i2b2 Release 1.7.11
Release Date: February 27, 2019
Release Summary
Release 1.7.11 contains several new enhancements to the i2b2 kernel, many of which improve the usability of the i2b2 WebClient. We have included a new Identified Data Plan for PHI data and have a license model.
Highlight of Features
- Workplace folder of either: 1) ontology terms or 2) individual patients can be dragged to a query panel and all be dropped into the panel.
- Previous queries panel with a list of patients can have a single patient dragged to a query panel
- Added to web client
- Filter List By User
- Search Previous Queries - already exists
- Page Through Previous Queries By Date
- Include Auto refresh for a timed interval
- Identified Data Plan
- New license
- Upgrade to Wildly 14
- Document full SSL on database and wildfly
Installation Note
The 1.7.11 Release Notes apply to you if you are upgrading your existing i2b2 system from an earlier version of the i2b2 software.
Type of Install | Where you need to go next |
---|---|
Upgrading an existing i2b2 (currently installed at your site) | Please go to the Upgrade Notes section for the details about upgrading your i2b2 software. |
Upgrading your i2b2 in a SHRINE network | Please read the information in the SHRINE Networks section before proceeding. |
Installing a new instance of i2b2. (Never installed it before) | We recommend you refer to the i2b2 Installation Guide found on the i2b2 Community Wiki |
Upgrade Notes
Information about upgrading i2b2 to version 1.7.11 can be found in this section of the release notes.
i2b2 Components
In release 1.7.11 the following i2b2 components contain changes and therefore need to be updated when upgrading your i2b2 environment.
- i2b2 Database
- i2b2 Server (kernel)
- i2b2 Web Client
Database Drivers
The JDBC drivers were updated to the following versions.
Driver | New Version |
---|---|
ojdbc8.jar | Oracle 12.2.0.1 |
postgresql-42.2.5.jar | PostgreSQL 42.2.5 |
mssql-jdbc-7.0.0.jre8.jar | MS Sql Server 7.0.0 |
Upgrade Paths
The i2b2 now provides two options for upgrading your i2b2 server.
- Continue to download the source code provided in the zip file released on www.i2b2.org/software
- Install the precompiled JAR files onto your existing i2b2 server to upgrade it to 1.7.11.
Both are acceptable paths to upgrade your i2b2 server and depending on which you choose will determine where you need to go to obtain the appropriate files. The location of the upgrade files for each component is outlined below.
Upgrade Software
Description | Where to find it | Requirements |
---|---|---|
Upgrade i2b2 database to 1.7.11 | Software page (i2b2 Website) | Download i2b2createdb-1711.zip file under Source Code |
Upgrade i2b2 Web Client to 1.7.11 | Software page (i2b2 Website) | Download i2b2webclient-1711.zip file under Source Code |
Upgrade i2b2 Server to 1.7.11 (Source Code) | Software page (i2b2 Website) | Download i2b2core-src-1711.zip file under Source Code |
Upgrade i2b2 Server to 1.7.11 (JAR files) | Upgrade to latest version page (Community Wiki) | See Technical Details section on the i2b2 Upgrades page and upgrade documentation on Upgrade to latest version page. |
Database Changes
Release 1.7.11 involves a few changes to the i2b2 Database. Some are simple an addition to the sample data that is included in the demo data that is delivered with the software while others are changes to the database structure to support new features that are included in 1.7.11
Crcdata Tables
QT_PRIVILEGE
- Added new entry for the Identity Data Plan
Metadata Taables
TABLE_ACCESS
- Added new column for the Identity Data Plan
Change Summary - Release 1.7.11
Did you know?
- Changes to the i2b2 server & database are listed under i2b2 Kernel (Core) Software
- Changes to the i2b2 Web Client are listed under i2b2 Web Client Software
- Additional information about the new features can be found in the Feature Details - Release 1.7.11 section located this Change Summary section.
