====================================
Beneficiary FHIR Data (BFD) Server: The BFD Server is an internal backend system used at CMS to represent Medicare beneficiaries' demographic, enrollment, and claims data in FHIR format.
Drive innovation in data sharing so that beneficiaries and their healthcare partners have the data they need to make informed decisions about their healthcare.
Enable the CMS Enterprise to drive innovation in data sharing so that beneficiaries and their healthcare partners have the data they need to make informed decisions about their healthcare.
Provide a comprehensive, performant, and trustworthy platform to transform the way that the CMS enterprise shares and uses data.
This project is in the worldwide public domain. As stated in LICENSE:
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
The following provide information on how to use BFD:
- Request Audit Headers: This document details the HTTP headers that should be included when calling BFD, to ensure that proper audit information is available to the BFD team.
- Request Options: This document details the request options that can be used when calling BFD.
The following provide information on how to develop BFD:
- Sample Data Sets: This document details the various sample/test data sets available for use with the Blue Button Data/backend systems.
Many of the automated tests associated with the Blue Button framework use AWS resources. Before running a build using Maven or importing projects into your Eclipse IDE, which will run a build automatically, please ensure the appropriate accounts and credentials are configured within your environment. This is necessary to prevent incurring unwanted charges on the wrong AWS account.
Below are links to detailed instructions on configuring your AWS credentials for your environment:
You will need to configure an SSH credential in order to clone the Blue Button repositories. Instructions are thoroughly documented on Github but for convenience here are the relevant links:
- Connecting to Github with SSH
- Generating a new SSH key and adding it to the ssh-agent
- Adding a new SSH key to your GitHub account
- Testing your SSH connection
Clone the repository:
mkdir -p ~/workspaces/bfd/
git clone [email protected]:CMSgov/beneficiary-fhir-data.git ~/workspaces/bfd/beneficiary-fhir-data.git
- Install JDK 11. You'll need Java 11 to run BFD. You can install OpenJDK 11 however you prefer.
- Install Maven 3. Project tasks are handled by Apache Maven. Install it however you prefer.
- Configure your toolchain. You'll want to configure your
~/.m2/toolchains.xml
file to look like the following (change the jdkHome appropriately):<?xml version="1.0" encoding="UTF8"?> <toolchains> <!-- JDK toolchains --> <toolchain> <type>jdk</type> <provides> <version>11</version> <vendor>sun</vendor> </provides> <configuration> <jdkHome>/path/to/your/jdk</jdkHome> </configuration> </toolchain> </toolchains>
- Install pre-commit hooks
mvn -f apps initialize
- Change to the
apps/
directory andmvn clean install -DskipITs
. The flag to skip the integration tests is important here. You will need to have AWS access for the integration tests to work correctly. - Set up a Postgres 12 database with the following command. Data will be persisted between starts and stops in the
bfd_pgdata
volume.docker run \ -d \ --name 'bfd-db' \ -e 'POSTGRES_DB=bfd' \ -e 'POSTGRES_USER=bfd' \ -e 'POSTGRES_PASSWORD=InsecureLocalDev' \ -p '5432:5432' \ -v 'bfd_pgdata:/var/lib/postgresql/data' \ postgres:12 -c max_connections=200
- Set up a local S3 using Minio Docker Container
docker run \ -p 9000:9000 \ -p 9001:9001 -d --name 'minio' \ -e "MINIO_ROOT_USER=bfdLocalS3Dev" \ -e "MINIO_ROOT_PASSWORD=bfdLocalS3Dev" \ minio/minio server /data --console-address ":9001"
- Run mvn install with the following
You can leave off the -Ds3.localUser=bfdLocalS3Dev -Ds3.localPass=bfdLocalS3Dev if you use the docker run command from above. You only need these if the User name or the password are different in the docker run command.
mvn -Ds3.local=true -Ds3.localUser=bfdLocalS3Dev -Ds3.localPass=bfdLocalS3Dev clean install
- To load one test beneficiary, with your database running, change directories into
apps/bfd-pipeline/bfd-pipeline-ccw-rif
and run:This will kick off the integration testmvn -Dits.db.url="jdbc:postgresql://localhost:5432/bfd" -Dits.db.username=bfd -Dits.db.password=InsecureLocalDev -Dit.test=RifLoaderIT#loadSampleA clean verify
loadSampleA
. After the job completes, you can verify that it ran properly with:docker exec bfd-db psql 'postgresql://bfd:InsecureLocalDev@localhost:5432/bfd' -c 'SELECT "bene_id" FROM "beneficiaries" LIMIT 1;'
- Run
export BFD_PORT=6500
. The actual port is not important, but without it thestart-server
script will pick a different one each time, which gets annoying later. This can be set in your shell profile but note that when running the integration tests through maven, the BFD_PORT needs to be unset from the environment. - Now it's time to start the server up. Change to
apps/bfd-server
and run:After it starts up, you can tail the logs withmvn -Dits.db.url="jdbc:postgresql://localhost:5432/bfd?user=bfd&password=InsecureLocalDev" --projects bfd-server-war package dependency:copy antrun:run org.codehaus.mojo:exec-maven-plugin:exec@server-start
tail -f bfd-server-war/target/server-work/server-console.log
- We're finally going to make a request. BFD requires that clients authenticate themselves with a certificate. Those certs live in the
apps/bfd-server/dev/ssl-stores
directory. We can curl the server using a cert with this command:wherecurl --silent --insecure --cert $BFD_PATH/apps/bfd-server/dev/ssl-stores/client-unsecured.pem "https://localhost:$BFD_PORT/v2/fhir/ExplanationOfBenefit/?patient=567834&_format=json"
$BFD_PATH
is that path to thebeneficiary-fhir-data
repo on your system. It may be helpful to have that set in your profile, too. To configure Postman, go toSettings -> Certificates -> Add certificate
and load inapps/bfd-server/dev/ssl-stores/client-trusted-keystore.pfx
under the PFX File option. The passphrase ischangeit
. UnderSettings -> General
you'll also want to turn off "SSL Certificate Verification." - Total success (probably)!. You have a working call. To stop the server run this from the
apps/bfd-server
directory:mvn -Dits.db.url="jdbc:postgresql://localhost:5432/bfd?user=bfd&password=InsecureLocalDev" --projects bfd-server-war package dependency:copy antrun:run org.codehaus.mojo:exec-maven-plugin:exec@server-stop
The FHIR server should now be reachable from the browser at https://localhost:6500. In order for the FHIR server to trust your browser and return data, the client certificate at apps/bfd-server/dev/ssl-stores/client-trusted-keystore.pfx
needs to be imported into the browser. The cert password is 'changeit'.
