Release

Summary

Release 1.7.10 contains several new enhancements to the i2b2 kernel, many of which improve the security around signing into the i2b2 Web Client. We have included some Auditing features like logging all successful and attempted logins into the i2b2 Web Client or keeping a log of all the Admin functions performed with the Admin Module.

Highlight of Features

Auditing Improvements

• Log admin and sign on activity

Password Management 

Highlights of other 1.7.10 Features

• Lock users out after a specific number of failed login attempts
• Require users to change passwords after a specified interval of time
• Prevent users from using the same password when required to change it.
• Enforce complex password requirements defined by the i2b2 Administrator.

• Custom SQL

• SQL query built directly into the breakdown.
• 4 new breakdowns included; Length of stay breakdown, Top 20 medications breakdown, Top 20 diagnoses breakdown, Inpatient and outpatient breakdown

• Breakdowns
• Temporal query made simple

• Simple Temporal Query mode
• Streamlined features
• Ordering of events, population constraint, and relationship editor can be accessed from same screen
• On screen tutorial is available

• Single sign-on
• Improve datasource validation

Installation Note

The 1.7.10 Release Notes apply to you if you are upgrading your i2b2 to 1.7.10 from and earlier 1.7.xx existing i2b2 system from an earlier version of the i2b2 software. Please see the Upgrade Notes section for any information that is specific to the upgrade process.  If you are upgrading

SHRINE Networks

Upgrade Notes

Information about upgrading i2b2 to version 1.7.10 can be found in this section of the release notes.

i2b2 Components

In release 1.7.10 the following i2b2 components contain changes and therefore must need to be upgraded updated when upgraded upgrading your i2b2 environment.

• i2b2 Database
• i2b2 Server (kernel)
• i2b2 Web Client

Database Drivers

The JDBC drivers were updated to the following versions.

Upgrade Paths

The i2b2 now provides two options for sites to update their upgrading your i2b2 server.

1. Continue to download the source code provided in the zip file released on www.i2b2.org/software
2. Install the precompiled JAR files onto your existing i2b2 server to upgrade it to 1.7.10.

Both are acceptable paths to upgrade your i2b2 server and depending on your sites needs which you choose will determine where you will need to go to obtain the zip file containing the appropriate softwarefiles. The following table will guide you to the appropriate location. 

location of the upgrade files for each component is outlined below.

Upgrade Software

Source code to upgrade the

Description	Where to find it	Requirements
Scripts to upgrade the i2b2 Database Upgrade i2b2 database to 1.7.10	Software page on the (i2b2 Website)	Download the i2b2createdb-1710.zip file under Source Code in the "Downloadables" section
Upgrade i2b2 Web Client to 1.7.10	Image Modified Software page on the (i2b2 Website)	Download the i2b2webclient-1710.zip file under Source Code in the "Downloadables" sectionSource code to upgrade the
Upgrade i2b2 Server to 1.7.10 (Source Code)	Image Modified Software page on the (i2b2 Website)	Download the i2b2core-src-1710.zip file under Source Code in the "Downloadables" sectionJAR files to upgrade the
Upgrade i2b2 Server to 1.7.10 (JAR files)	Upgrade to latest version page on the Community WikiRelease 1.7.10 from 1.7.09c page (Community Wiki)	See Technical Details section on the i2b2 Upgrades page and upgrade documentation on Upgrade to latest version page.

Upgrade Documentation

Documentation	Where to find it	Website
Database changes included in this release	Database Changes
List of core changes included in this release	Change Summary - i2b2 Kernel (Core Software)
List of Web Client changes included in this release	Change Summary - i2b2 Web Client
Details about the new features	Details about New Features in Release 1.7.10
Technical details and notes about upgrading the i2b2 server	Upgrade i2b2 page	i2b2 Community Wiki
Upgrade Instructions (server)	Upgrade to latest version page (Instructions section)	i2b2 Community Wiki
Core documentation - Technical doc for i2b2 cells	i2b2 Documentation zip file (i2b2core-doc-1710.zip)	i2b2 Website/software

 These sections are

located within this document. All other documents are external pages either on the community wiki or on the i2b2 Website.

