A Secure Rest implementation for the HL7 FHIR Specification. For API documentation, please see https://github.com/Asymmetrik/node-fhir-server-core/wiki.
The Asymmetrik Extensible Server Framework for Healthcare allows organizations to build secure, interoperable solutions that can aggregate and expose healthcare resources via a common HL7® FHIR®-compatible REST API. This server framework currently supports both DSTU2 (1.0.2) and STU3 (3.0.1) simultaneously. You can decide to support both or just one by editing the configuration.
The framework defines a core server, node-fhir-server-core
, a simple, secure Node.js module built according to the FHIR specification and compliant with the US Core implementation.
For an example implementation using MongoDB, please refer to our Github repository that we used for the ONC FHIR Secure API Server Showdown Challenge, https://github.com/Asymmetrik/node-fhir-server-mongo.
Please view the Migration guide for version 2.0.0. We will absolutely continue supporting previous versions but will prioritize new features going to 2.0.0 unless we receive requests to retrofit them to older versions.
Node.js version later than 7.6 is required, but you should not use 8.5 (see Attention). A basic understanding of promises and a familiarity of the FHIR specification is not required, but will be very helpful.
Please see our Getting Started guide for a walkthrough of how to set up our FHIR server.
- What configurations does
FHIRServer.initialize()
accept? - How do I configure a "profile"?
- Can I add more loggers or customize how the logger works?
- How do I customize the capability statement?
- How do I add custom operations?
- How do I enable/disable/customize access control (authentication)?
Our project vision is to build an easy to use FHIR server that supports all resource profiles defined in the US Core implementation guide and is built with security in mind from the ground up. We decided to use a plugin style architecture so implementors could focus on writing queries and not worry about all the other technical difficulties of securing the server. As this project matures, we plan to support more resources, custom extensions, versions, write capabilities, etc.
We believe in establishing a robust security, especially when it comes to health information. Part of the ONC Secure API Server Challenge was to stand up a server and let penetration testers have a go at it (you can see their results here). We are committed to continuing this practice and we will continue fixing any vulnerabilities discovered so we can do our best to make this server as secure as possible. For authentication, we are actively working on methods for simplifying integration with SMART on FHIR.
Please see CONTRIBUTING.md for more details regarding contributing issues or code.
If you are experiencing a bug, please feel free to file an issue. For general questions, please post them to StackOverflow with the tag node-fhir-server-core
or javascript-fhir
.
This library makes use of node's path module. This is potentially exploitable in node version 8.5, see here. When deploying this, you need to deploy with a node version later than 7.6 BUT not 8.5.
@asymmetrik/node-fhir-server-core
is MIT licensed.