Page History
Anchor | ||||
---|---|---|---|---|
|
html-text |
---|
<!DOCTYPE html> <html> <head> <title>i2b2 1.7.09c Release Notes</title> <meta charset="UTF-8"> <meta name="description" content="The release notes for version 1.7.10 of the i2b2 Software" /> <meta name="keywords" content="i2b2, release, 1.7.10" /> <!-- <link rel="stylesheet" type="text/css" media="all" href="/stylesheets/i2b2-wiki.css" /> --> </head> <body> <h1 class="releaseHeading" id="rel1710">i2b2 Release 1.7.10</h1> <p class="releaseDate"><b>Release Date:</b> May 2, 2018</p> </body> </html> |
Release
1.7.10
UI Text Box | ||
---|---|---|
| ||
Release Date: April 27, 2018 |
Release Summary
Anchor | ||||
---|---|---|---|---|
|
Release 1.7.10 contains several new enhancements to the i2b2 kernel, many of which improve the security around signing into the i2b2 Web Client. We have included some Auditing features like logging all successful and attempted logins into the i2b2 Web Client or keeping a log of all the Admin functions performed with the Admin Module.
Section | ||||
---|---|---|---|---|
|
Installation Notes
Anchor | ||||
---|---|---|---|---|
|
This release note applies to you if you are upgrading your i2b2 to 1.7.10 from and earlier 1.7.xx version of the i2b2 software. Please see the Upgrade Notes section for any information that is specific to the upgrade process.
If you are upgrading your i2b2 in a SHRINE network please read the information in the SHRINE Networks section before proceeding.
If you are installing a new instance of the i2b2 we recommend you refer to the i2b2 Installation Guide found on the i2b2 Community Wiki. This documentation will guide you through the entire installation process. If you run into issues or have questions you can reach out to the community by joining and emailing the google group called i2b2 Install Help.
SHRINE Networks
Anchor | ||||
---|---|---|---|---|
|
UI Text Box | ||||
---|---|---|---|---|
| ||||
WARNING Release 1.7.10 has not been tested within a SHRINE network. Therefore, i2b2 Release 1.7.10 should not be installed within a SHRINE network. It can be installed independently of SHRINE. However because it has not been tested with SHRINE we can not guarantee all of the new enhancements will continue to work correctly when implemented within a SHRINE environment. |
Upgrade Notes
Anchor | ||||
---|---|---|---|---|
|
It is important when you upgrade your "i2b2 software" that you upgrade all the components that make up the software package. In release 1.7.10 the following i2b2 components contain changes and therefore must be upgraded when upgraded your i2b2 environment.
- i2b2 Database
- i2b2 Server (kernel)
- i2b2 Web Client
Upgrade Paths & Software Files
Anchor | ||||
---|---|---|---|---|
|
The i2b2 now provides two options for sites to update their i2b2 server.
- Continue to download the source code provided in the zip file released on www.i2b2.org/software
- Install the precompiled JAR files onto your existing i2b2 server to upgrade it to 1.7.10.
Both are acceptable paths and depending on your sites needs will determine where you will go to obtain the zip file containing the appropriate software. The following table will guide you to the appropriate location.
Description | Where to find it | Requirements |
---|---|---|
Scripts to upgrade the i2b2 Database to 1.7.10 | Software page on the i2b2 Website | Download the i2b2createdb-1710.zip file under Source Code in the "Downloadables" section |
Source code to upgrade the i2b2 Web Client to 1.7.10 | Software page on the i2b2 Website | Download the i2b2webclient-1710.zip file under Source Code in the "Downloadables" section |
Source code to upgrade the i2b2 Server to 1.7.10 | Software page on the i2b2 Website | Download the i2b2core-src-1710.zip file under Source Code in the "Downloadables" section |
JAR files to upgrade the i2b2 Server to 1.7.10 | Upgrade to latest version page on the Community Wiki | See Technical Details section on the i2b2 Upgrades page and upgrade documentation on Upgrade to latest version page. |
Upgrade Documentation AnchorreleaseNoteUpgradeDoc-1710 releaseNoteUpgradeDoc-1710
releaseNoteUpgradeDoc-1710 | |
releaseNoteUpgradeDoc-1710 |
Documentation | Where to find it | Website |
---|---|---|
Database changes included in this release | Database Changes | |
List of core changes included in this release | Change Summary - i2b2 Kernel (Core Software) | |
List of Web Client changes included in this release | Change Summary - i2b2 Web Client | |
Details about the new features | Details about New Features in Release 1.7.10 | |
Technical details and notes about upgrading the i2b2 server | Upgrade i2b2 page | i2b2 Community Wiki |
Upgrade Instructions (server) | Upgrade to latest version page (Instructions section) | i2b2 Community Wiki |
Core documentation - Technical doc for i2b2 cells | i2b2 Documentation zip file (i2b2core-doc-1710.zip) | i2b2 Website/software |
These are sections located within this document. All other documents are external pages either on the community wiki or on the i2b2 Website.
