Patient de-identification Process API - Implementation Template

Importing Templates into Anypoint Studio

1. In Studio, click the Exchange X icon in the upper left of the taskbar.
2. Log in with your Anypoint Platform credentials.
3. Search for the template.
4. Click Open.

Running Templates in Anypoint Studio

After you import your template into Studio, follow these configuration steps to run it:

Common Configuration

• mule.env - sets the environment where the application is to be deployed. It should be configured in config-<mule.env>.yaml file. For a studio deployment, the recommended mule.env value is local.
• mule.key - sets the encryption password to be used for encrypting secure properties. Update as needed.
• api.autodiscoveryID should be configured in config-<mule.env>.yaml file.

Please refer to the attached link on how to secure the configuration properties.

HTTPS Configuration

• https.host — sets the service host interface. It should be configured in config-<mule.env>.yaml file. (Defaults to 0.0.0.0 for all interfaces).
• https.port — sets the HTTPS service port number. It should be configured in config-<mule.env>.yaml file. (Default 8082).
• TLS Configuration - Keystore properties setup:
  • keystore.alias - sets the alias to the keystore. It should be configured in config-<mule.env>.yaml file.
  • keystore.path - sets the path to the key file. Key should be available in /src/main/resources/keystore. It should be configured in config-<mule.env>.yaml file.
  • keystore.keypass — sets keystore keypass to support HTTPS operation. It should be encrypted and configured in config-secured-<mule.env>.yaml file.
  • keystore.password— sets keystore password to support HTTPS operation. It should be encrypted and configured in config-secured-<mule.env>.yaml file.

Please refer to the attached link on how to generate the Keystore.

MariaDB Configuration

A MariaDB is needed for this application to store ehr and de-identified ids of each resource. Once a MariaDB instance is identified and access is obtained, run the create-schema.sql script available under src/test/resources/scripts folder.

MuleSoft's DB Connector requires database name, host, username, and password to communicate with MariaDB. After obtaining the necessary credentials, configure it in the properties file located in config folder.

• hls.database.name should be encrypted and configured in config-<env>.yaml file.
• hls.database.host should be encrypted and configured in config-<env>.yaml file.
• hls.database.username should be configured in config-<env>.yaml file.
• hls.database.password should be encrypted and configured in config-secured-<env>.yaml file.

Please refer to the attached link on how to secure the configuration properties.

Anypoint MQ Connector Configuration

MuleSoft's Anypoint MQ Connector requires clientId, clientSecret, queueName and url to communicate with Anypoint MQ.

After obtaining the necessary credentials, configure it in the config-<mule.env>.yaml file located in /src/main/resources/config folder.

Ensure the Anypoint MQ queue names mentioned for anypoint-mq.queue-name and anypoint-mq.dl-queue-name properties in the property file are created and configured the Default Acknowledgement Timeout to at least 10 minutes and set Default Delivery Delay to 1 minute for the queue.

• anypoint-mq.client-id should be configured in the config-<env>.yaml file.
• anypoint-mq.client-secret should be encrypted and configured in config-secured-<env>.yaml file.
• anypoint-mq.server-url should be configured in the config-<env>.yaml file.
• anypoint-mq.queue-name should be configured in the config-<env>.yaml file.
• anypoint-mq.dl-queue-name should be configured in the config-<env>.yaml file.
• anypoint-mq.acknowledgementTimeout should be configured in the config-<env>.yaml file.

System APIs and Other Configurations

The application requires few properties to be configured, mainly the system API connection information.

• healthlake-sys-api.host should be configured in config-<mule.env>.yaml file.
• healthlake-sys-api.port should be configured in config-<mule.env>.yaml file.
• healthlake-sys-api.clientid should be configured in config-<mule.env>.yaml file.
• healthlake-sys-api.clientsecret should be encrypted and configured in config-secured-<mule.env>.yaml file.
• generic-fhir-client-sys-api.host should be configured in config-<mule.env>.yaml file.
• generic-fhir-client-sys-api.clientid should be configured in config-<mule.env>.yaml file.
• generic-fhir-client-sys-api.clientsecret should be encrypted and configured in config-secured-<mule.env>.yaml file.

Additionally, this application requires configurations related to the authorization mechanism leveraged to establish the connectivity with EHR for Bulk Export.

• ehr.name should be configured in config-<mule.env>.yaml file based on the EHR. The allowed values are epic and cerner.
• authorization.connectionType should be configured in config-<mule.env>.yaml file based on the authorization type configured on EHR. The allowed values are jsonwebtoken and clientcredential.

Configure the below set of properties for jsonwebtoken connection type:

• jsonwebtoken.baseUrl should be configured in config-<mule.env>.yaml file.
• jsonwebtoken.tokenUrl should be configured in config-<mule.env>.yaml file.
• jsonwebtoken.clientid should be configured in config-<mule.env>.yaml file.
• jsonwebtoken.clientsecret should be encrypted and configured in config-secured-<mule.env>.yaml file.

Configure the below set of properties for clientcredential connection type:

• clientcredential.baseUrl should be configured in config-<mule.env>.yaml file.
• clientcredential.tokenUrl should be configured in config-<mule.env>.yaml file.
• clientcredential.clientid should be configured in config-<mule.env>.yaml file.
• clientcredential.clientsecret should be encrypted and configured in config-secured-<mule.env>.yaml file.
• clientcredential.scope should be configured in config-<mule.env>.yaml file.

Please refer to the attached link on how to secure the configuration properties.

Assumptions and constraints

• Adjust the value of anypoint-mq.aknowledgementTimeout property to prevent the reprocessing of the same message. Set this value based on the number of FHIR resources to be exported and the volume for each FHIR resource.
• Postal Code will be de-identified based on the population size derived from decennial census data. If the population size for a particular postal code cannot be determined, the code will be masked with zeros.
• The application currently supports using the decennial census data from files bundled as static resource files in the application. If census data needs to be refreshed, overwrite the files under the src/main/resources/static-data folder.
• Data store should be secured to protect the source system resource instance identifiers
• The application also provide a reference implementation to invoke Decennial Profile of Census API to determine the size of population for a given postal code. However, this functionality has not been utilized. The implementation can be enhanced to invoke the Census API by configuring the appropriate credentials to leverage the postal code validation in real-time.

Run it

• Right-click the template project folder.
• Hover your mouse over Run as.
• Click Mule Application (configure).
• Inside the dialog, select Environment and set the variable mule.env to the appropriate value (e.g dev or local).
• Inside the dialog, select Environment and set the variable mule.key to the property encryption key that you used to encrypt your secure properties. Click Run.

Web Application

After deploying the application, the user can reach the web UI at /api/webapp/index.html. This UI uses the /api/export endpoint to get all of the current config information. The UI can be used to create new configurations, delete existing configurations, view configuration details, or edit parts of existing configurations.

Deployment instructions for CloudHub using provided scripts

Ensure the Maven profile CloudHub-DEV has been properly configured in your settings.xml file. Reference can be found by downloading the Accelerator Common Resources asset. Additional instructions are available in the Getting Started with MuleSoft Accelerators - Build Environment guide.

Update the config-<env>.yaml properties appropriately and then use one of the following scripts to deploy the application to CloudHub:

• packageDeploy.sh or deployOnly.sh (Mac/Linux)
• packageDeploy.cmd or deployOnly.cmd (Windows)

Test it

• Use Advanced Rest Client or Postman to send a request over HTTPS. The template includes a Postman Collection in the src/test/resources folder.