i2b2 Kernel (Core Software)
New Features and Improvements
- [WEBCLIENT-250] - New Ontology Info Tab in Navigate Terms
- [WEBCLIENT-251] - Role-based ontology protection
- [CORE-309] - Add includeHiddens attribute for all calls made to the TABLE_ACCESS table
- [WEBCLIENT-246] - Enhancements to Previous Queries
Bug Fixes
- [CORE-278] - GetPDOFromInputList_requestType Fails on Postgresql
- [CORE-307] - Fix internal key expiration date assigned when changing password
- [CORE-308] - Full Request XML message is stored in the QT_PDO_QUERY_MASTER table
- [CORE-313] - CRC-PDO: AverageObservationPageMethod doesnt work
- [CORE-315] - Idenitified Data Plan- Demo_Oracle- Ontology term with No Protected access- is not visible if User role not Protected
- [CORE-331] - GetCodeInfo- not finding codes with an '_'
- [WEBCLIENT-231] - Able to set Date constraint on previous queries/ptset as concept
- [WEBCLIENT-247] - bad image filename
- [WEBCLIENT-248] - previousqueries panel-date option-'>' button not dispalying records after the specific date- same with '<' buttton
- [WEBCLIENT-249] - previous queries panel- date option- datetime stamp not consistent with previous queries date stamp
- [WEBCLIENT-252] - Ontology Options for Finding Terms- hidden Terms option is not validating hidden Terms
- [WEBCLIENT-256] - previous queries - pagination by date- buttons don't work after the last pagination
- [WEBCLIENT-259] - worplacefolder drag&drop- not working at subfolder level contents
- [WEBCLIENT-260] - Drag and drop of folder with multiple concepts appears stuck on group panel
- [WEBCLIENT-261] - Querytool- Ontology terms query run with breakdowns erroring out
- [WEBCLIENT-262] - Querytool- query run with query ( run as patientset)-erroring out
- [WEBCLIENT-263] - workplace folder drag and drop into simple temporal query events box - cannot drag and drop
- [WEBCLIENT-264] - worplacefolder drag&drop- query report not displaying individual patient name and subfolder naming and path?
- [WEBCLIENT-265] - Query run with individual pt is returning 0 results on rerun
- [WEBCLIENT-266] - Individual pt query run with Timeline option - not drawing the timeline, causing unresponsive webpage
- [WEBCLIENT-267] - Individual pt in Simple temporal query not working
- [WEBCLIENT-268] - Query run with a ptset is errorin gout on rerun
- [WEBCLIENT-269] - Individual Pt drag and drop- After query run, query not displaying the patient in panel
- [WEBCLIENT-270] - worplacefolder drag&drop- queryname gets '@' by default instead of name of the folder on run
- [WEBCLIENT-271] - workplace folder with empty contents is checked as zero pt instead of ignoring
- [WEBCLIENT-272] - temporal query with workplace contents in constraint population panel not running
- [WEBCLIENT-276] - workplace folder with multiple concepts taking long time to load in the query panel after drag and drop
- [WEBCLIENT-277] - after workplace is deleted from the query panel Query run successful with empty contents
Feature Details - Release 1.7.11
New Feature: Role-based Ontology Protection
The top-level categories/folders in your ontology can now be optionally protected by one or more i2b2 roles (e.g. DATA_LDS, DATA_PROT, etc.) This feature allows the administrator to define one or more roles for an individual root folder in the ontology, and users without one of these roles will not be able to see the ontology item or use any of the terms in this folder.
To use this new feature and protect a root level folder, follow these steps:
- In your TABLE_ACCESS table in your ontology database, set C_PROTECTED_ACCESS to 'Y' for the root level folder you would like to protect.
- There is a new column in TABLE_ACCESS called C_ONTOLOGY_PROTECTION. This is where you can define one or more roles in a comma-separated list (e.g. DATA_LDS,DATA_PROT)
Example:
If you wanted to create a root level folder in your ontology called "PHI Demonstration" and only wanted users with the DATA_PROT role to be able to see it, you would make the following changes to your TABLE_ACCESS table:
C_TABLE_CD | C_TABLE_NAME | C_PROTECTED_ACCESS | C_HLEVEL | C_FULLNAME | C_NAME | ... | C_ONTOLOGY_PROTECTION |
---|---|---|---|---|---|---|---|
i2b2_DEMO | i2b2 | N | 1 | \i2b2\Demographics | Demographics | ... | null |
i2b2_DIAG | i2b2 | N | 1 | \i2b2\Diagnoses\ | Diagnoses | ... | null |
i2b2_LABS | i2b2 | N | 1 | \i2b2\Labtests\ | Laboratory Tests | ... | null |
... | ... | ... | ... | ... | ... | ... | ... |
i2b2_PHI | i2b2phi | Y | 1 | \i2b2\PHI\ | PHI Demonstration | ... | DATA_PROT |
New Feature: Workplace Folder drag and drop
Now you can drag a workplace folder to the query tool, the folder can contain sub folders. All the concepts, previous queries, and individual patients will be displayed in the panel.
