Patient de-identification Process API - Implementation Template
Setup guide
Importing Templates into Anypoint Studio
- In Studio, click the Exchange X icon in the upper left of the taskbar.
- Log in with your Anypoint Platform credentials.
- Search for the template.
- Click Open.
Running Templates in Anypoint Studio
After you import your template into Studio, follow these configuration steps to run it:
Common Configuration
mule.env
- sets the environment where the application is to be deployed. It should be configured inconfig-<mule.env>.yaml
file. For a studio deployment, the recommended mule.env value islocal
.mule.key
- sets the encryption password to be used for encrypting secure properties. Update as needed.api.autodiscoveryID
should be configured inconfig-<mule.env>.yaml
file.
Please refer to the attached link on how to secure the configuration properties.
HTTPS Configuration
https.host
— sets the service host interface. It should be configured inconfig-<mule.env>.yaml
file. (Defaults to 0.0.0.0 for all interfaces).https.port
— sets the HTTPS service port number. It should be configured inconfig-<mule.env>.yaml
file. (Default 8082).- TLS Configuration - Keystore properties setup:
keystore.alias
- sets the alias to the keystore. It should be configured inconfig-<mule.env>.yaml
file.keystore.path
- sets the path to the key file. Key should be available in /src/main/resources/keystore. It should be configured inconfig-<mule.env>.yaml
file.keystore.keypass
— sets keystore keypass to support HTTPS operation. It should be encrypted and configured inconfig-secured-<mule.env>.yaml
file.keystore.password
— sets keystore password to support HTTPS operation. It should be encrypted and configured inconfig-secured-<mule.env>.yaml
file.
Please refer to the attached link on how to generate the Keystore.
MariaDB Configuration
A MariaDB is needed for this application to store ehr and de-identified ids of each resource. Once a MariaDB instance is identified and access is obtained, run the create-schema.sql
script available under src/test/resources/scripts
folder.
MuleSoft's DB Connector requires database name, host, username, and password to communicate with MariaDB. After obtaining the necessary credentials, configure it in the properties file located in config
folder.
hls.database.name
should be encrypted and configured inconfig-<env>.yaml
file.hls.database.host
should be encrypted and configured inconfig-<env>.yaml
file.hls.database.username
should be configured inconfig-<env>.yaml
file.hls.database.password
should be encrypted and configured inconfig-secured-<env>.yaml
file.
Please refer to the attached link on how to secure the configuration properties.
Anypoint MQ Connector Configuration
MuleSoft's Anypoint MQ Connector requires clientId, clientSecret, queueName and url to communicate with Anypoint MQ.
After obtaining the necessary credentials, configure it in the config-<mule.env>.yaml
file located in /src/main/resources/config
folder.
Ensure the Anypoint MQ queue names mentioned for anypoint-mq.queue-name
and anypoint-mq.dl-queue-name
properties in the property file are created and configured the Default Acknowledgement Timeout
to at least 10 minutes and set Default Delivery Delay
to 1 minute for the queue.
anypoint-mq.client-id
should be configured in theconfig-<env>.yaml
file.anypoint-mq.client-secret
should be encrypted and configured inconfig-secured-<env>.yaml
file.anypoint-mq.server-url
should be configured in theconfig-<env>.yaml
file.anypoint-mq.queue-name
should be configured in theconfig-<env>.yaml
file.anypoint-mq.dl-queue-name
should be configured in theconfig-<env>.yaml
file.anypoint-mq.acknowledgementTimeout
should be configured in theconfig-<env>.yaml
file.