Database Changes
Anchor | ||||
---|---|---|---|---|
|
Release 1.7.10 involves a few changes to the i2b2 Database. Some are simple an addition to the sample data that is included in the demo data that is delivered with the software while others are changes to the database structure to support new features that are included in 1.7.10
Crcdata Tables
QT_BREAKDOWN_PATH
- Added new breakdowns for the new SQL Query Breakdown feature
QT_QUERY_RESULT_TYPE
- Added new breakdowns for the new SQL Query Breakdown feature
- Added new column to support roles based access for the new SQL Breakdowns
- New column name = QT_ROLE_CD
Pmdata Tables
PM_USER_LOGIN table
- Remove the primary key
- add an index PM_USER_LOGIN_IDX
Change Summary - i2b2 Kernel (Core Software) - Release 1.7.10
Anchor | ||||
---|---|---|---|---|
|
New Features and Improvements
Additional information about each of these features can be found in the Details about New Features in Release 1.7.10 section located after the Change Summary section for the Web Client.
Jira | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Bug Fixes
Jira | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Change Summary - i2b2 Web Client Software - Release 1.7.10
Anchor | ||||
---|---|---|---|---|
|
New Features and Improvements
Additional information about each of these features can be found in the Details about New Features in Release 1.7.10 section located after this section.
Jira | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Bug Fixes
Jira | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Details about New Features in Release 1.7.10
Anchor | ||||
---|---|---|---|---|
|
For the purpose of these release notes the new features in the 1.7.10 release have been categorized into four categories.
As part of the Auditing improvements and overall security enhancements included in the 1.7.10 release all
Auditing improvements
Anchor | ||||
---|---|---|---|---|
|
The auditing improvements category contains There are two new features ; with the first feature the i2b2 logs all that fall into the auditing improvement category.
- All attempts to sign into the i2b2 Web Client
- will be logged.
- All activity within the
- the Admin module will be logged.
UI Text Box | ||
---|---|---|
| ||
The auditing improvements are strictly server and database security enhancements to capture the information for auditing purposes. The audit information is logged in the PM_USER_LOGIN table for both features. Due to different security requirements on who can access this type of database information we have chosen to not include a way for i2b2 users to view or print the audit information from within the i2b2. This decision may be reviewed again for a future release. For now, if a site wants to obtain the logged information they can query their i2b2 database and retrieve the information directly from the PM_USER_LOGIN table. |
Log number of attempted logins
Anchor | ||||
---|---|---|---|---|
|
JIRA Issue: CORE-285
All successful and failed login attempts to sign into the i2b2 Web Client will be logged in the PM_USER_LOGIN table.
Highlights of New Feature
- No additional setup is needed to turn the enhancement on
- Even when a user is locked out the system will log when they attempt to access the system
Example Box | ||
---|---|---|
| ||
Sample data from PM_USER_LOGIN table
|
Log Admin Functions
Anchor | ||||
---|---|---|---|---|
|
JIRA Issue: CORE-286
Functions performed within the Admin module will be logged within the PM_USER_LOGIN table.