Database Changes

Release 1.7.10 involves a few changes to the i2b2 Database. Some are simple an addition to the sample data that is included in the demo data that is delivered with the software while others are changes to the database structure to support new features that are included in 1.7.10

Crcdata Tables

QT_BREAKDOWN_PATH

• Added new breakdowns for the new SQL Query Breakdown feature

QT_QUERY_RESULT_TYPE

• Added new breakdowns for the new SQL Query Breakdown feature
• Added new column to support roles based access for the new SQL Breakdowns
  • New column name = QT_ROLE_CD

Pmdata Tables

PM_USER_LOGIN table

• Remove the primary key
add an index
• Added the PM_USER_LOGIN_IDX index

Change Summary -

Release 1.7.10

New Features and Improvements

Additional information about each of these Did you know?

• Changes to the i2b2 server & database are listed under i2b2 Kernel (Core) Software
• Changes to the i2b2 Web Client are listed under i2b2 Web Client Software
• Additional information about the new features can be found in the

•  Feature Details - Release 1.7.10 section located

• this Change Summary section

• .
  
  

i2b2 Kernel (Core Software)

New Features and Improvements

Bug Fixes

i2b2 Web Client Software

New Features and Improvements

Additional information about each of these features can be found in the Details about New Features in Release 1.7.10 section located after this section.

Bug Fixes

Feature Details - Release 1.7.10

Release 1.7.10 release all

Logging

has many new features and for the purpose of this document we have grouped them into one of the following four categories:

1. Auditing improvements
2. Password management improvements
3. Query improvements
4. Miscellaneous improvements

 

Auditing improvements

The auditing improvements category contains two new features; with the first feature the i2b2 logs all attempts to sign are part of a larger group of enhancements that are labeled in JIRA as "Security enhancements". There are only two auditing features and both involve keeping an audit trail of information for maintaining security. Right now the audit trail is limited to the i2b2 Admin module and the process of logging into the i2b2 Web Client and the second one logs all activity within the i2b2 Admin module.

Log number of attempted logins

JIRA Issue: CORE-285

All successful and failed login attempts to sign into the i2b2 Web Client will be logged in the PM_USER_LOGIN table.

Highlights of New Feature

• No additional setup is needed to turn the enhancement on
• Even when a user is locked out the system will log when they attempt to access the system

Log Admin Functions

JIRA Issue: CORE-286

Functions performed within the Admin module will be logged within the PM_USER_LOGIN table.

Password management improvements

The improvements to managing passwords are the other enhancements that are part of the larger group of "Security enhancements". There are four new features that all revolve around improving the i2b2 security in regards to how users log into the i2b2 Web Client.

Highlights

are designed to help sites improve security of their i2b2 by improving how their user passwords are managed within the i2b2. The site administrators will now have control over requiring users to change passwords, use complex passwords, and lock users out for entering the wrong password too many times. 

4 New Features Include

1. Account lockout
2. Mandatory password change
3. Prevent repeat passwords
4. Enforce complex passwords

Account Lockout

JIRA Issue: CORE-287

Accounts are locked and users are not able to sign into the i2b2 after a specific number of failed login attempts have been made.

Highlights of New Feature

• 2 new global parameters
  1. PM_LOCKED_MAX_COUNT
  2. PM_LOCKED_MAX_WAIT_TIME
• Account lockout threshold and wait time is defined by the site Administrator.
• Users are locked-out when the defined number of failed attempts have been reached.
• Once locked
  • user receives a lockout message
the
• • user must wait a preset period of time
• Successful login resets the number of failed logins

New Parameters

Two new Global Parameters were created as part of the new lockout feature. These parameters must be defined in the PM_GLOBAL_PARAMS table for users to be locked out after the defined number of failed attempts and number of minutes they must wait before attempting to try again.

PM_LOCKED_MAX_COUNT Parameter

• Threshold for failed sign-in attempts
• The value is inclusive. i.e. if you enter 4 then the 4th time the user enters the wrong password they will receive the error message and their account will be locked.

Image Modified

Image Modified

PM_LOCKED_WAIT_TIME Parameter

• Number of minutes an account is locked before a user can sign in again.

Image Modified

Image Modified

Mandatory Password Change

JIRA Issue: CORE-287

Require users to change passwords after a specified interval of time. The i2b2 Administrator controls the number of days allowed before a password must be changed. If a user attempts to sign on after their password has expired, the i2b2 Change Password window will open and the user must change their password before they can sign on. Once the user changes their password, the system will calculate the next expiration date for that user.

Highlights of New Feature

• Require users to change passwords
• i2b2 Admins control how often (interval)
• Change password window will open when password expired
• 2 new parameters; 1 global & 1 user
• The system uses the value in the global parameter to calculate the next expiration date and adds the appropriate user parameter to the table.