System APIs and Other Configurations
The application requires few properties to be configured, mainly the system API connection information.
healthlake-sys-api.host
should be configured inconfig-<mule.env>.yaml
file.healthlake-sys-api.port
should be configured inconfig-<mule.env>.yaml
file.healthlake-sys-api.clientid
should be configured inconfig-<mule.env>.yaml
file.healthlake-sys-api.clientsecret
should be encrypted and configured inconfig-secured-<mule.env>.yaml
file.generic-fhir-client-sys-api.host
should be configured inconfig-<mule.env>.yaml
file.generic-fhir-client-sys-api.clientid
should be configured inconfig-<mule.env>.yaml
file.generic-fhir-client-sys-api.clientsecret
should be encrypted and configured inconfig-secured-<mule.env>.yaml
file.
Additionally, this application requires configurations related to the authorization mechanism leveraged to establish the connectivity with EHR for Bulk Export.
ehr.name
should be configured inconfig-<mule.env>.yaml
file based on the EHR. The allowed values areepic
andcerner
.authorization.connectionType
should be configured inconfig-<mule.env>.yaml
file based on the authorization type configured on EHR. The allowed values arejsonwebtoken
andclientcredential
.
Configure the below set of properties for jsonwebtoken
connection type:
jsonwebtoken.baseUrl
should be configured inconfig-<mule.env>.yaml
file.jsonwebtoken.tokenUrl
should be configured inconfig-<mule.env>.yaml
file.jsonwebtoken.clientid
should be configured inconfig-<mule.env>.yaml
file.jsonwebtoken.clientsecret
should be encrypted and configured inconfig-secured-<mule.env>.yaml
file.
Configure the below set of properties for clientcredential
connection type:
clientcredential.baseUrl
should be configured inconfig-<mule.env>.yaml
file.clientcredential.tokenUrl
should be configured inconfig-<mule.env>.yaml
file.clientcredential.clientid
should be configured inconfig-<mule.env>.yaml
file.clientcredential.clientsecret
should be encrypted and configured inconfig-secured-<mule.env>.yaml
file.clientcredential.scope
should be configured inconfig-<mule.env>.yaml
file.
Please refer to the attached link on how to secure the configuration properties.
Assumptions and constraints
- Adjust the value of
anypoint-mq.aknowledgementTimeout
property to prevent the reprocessing of the same message. Set this value based on the number of FHIR resources to be exported and the volume for each FHIR resource. - Postal Code will be de-identified based on the population size derived from decennial census data. If the population size for a particular postal code cannot be determined, the code will be masked with zeros.
- The application currently supports using the decennial census data from files bundled as static resource files in the application. If census data needs to be refreshed, overwrite the files under the
src/main/resources/static-data
folder. - Data store should be secured to protect the source system resource instance identifiers
- The application also provide a reference implementation to invoke Decennial Profile of Census API to determine the size of population for a given postal code. However, this functionality has not been utilized. The implementation can be enhanced to invoke the Census API by configuring the appropriate credentials to leverage the postal code validation in real-time.
Run it
- Right-click the template project folder.
- Hover your mouse over Run as.
- Click Mule Application (configure).
- Inside the dialog, select Environment and set the variable mule.env to the appropriate value (e.g dev or local).
- Inside the dialog, select Environment and set the variable mule.key to the property encryption key that you used to encrypt your secure properties. Click Run.
Web Application
After deploying the application, the user can reach the web UI at /api/webapp/index.html
. This UI uses the /api/export
endpoint to get all of the current config information. The UI can be used to create new configurations, delete existing configurations, view configuration details, or edit parts of existing configurations.
Deployment instructions for CloudHub using provided scripts
Ensure the Maven profile CloudHub-DEV
has been properly configured in your settings.xml
file. Reference can be found by downloading the Accelerator Common Resources asset. Additional instructions are available in the Getting Started with MuleSoft Accelerators - Build Environment guide.
Update the config-<env>.yaml
properties appropriately and then use one of the following scripts to deploy the application to CloudHub:
- packageDeploy.sh or deployOnly.sh (Mac/Linux)
- packageDeploy.cmd or deployOnly.cmd (Windows)
Test it
- Use Advanced Rest Client or Postman to send a request over HTTPS. The template includes a Postman Collection in the
src/test/resources
folder.