Example Box | ||
---|---|---|
| ||
ExampleFor the purpose of this documentation the basic steps an i2b2 Admin takes to add a new user are outlined below: Step 1: Signs into the i2b2 Web Client & selects the Administrator project Step 2: Selects Manager Users from the Navigation Panel Step 3: Clicks on the Add User button Step 4: Enters the information about the user and clicks on Save. Step 5: Clicks on Manage Users to refresh the list and display the new user.
As each steps was performed, the service and USER_ID was logged in the PM_USER_LOGIN table along with date & time.
|
Password management improvements
Anchor | ||||
---|---|---|---|---|
|
The password management improvements is comprised of There are four new features that all revolve around improving the i2b2 security in regards to how users log into by improving how passwords are managed within the i2b2 Web Client.. Site administrators will now have control over requiring users to change passwords, use complex passwords, and lock users out for entering the wrong password too many times.
Highlights
- Account lockout
- Mandatory password change
- Prevent repeat passwords
- Enforce complex passwords
Account Lockout
Anchor | ||||
---|---|---|---|---|
|
JIRA Issue: CORE-287
Accounts are locked and users are not able to sign into the i2b2 after a specific number of failed login attempts have been made.
Highlights of New Feature
- 2 new global parameters
- PM_LOCKED_MAX_COUNT
- PM_LOCKED_MAX_WAIT_TIME
- Account lockout threshold and wait time is defined by the site Administrator.
- Users are locked-out when the defined number of failed attempts have been reachedOnce
- reachedOnce locked
- user receives a lockout message
the - user must wait a preset period of time
- Successful login resets the number of failed logins
New Parameters
Two new Global Parameters were created as part of the new lockout feature. These parameters must be defined in the PM_GLOBAL_PARAMS table for users to be locked out after the defined number of failed attempts and number of minutes they must wait before attempting to try again.
PM_LOCKED_MAX_COUNT Parameter
Anchor | ||||
---|---|---|---|---|
|
- Threshold for failed sign-in attempts
- The value is inclusive. i.e. if you enter 4 then the 4th time the user enters the wrong password they will receive the error message and their account will be locked.
PM_LOCKED_WAIT_TIME Parameter
Anchor | ||||
---|---|---|---|---|
|
- Number of minutes an account is locked before a user can sign in again.
Mandatory Password Change
Anchor | ||||
---|---|---|---|---|
|
JIRA Issue: CORE-287
Require users to change passwords after a specified interval of time. The i2b2 Administrator controls the number of days allowed before a password must be changed. If a user attempts to sign on after their password has expired, the i2b2 Change Password window will open and the user must change their password before they can sign on. Once the user changes their password, the system will calculate the next expiration date for that user.
Highlights of New Feature
- Require users to change passwords
- i2b2 Admins control how often (interval)
- Change password window will open when password expired
- 2 new parameters; 1 global & 1 user
- The system uses the value in the global parameter to calculate the next expiration date and adds the appropriate user parameter to the table.
Summary of password expiration process
UI Steps | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
|
New Parameters
Two new parameters were created as part of the Mandatory password change feature. Both parameters are called PM_EXPIRED_PASSWORD however one is set within PM_GLOBAL_PARAMS and the other within PM_USER_PARAMS. Each parameter has a different function in the password expiration process and is further defined below.
Table: PM_GLOBAL_PARAMS
The new Global Parameter called PM_EXPIRED_PASSWORD must be added to the PM_GLOBAL_PARAMS table to define the password change interval. Once this parameter has been set the mandatory password change feature will be turned on. If this parameter is not added as a global parameter then passwords will never expire.
Table: PM_USER_PARAMS
The new User Parameter, PM_EXPIRED_PASSWORD, is automatically added to the PM_USER_PARAMS table the first time a user successfully changes their expired password. When they change their password, the system will look to the PM_EXPIRED_PASSWORD parameter in the PM_GLOBAL_PARAMS table to see the change interval defined and then calculate the new expiration date to add to the user parameter.