Summary of password expiration process

New Parameters

Two new parameters were created as part of the the Mandatory password change feature. Both parameters parameters are called PMcalled PM_EXPIRED_PASSWORD however PASSWORD however one is set within PM_GLOBAL_PARAMS and PARAMS and the other within PM_USER_PARAMS. Each Each parameter has a different function in the password expiration process and is further defined below.

Table: PM_GLOBAL_PARAMS

The new Global

Parameter called PM_EXPIRED_

PASSWORD must be added to the PM_GLOBAL_PARAMS table to define the password change interval. Once this parameter has been set the mandatory password change feature will be turned on. If this parameter is not added as a global parameter then passwords will never expire.

Image Modified

Highlights of global parameter PM_EXPIRED_PASSWORD

• Global Parameter PM_EXPIRED_PASSWORD
• Turns the feature on
• Defines password change interval
• Affects ALL users

Image Added

Table: PM_USER_PARAMS

The

new user parameter, PM_EXPIRED_PASSWORD, is automatically

added to the PM_USER_PARAMS table the first time a user successfully changes their expired password. When they change their password, the system will look to the PM_EXPIRED_PASSWORD parameter in the PM_GLOBAL_PARAMS table to see the change interval defined and then calculate the new expiration date to add to the user parameter.

Image Modified

Highlights of user parameter PM_EXPIRED_PASSWORD

• User Parameter PM_EXPIRED_PASSWORD
• Date password will expire for user
• Added by system when password changed 1st time
• Can be manually added / edited to a future date for user accounts don't want to expire

Image Modified

Prevent repeat password

JIRA Issue: CORE-300

Prevent users from using Users are no longer allowed to use their current password as their new password when required to change it. 

Highlights of New Feature

• No additional setup is needed
• New password can't be same as current password
• Warning message displayed if user enters same password

Image RemovedImage Added

Enforce Complex Passwords

JIRA Issue: CORE-288

Passwords must meet complexity requirements defined by the i2b2 Administrator. The requirements will be enforced when users change their passwords . They are not enforced when the i2b2 Administrator first enters their password from within for the Change Password Window. However, when an i2b2 Administrator is setting up a new user in the i2b2 Admin Module the requirements are not required when entering or editing the password in User Management.

Highlights of New Feature

• New global parameter
• i2b2 Administrator defines requirements for complexity
• Requirements are enforced when users change passwords
• User receives Warning message if new password doesn't meet requirements

Image RemovedImage Added

New parameter

A new Global Parameter was created to support the Enforce Complex Passwords feature. The new parameter is set within PM_GLOBAL_PARAMS table and will define the password complexity requirements. Once the parameter defines the complexity requirements for the passwords and once it has been entered into the PM_GLOBAL_PARAMS table the feature will be turned on and for all users. This means all users will be required to follow the new requirements the next time they change their password. The Again, the only exception is when the password is set by the i2b2 Administrator from within the i2b2 Admin Module.

Global Parameter: PM_COMPLEX_PASSWORD

Table: PM_GLOBAL_PARAMS

Complex Requirement Variables

Setting the parameter value for PM_COMPLEX_PASSWORD

• Each password requirement is defined as an independent variable.
• However,
each of
• the variables are concatenated into a single string and stored in the VALUE column of the PM_GLOBAL_PARAMS table

The table shown below lists each of the variables and the associated requirement that will be enforced.

The requirements can be used in any combination.  For instance, if the passwords must be 8 characters and contain at least 1 lower case letter and 1 number then the parameter value will be:

(?=.*[0-9])(?=.*[a-z])(?=\S+$).{8,}

If all the requirements in the table were to be used, the following would be entered as the Parameter Value:

(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&+=])(?=\S+$).{8,}

Image Modified

Query improvements

The following two new improvements have been made to queries. 