In Chrome this can be done at chrome://settings/certificates
. In Firefox it can be done at about:preferences#privacy
, there is a button at the bottom called "View Certificates" that should give the option to import one.
Note MacOS Users: To make this cert available to Chrome or Firefox you'll need to add this cert to the Keychain application.
An example of connecting http://github.com/cmsgov/bluebutton-web-server to the local BFD.
.env
BB20_CONTEXT=../../bluebutton-web-server
CERTSTORE=../../bb.dev/certstore
BFD_DIR=../
SYNTHETIC_DATA=./synthetic-data
docker-compose.bb2.yml
version: '3.3'
services:
bbdb:
image: postgres
environment:
- POSTGRES_DB=bluebutton
- POSTGRES_PASSWORD=toor
bb20:
build:
context: ${BB20_CONTEXT}
dockerfile: Dockerfile
command: python3 manage.py runserver 0.0.0.0:8000
environment:
- DJANGO_SETTINGS_MODULE=hhs_oauth_server.settings.dev
- DJANGO_FHIR_CERTSTORE=/certstore
- DATABASES_CUSTOM=postgres://postgres:toor@bbdb:5432/bluebutton
- OAUTHLIB_INSECURE_TRANSPORT=true
- DJANGO_DEFAULT_SAMPLE_FHIR_ID="20140000008325"
- DJANGO_SECURE_SESSION=False
- DJANGO_MEDICARE_LOGIN_URI=http://127.0.0.1:8080?scope=openid%20profile&client_id=bluebutton
- DJANGO_SLS_USERINFO_ENDPOINT=http://msls:8080/userinfo
- DJANGO_SLS_TOKEN_ENDPOINT=http://msls:8080/token
- FHIR_URL=https://bfd.local:9954/v1/fhir/
ports:
- "8000:8000"
links:
- "bfd:bfd.local"
volumes:
- ${BB20_CONTEXT}:/code
- ${CERTSTORE}:/certstore
depends_on:
- bbdb
The BlueButton 2 system also requires an Identity Provider
docker-compose.msls.yml
version: '3.3'
services:
msls:
build:
context: ../../bb.dev/msls
dockerfile: Dockerfile
command: msls
ports:
- "8080:8080"
Bringing these systems up together:
docker-compose -f docker-compose.yml -f docker-compose.bb2.yml -f docker-compose.msls.yml up -d
docker-compose -f docker-compose.bb2.yml exec bb2 ./docker-compose/migrate.sh
We work with sensitive information: do not put any PHI or PII in the public repo for BFD.
If you believe you’ve found or been made aware of a security vulnerability, please refer to the CMS Vulnerability Disclosure Policy (here is a link to the most recent version as of the time of this commit.
The following instructions are to be executed from within the Eclipse IDE application to ensure proper configuration.
Verify Eclipse is using the correct Java 11 JDK.
- Open Window > Preferences.
- Select Java > Installed JREs.
- If your JDK does not appear in the Installed JREs table add it by clicking the Add button, select Standard VM and locate your installation using the Directory... button.
- Ensure your JDK is selected in the Installed JREs table by checking the checkbox next to the JDK you wish to use.
If you're using Eclipse for development, you'll want to configure its preferences, as follows:
- Open Window > Preferences.
- Select Maven.
- Enable Download Artifact Sources.
- Enable Download Artifact JavaDoc.
- Select Maven > Annotation Processing.
- Enable the Automatically configure JDT APT option.
- Select Java > Code Style > Code Templates.
- Click Import... and select this project's eclipse-codetemplates.xml file.
- This configures the file, class, method, etc. comments on new items such that they match the existing style used in these projects.
- Enable the Automatically add comments for new methods and types option.
- Click Import... and select this project's eclipse-codetemplates.xml file.
- Select Java > Code Style > Formatter.
- Click Import... and select this project's eclipse-java-google-style.xml file.
- This configures the Eclipse autoformatter (
ctrl+shift+f
) to (mostly) match the one used by the autoformatter that is applied during Maven builds. - The eclipse-java-google-style.xml file was originally acquired from here: https://github.com/google/styleguide/blob/gh-pages/eclipse-java-google-style.xml.
- This configures the Eclipse autoformatter (
- Click Import... and select this project's eclipse-java-google-style.xml file.
- Select Java > Editor > Save Actions.
- Enable the Perform the selected actions on save option.
- Enable the Format source code option.
- Click OK.
The repository can easily be added to your Eclipse workspace using the Import feature.
- Open File > Import....
- Select Existing Maven Projects.
- Specify the Root Directory using the Browse... button or by typing in a path:
~/workspaces/bfd/beneficiary-fhir-data.git
. - Verify that it found the projects in the Projects table.
- Click Finish.
- The projects and packages you selected will now appear in the Project Explorer window.