Highlights of user parameter PM_EXPIRED_PASSWORD
- Global Parameter PM_EXPIRED_PASSWORD
- Turns the feature on
- Defines password change interval
- Affects ALL users
Highlights of user parameter PM_EXPIRED_PASSWORD
- User Parameter PM_EXPIRED_PASSWORD
- Date password will expire for user
- Added by system when password changed 1st time
- Can be manually added / edited to a future date for user accounts don't want to expire
UI Text Box | ||
---|---|---|
| ||
As soon as you add the PM_EXPIRED_PASSWORD to your PM_GLOBAL_PARAMS table, ALL passwords will expire except the i2b2 AGG_SERVICE_ACCOUNT. To prevent service accounts from expiring you need to add the user parameter as soon as the feature is turned on or even before it. Set the expiration date for a date in the distant future. The following steps outline how to do this.
|
Prevent repeat password
Anchor | ||||
---|---|---|---|---|
|
JIRA Issue: CORE-300
Prevent users from using their current password as their new password when required to change it.
Highlights of New Feature
- No additional setup is needed
- New password can't be same as current password
- Warning message displayed if user enters same password
Enforce Complex Passwords
Anchor | ||||
---|---|---|---|---|
|
JIRA Issue: CORE-288
Passwords must meet complexity requirements defined by the i2b2 Administrator. The requirements will be enforced when users change their passwords. They are not enforced when the i2b2 Administrator first enters their password from within the i2b2 Admin Module.
Highlights of New Feature
- New global parameter
- i2b2 Administrator defines requirements for complexity
- Requirements are enforced when users change passwords
- User receives Warning message if new password doesn't meet requirements
New parameter
A new Global Parameter was created to support the Enforce Complex Passwords feature. The new parameter is set within PM_GLOBAL_PARAMS table and will define the password complexity requirements. Once the parameter has been entered the feature will be turned on and all users will be required to follow the new requirements the next time they change their password. The only exception is when the password is set by the i2b2 Administrator from within the i2b2 Admin Module.
Global Parameter: PM_COMPLEX_PASSWORD
Table: PM_GLOBAL_PARAMS
Complex Requirement Variables
Setting the parameter value for PM_COMPLEX_PASSWORD
- Each password requirement is defined as an independent variable.
- However, each of the variables are concatenated into a single string and stored in the VALUE column of the PM_GLOBAL_PARAMS table
The table shown below lists each of the variables and the associated requirement that will be enforced.
Variables | Requirement |
---|---|
(?=.*[0-9]) | Numbers (0-9) |
(?=.*[a-z]) | Lower case letters (a-z) |
(?=.*[A-Z]) | Upper case letters (A-Z) |
(?=.*[!@#$%^&+=]) | Special characters (!@#$%^&+=) |
(?=\S+$).{8,} | Password is a string and must be 8 characters |
UI Text Box | ||||
---|---|---|---|---|
| ||||
The (?=\S+$).{8,} variable is always required when setting the PM_COMPLEX_PASSWORD parameter. The system needs to know that password is a string and the length of password. You do have the option to change the length to be greater or lesser than 8 characters. |
The requirements can be used in any combination. For instance, if the passwords must be 8 characters and contain at least 1 lower case letter and 1 number then the parameter value will be:
(?=.*[0-9])(?=.*[a-z])(?=\S+$).{8,}
If all the requirements in the table were to be used, the following would be entered as the Parameter Value:
(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&+=])(?=\S+$).{8,}
UI Text Box | ||||
---|---|---|---|---|
| ||||
The (?=\S+$).{8,} variable is always required when setting the PM_COMPLEX_PASSWORD parameter. The system needs to know that password is a string and the length of password. You do have the option to change the length to be greater or lesser than 8 characters. |
Query improvements
Anchor | ||||
---|---|---|---|---|
|
Two new features are included in the query improvements category.
- SQL Query Breakdown
- Custom breakdowns based on SQL query
- 4 new breakdowns provided in the demo data as examples
- Temporal Query made simple
- New simple mode available
- Streamlined
SQL Query Breakdowns
Anchor | ||||
---|---|---|---|---|
|
Standard demographic breakdowns have been available for a long time in the i2b2. For instance when running a query you can select a breakdown of the patients by their gender or race.