Below is the workplace with combination of available items
After the drag and drop to the query panel the list of all the items are displayed
New Feature: Individual Patient drag and drop from Previous Query Panel
Once a patient set is created, that patient can be dragged and dropped to the Query Tool Panel
Below is a patient set with 2 patients
After drag and drop of the individual patient to the query tool panel
New Feature: Previous Queries Upgrade in Web Client
The Previous Queries panel in the web client has been upgraded to accommodate three new options.
- Filter Previous Queries List by User - Users with the MANAGER role will now see a drop down in the Previous Queries Options menu that allows them to filter previous queries by a specific user in the i2b2 project.
- Auto Refresh Previous Queries - Users now have the ability to set an auto-refresh timer in the Previous Queries Options menu in which the Previous Queries list will auto-refresh in the specified time period (off, 10 seconds, 30 seconds, or 60 seconds).
- Page through Previous Queries by Date - Users can navigate Previous Queries by a particular date.
New Feature: Support for WildFly 14
The i2b2 software now officially supports WildFly 14. The primary advantages are the faster install/upgrade of i2b2 as a pre-packaged collection (WAR) and managed data source connections/pooling.
New Feature: Inter-CELL SSL Setup
Create server and client certificates (Wildfly 10 & 14)
The keytool utility stores the keys and certificates in a file termed as keystore, a repository of certificates used for identifying a client or a server. Typically, a keystore contains one client or one server's identity, which are protected by using a password.
You can create a certificate for your server using the following command:
1 | $ keytool -genkey -keyalg RSA -keystore server.keystore -storepass secret -keypass secret -validity 365 -dname "cn=Partners Healtbcare,o=Partners,c=US" |
Now let's copy this keystore into the configuration folder of the application server:
1 | $ cp server.keystore $JBOSS_HOME/standalone/configuration |
Now export the server certificate in a file called server.crt:
1
| $ keytool -exportcert -keystore server.keystore -storepass secret -keypass secret -file server.crt Certificate stored in file <server.crt> |
Now import the cert into the CA for the Java JRE:
1 | $ keytool -import -alias i2b2server -keystore /usr/java/latest/jre/lib/security/cacerts -file server.crt
The password might be changeit |
In /opt/{wildfly} in bin run add-user.sh to create user and select (a) management user
In Wildfly 10 run jboss-cli.sh
Connect to the server
1 | connect |
Start by creating a Security Realm which will contain the keystore and trustore references
1 | /core-service=management/security-realm=SSLRealm:add |
Next, for one-way SSL, set the path to the keystore, along with the keystore path and password:
1 | /core-service=management/security-realm=SSLRealm/server-identity=ssl:adJavathe2d(keystore-path="server.keystore", keystore-relative-to="jboss.server.config.dir", keystore-password="secret") |
Finally, set the value of Undertow's https listener to your Security Realm:
1 | /subsystem=undertow/server=default-server/https-listener=default-https:write-attribute(name=security-realm,value=SSLRealm) |
If the above fails edit the standalone.xml and add right after http-listener
<https-listener name="default-https" security-realm="SSLRealm" socket-binding="https"/>
In Wildflt 14 run jboss.cli.sh
Connect to the server
1 | connect |
Finally, set the value of Undertow's https listener to your Security Realm:
1 | /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=security-realm,value=ApplicationRealm) |
Add the following to the axis2.xml file right after the <transportReceiver name="http"
<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener"/>
Change all the pm_cell_data to https://127.0.0.1:8443
Change the crc.properties, ontology.properties and workplace.properties files to point to the https://127.0.0.1:8443
This was tested using PostMan to a CRC setfinder, which than connected to the PM to authenicate
Webclient, if using self-signed cert add the following to the index.php
curl_setopt($proxyRequest, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($proxyRequest, CURLOPT_SSL_VERIFYPEER, 0);
Also into the index.php add the new url to the whitelist such as:
$WHITELIST = array(
"http" . (($_SERVER['SERVER_PORT'] == '443') ? 's' : '' ) . "://" . $_SERVER['HTTP_HOST'],
);
Updated: i2b2 License
The i2b2 software is now made available under the terms of the Mozilla Public License (MPL) version 2.0. i2b2 is also distributed under the terms of the Healthcare Disclaimer addendum.