1. SQL Query Breakdown
   • Custom breakdowns based on SQL query
   • 4 new breakdowns provided in the demo data as examples
2. Temporal Query made simple
   • New simple mode available
   • Streamlined

SQL Query Breakdowns

Standard demographic breakdowns have been available in the i2b2 for a long time in the i2b2. For instance, when running a query you can select a breakdown of the patients by their gender or race.Users can now add custom breakdowns that breakdowns like Gender patient breakdown or Race patient breakdown.  Users have also been able to add their own custom breakdowns provided they added the breakdowns in all the appropriate places. In release 1.7.10 we are introducing SQL query breakdowns, which are basically your normal query breakdowns except they have a SQL query built within it. The following four examples are provided with the i2b2 demo software.data that is delivered with 1.7.10 has been updated to include the following four new SQL query breakdowns 

1. Length of stay breakdown
2. Top 20 medications breakdown
3. Top 20 diagnoses breakdown
4. Inpatient and outpatient breakdown

1. QT_QUERY_RESULT_TYPE table
2. QT_BREAKDOWN_PATH table
3. CRCApplicationContext.xml file

** New ** Additional Setup Steps for SQL Breakdown

1. Add SQL query into the QT_BREAKDOWN_PATH table
   • SQL statement goes into the VALUE column
2. Add the correct access level into QT_QUERY_RESULT_TYPE

1. table
   • The role goes into USER_ROLE_CD column

Sample Data: Snapshot of the Length of stay breakdown

included in demo data

.Define SQL

in the QT_BREAKDOWN_PATH table

Image Added

SELECT length_of_stay            AS patient_range,
   COUNT(DISTINCT a.PATIENT_num) AS patient_count
FROM visit_dimension a,
   DX b 
WHERE a.patient_num = b.patient_num
GROUP BY a.length_of_stay 
ORDER BY 1

Highlights of New Feature

Temporal Query made Simple

Running a temporal query in earlier versions of the i2b2 could be cumbersome and difficult to use. The way the screens were laid out would make it hard to remember population constraints, it was complicated, difficult to learn and hard to comprehend temporality.

In 1.7.10

temporal queries have been made simple by developing a Simple Temporal Query mode

. This new mode has streamlined features; displays ordering of events

and population constraint

on same page.

Simple vs Advanced Mode

Simple mode does not support the following features

• Non-linear temporal sequences
• Multiple Panels
• Number Restrictions

Highlights of New Simple Temporal Query mode

Query Timing list has been updated

• Non-Temporal Query: Treat all groups independently
• Non-Temporal Query: Selected groups occur in the same financial encounter
• Temporal Query: Define sequence of Events

Image Added

Tutorial Available

• As soon as you select Temporal Query: Define sequence of Events the simple temporal query mode will display.
• At this point you can either start the Tutorial or begin your query by dragging over an observation.

Image Added

All events are on the same page page

• Add Hypertension into Observation A and Acute Myocardial Infarction into Observation B.

Image Added

Relationship Editor

• Can edit the relationships without leaving the page.
• Simply click on the text in between the two observations
• The Temporal Relationship window will open with the observations visible behind it

Image Added

Easily Change Order of Observations

• Swapping position of Observations by dragging the panel

Image Added

Adding population constraints (optional)

• Can add population constraints without leaving the page.
• Simply click on Show Constraining Population located at the bottom of the view
• The standard 3 panel query view will open on the bottom half where you can add your patient sets.

Image Added                  Image Added

Switching to advanced mode

• Click on Switch to Advanced Temporal Query to change your mode and query into the old temporal query.

Image Added

Preserving query between switches

• Queries will be preserved when switching between simple and advanced. The only exception is when a query doesn't meet the simple criteria (i.e. multiple panels, non-linear temporal sequences, number restrictions)

Image Added

Miscellaneous improvements

Single sign-on location for Web Client and Admin Module

JIRA Issue: WEBCLIENT-226

The i2b2 Admin module no longer needs to be setup on the i2b2 server and results in the following benefits.

• i2b2 Administrators will log in from the same location as the i2b2 Web Client.
• Easier installation and maintenance. Will only install the i2b2 Web Client.

To sign into the i2b2 Admin module, Administrators will go to the same location as their i2b2 Web Client and enter their login credentials.  Provided their user is setup as an Admin they will be able to select "Administrator" from the list of projects in the project dialog. The Administrator project will launch the Admin module.

Image Modified

INSTALLATION INSTRUCTIONS

Improve datasource validations

JIRA Issue: CORE-129

On certain occasions a database connection in a pool would go bad and the i2b2 would continue to use the connection which would cause errors in the i2b2. To resolve this problem database connections will now be validated and checked that the connection is valid. If a connection in the pool goes bad the i2b2 will not continue using it.

<validation> 
     <validate-on-match>true</validate-on-match> 
     <check-valid-connection-sql>SELECT 1 FROM DUAL</check-valid-connection-sql> 
     <use-fast-fail>true</use-fast-fail> 
 </validation>