Users can now add custom breakdowns that have a SQL query built within it. The following four examples are provided with the i2b2 demo software. In release 1.7.10 the i2b2 demo data has been updated to include the following four new SQL query breakdowns
- Length of stay breakdown
- Top 20 medications breakdown
- Top 20 diagnoses breakdown
- Inpatient and outpatient breakdown
UI Text Box | ||||
---|---|---|---|---|
| ||||
Now that SQL queries can be run within a breakdown it has become necessary to provide the appropriate level of access.security to these breakdowns as we would a standard query. Therefore, we have taken the appropriate steps to enable sites to restrict custom breakdowns to a defined role. If the user does not have the appropriate role for the project they are logged into then they will not be able to see the breakdown listed when running a query. The new SQL breakdowns included in 1.7.10 are restricted to the Limited Data Set (DATA_LDS) role. |
- QT_QUERY_RESULT_TYPE table
- QT_BREAKDOWN_PATH table
- CRCApplicationContext.xml file
Example
New Additional Steps
- Add SQL query into the QT_BREAKDOWN_PATH table
- SQL statement goes into the VALUE column
- Add the correct access level into QT_QUERY_RESULT_TYPE table
- The role goes into USER_ROLE_CD column
Example: Look at the Length of stay breakdown provided with the demo data.
SQL defined in QT_BREAKDOWN_PATH table
Code Block | ||
---|---|---|
| ||
SELECT length_of_stay AS patient_range, COUNT(DISTINCT a.PATIENT_num) AS patient_count FROM visit_dimension a, DX b WHERE a.patient_num = b.patient_num GROUP BY a.length_of_stay ORDER BY 1 |
When you run a query for all diagnoses and check off the different breakdowns the results on the Graph Results tab will display as follows:
Define access level in QT_QUERY_RESULT_TYPE table
Running a Query and Viewing Results
- Provided you have the correct access when you click on the Run button in the Query Tool, the Run Query window will display.
- The list of Result Types, including the SQL breakdowns will display.
- Check off the different breakdowns the results on the Graph Results tab will display as follows:
Click on the Query Report tab to view and print the results of your query.
Temporal Query made Simple
Anchor | ||||
---|---|---|---|---|
|
Highlights of New Feature
- Temporal query interface difficult to use
- Hard to comprehend temporality
- Hard to remember population constraint
- Too complicated, difficult to learn
- 1.7.10 includes a Simple Temporal Query mode
- Displays ordering of events
- Displays population constraint
- Streamlined features
Launching
Tutorial Available
Dropping Hypertension
Dropping Acute MI
Relationship Editor
Swapping position by dragging
Adding population constraints
Optionally adding population constraints
Switching to advanced mode
Preserving query between switches
Simple vs Advanced Mode
Simple does not support the following features
- Non-linear temporal sequences
- Multiple Panels
- Number Restrictions
Miscellaneous improvements
Anchor | ||||
---|---|---|---|---|
|
Single sign-on location for Web Client and Admin Module
Anchor | ||||
---|---|---|---|---|
|
JIRA Issue: WEBCLIENT-226
The i2b2 Admin module no longer needs to be setup on the i2b2 server and results in the following benefits.
- i2b2 Administrators will log in from the same location as the i2b2 Web Client.
- Easier installation and maintenance. Will only install the i2b2 Web Client.
To sign into the i2b2 Admin module, Administrators will go to the same location as their i2b2 Web Client and enter their login credentials. Provided their user is setup as an Admin they will be able to select "Administrator" from the list of projects in the project dialog. The Administrator project will launch the Admin module.
INSTALLATION INSTRUCTIONS
Improve datasource validations
Anchor | ||||
---|---|---|---|---|
|
JIRA Issue: CORE-129
On certain occasions a database connection in a pool would go bad and the i2b2 would continue to use the connection which would cause errors in the i2b2. To resolve this problem database connections will now be validated and checked that the connection is valid. If a connection in the pool goes bad the i2b2 will not continue using it.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<validation> <validate-on-match>true</validate-on-match> <check-valid-connection-sql>SELECT 1 FROM DUAL</check-valid-connection-sql> <use-fast-fail>true</use-fast-fail> </validation> |
Include Page | ||||
---|---|---|---|---|
|