
        "Username": "LEAF_SMTP_USR",
        "Password": "LEAF_SMTP_PW"
      }
    }
  }
}

Thanks Arthur

artgoldberg commented 1 year ago

Also, I'm not seeing patient lists when I expect to see them: image image

ndobb commented 1 year ago

Hmmm I'm not sure what to make of this, Arthur. We have Leaf v11.1 deployed on a dev instance: image

And the feature is working as expected: image

The patient list not working in your example actually makes sense if you are seeing that as well when the cohort is 5 patients, as cohorts <= your threshold should show no data in the patient list, and 5 is under 10 so that seems appropriate. The oddity is the number displayed in the UI.

Here are our dev instance appsettings:

{
  "Runtime": {
    "Mode": "FULL"
  },
  "Jwt": {
    "SigningKey": "LEAF_JWT_KEY",
    "Password": "LEAF_JWT_KEY_PW",
    "Certificate": "LEAF_JWT_CERT",
    "Issuer": "urn:leaf:iss:am-leafv3dev.analytics.uwmedicine.org"
  },
  "Db": {
    "App": {
      "Connection": "LEAF_APP_DB",
      "DefaultTimeout": 60
    },
    "Clin": {
      "Connection": "LEAF_CLIN_DB",
      "DefaultTimeout": 180,
      "RDBMS": "MSSQL",
      "Cohort": {
        "QueryStrategy": "PARALLEL",
        "MaxParallelThreads": 5
      }
    }
  },
  "Authentication": {
    "Mechanism": "SAML2",
    "SessionTimeoutMinutes": 480,
    "InactivityTimeoutMinutes": 20,
    "Logout": {
      "Enabled": true,
      "URI": "https://am-leafv3dev.analytics.uwmedicine.org/Shibboleth.sso/Logout?return=https://uwmedicine.org"
    },
    "SAML2": {
      "Headers": {
        "ScopedIdentity": "uwUPN"
      }
    }
  },
  "Authorization": {
    "Mechanism": "SAML2",
    "AllowAllAuthenticatedUsers": false,
    "SAML2": {
      "HeadersMapping": {
        "Entitlements": {
          "Name": "uwGroups",
          "Delimiter": ";"
        }
      },
      "RolesMapping": {
        "User": "amApp_RIT_Leaf_User",
        "Super": "NOT_USED",
        "Identified": "amApp_RIT_Leaf_Admin",
        "Admin": "amApp_RIT_Leaf_Admin"
      }
    }
  },
  "Attestation": {
    "Enabled": true
  },
  "Compiler": {
    "Alias": "@",
    "FieldPersonId": "PatientDurableKey", 
    "FieldEncounterId": "EncounterDurableKey"
  },
  "Cohort": {
    "RowLimit": 200000,
    "ExportLimit": 499
  },
  "Export": {
    "REDCap": {
      "Enabled": true,
      "ApiURI": "https://rcdev.iths.org/api/",
      "BatchSize": 10,
      "RowLimit": 5000,
      "Scope": "washington.edu",
      "IncludeScopeInUsername": true,
      "SuperToken": "LEAF_REDCAP_SUPERTOKEN"
    },
    "CSV": {
      "Enabled": true
    }
  },
  "Import": {
    "REDCap": {
      "Enabled": true,
      "ApiURI": "https://rcdev.iths.org/api/",
      "BatchSize": 1000
    }
  },
  "Deidentification": {
    "Patient": {
      "Enabled": true,
      "DateShifting": {
        "Increment": "DAY",
        "LowerBound": -365,
        "UpperBound": 365
      }
    },
    "Cohort": {
      "Enabled": true,
      "Noise": {
        "Enabled": false,
        "LowerBound": -10,
        "UpperBound": 10
      },
      "LowCellSizeMasking": {
        "Enabled": true,
        "Threshold": 1000
      }
    }
  },
  "Client": {
    "Map": {
      "Enabled": false,
      "TileURI": "https://server.arcgisonline.com/ArcGIS/rest/services/World_Street_Map/MapServer/tile/{z}/{y}/{x}"
    },
    "Visualize": {
      "Enabled": true,
      "ShowFederated": false
    },
    "Timelines": {
      "Enabled":  true
    },
    "PatientList": {
      "Enabled": true
    },
    "Help": {
      "Enabled": true,
      "Email": "leafsupport@uw.edu",
      "URI": ""
    }
  },
  "Notification": {
    "Enabled": false,
    "Email": {
      "Server": "",
      "UseSSL": true,
      "Sender": {
        "Address": "leafdevops@uw.edu"
      },
      "Receiver": {
        "Address": "leafsupport@uw.edu"
      }
    }
  }
}
artgoldberg commented 1 year ago

Thanks @ndobb The problems vanished fortunately. I hypothesize that I unknowingly used Leaf v3.9. I've been testing dev at the prod domain name by modifying /etc/hosts. The VPN client occasionally rewrites the file and drops the mapping for the prod domain name. I could have pinged the prod domain to check. A related suggestion: my hypothesized confusion could be avoided by including Leaf's version on its launch page also on its home page. Or make the version available elsewhere, e.g. under the user menu. image

ndobb commented 1 year ago

Great! We can probably add the version in elsewhere too as you suggest, Arthur. In the meantime, if you open up the developer console in your browser you can also find details of the version of each tier in Leaf's deployment:

image

ndobb commented 1 year ago

Closing as it seems this is resolved.

artgoldberg commented 1 year ago

@ndobb Great RE "We can probably add the version in elsewhere too as you suggest, Arthur. In the meantime, if you open up the developer console in your browser you can also find details of the version"