i2b2 Release 1.7.10

Anchor
releaseNote-1710 releaseNote-1710

Release Date: April 27, 2018

Release Summary

Anchor
releaseNoteSum-1710 releaseNoteSum-1710

Release 1.7.10 contains several new enhancements to the i2b2 kernel, many of which improve the security around signing into the i2b2 Web Client. We have included some Auditing features like logging all successful and attempted logins into the i2b2 Web Client or keeping a log of all the Admin functions performed with the Admin Module.

Installation Notes

Anchor
releaseNoteNewInstall-1710 releaseNoteNewInstall-1710

This release note applies to you if you are upgrading your i2b2 to 1.7.10 from and earlier 1.7.xx version of the i2b2 software. Please see the Upgrade Notes section for any information that is specific to the upgrade process. 

If you are upgrading your i2b2 in a SHRINE network please read the information in the SHRINE Networks section before proceeding.

If you are installing a new instance of the i2b2 we recommend you refer to the i2b2 Installation Guide found on the i2b2 Community Wiki. This documentation will guide you through the entire installation process. If you run into issues or have questions you can reach out to the community by joining and emailing the google group called i2b2 Install Help.

SHRINE Networks

Anchor
releaseNoteShrineApprvl-1710 releaseNoteShrineApprvl-1710

Upgrade Notes

Anchor
releaseNoteUpgrade-1710 releaseNoteUpgrade-1710

It is important when you upgrade your "i2b2 software" that you upgrade all the components that make up the software package. In release 1.7.10 the following i2b2 components contain changes and therefore must be upgraded when upgraded your i2b2 environment.

• i2b2 Database
• i2b2 Server (kernel)
• i2b2 Web Client

Upgrade Documentation

Upgrade Paths & Software Files

Anchor
releaseNoteUpgradePathSoftware-1710 releaseNoteUpgradePathSoftware-1710

The i2b2 now provides two options for sites to update their i2b2 server.

1. Continue to download the source code provided in the zip file released on www.i2b2.org/software
2. Install the precompiled JAR files onto your existing i2b2 server to upgrade it to 1.7.10.

Both are acceptable paths and depending on your sites needs will determine where you will obtain the zip file containing the appropriate software. The following table will guide you to the appropriate location. 

Download

Upgrade Documentation

Anchor
releaseNoteUpgradeDoc-1710 releaseNoteUpgradeDoc-1710

Upgrade Software

The zip files for i2b2 release 

The list of changes made can be found in the change summary

Now provide an upgrade path for those sites that do not want to do a whole new install of the i2b2 server. provide just the JAR / war files

page that contains all the upgrade information is: Upgrade to latest version

Database Changes

Anchor
releaseNoteDbChgs-1710 releaseNoteDbChgs-1710

Release 1.7.10 involves a few changes to the i2b2 Database. Some are simple an addition to the sample data that is included in the demo data that is delivered with the software while others are changes to the database structure to support new features that are included in 1.7.10

Crcdata Tables

QT_BREAKDOWN_PATH

• Added new breakdowns for the new SQL Query Breakdown feature

QT_QUERY_RESULT_TYPE

• Added new breakdowns for the new SQL Query Breakdown feature
• Added new column to support roles based access for the new SQL Breakdowns
  • New column name = QT_ROLE_CD

Pmdata Tables

PM_USER_LOGIN table

• Remove the primary key
• add an index PM_USER_LOGIN_IDX

Change Summary - i2b2 Kernel (Core Software) - Release 1.7.10

Anchor
releaseNoteChgSumCore-1710 releaseNoteChgSumCore-1710

New Features and Improvements

Additional information about each of these features can be found in the Details about New Features in Release 1.7.10 section located after the Change Summary section for the Web Client.

Bug Fixes

Change Summary - i2b2 Web Client Software - Release 1.7.10

Anchor
releaseNoteChgSumWeb-1710 releaseNoteChgSumWeb-1710

New Features and Improvements

Additional information about each of these features can be found in the Details about New Features in Release 1.7.10 section located after this section.

Bug Fixes

Details about New Features in Release 1.7.10

Anchor
releaseNoteFeatureDetails-1710 releaseNoteFeatureDetails-1710

For the purpose of these release notes the new features in the 1.7.10 release have been categorized into four categories.

As part of the Auditing improvements and overall security enhancements included in the 1.7.10 release all

1. Logging improvements
2. Password management improvements
3. Query improvements
4. Miscellaneous improvements

Auditing improvements

Anchor
releaseNoteFeatureDetailsAudit-1710 releaseNoteFeatureDetailsAudit-1710

The auditing improvements category contains two new features; with the first feature the i2b2 logs all attempts to sign into the i2b2 Web Client and the second one logs all activity within the i2b2 Admin module.

Log number of attempted logins

Anchor
releaseNoteFeatureDetailsAuditLogon-1710 releaseNoteFeatureDetailsAuditLogon-1710

JIRA Issue: CORE-285

All successful and failed login attempts to sign into the i2b2 Web Client will be logged in the PM_USER_LOGIN table.

Highlights

• No additional setup is needed to turn the enhancement on
• Even when a user is locked out the system will log when they attempt to access the system

Log Admin Functions

Anchor
releaseNoteFeatureDetailsAuditAdmin-1710 releaseNoteFeatureDetailsAuditAdmin-1710

JIRA Issue: CORE-286

Functions performed within the Admin module will be logged within the PM_USER_LOGIN table.

Password management improvements

Anchor
releaseNoteFeatureDetailsPwdMgmt-1710 releaseNoteFeatureDetailsPwdMgmt-1710

The password management improvements is comprised of four new features that all revolve around improving the i2b2 security in regards to how users log into the i2b2 Web Client.

Highlights

1. Account lockout
2. Mandatory password change
3. Prevent repeat passwords
4. Enforce complex passwords

Account Lockout

Anchor
releaseNoteFeatureDetailsPwdMgmtLock-1710 releaseNoteFeatureDetailsPwdMgmtLock-1710

JIRA Issue: CORE-287

Accounts are locked and users are not able to sign into the i2b2 after a specific number of failed login attempts have been made.

Highlights

• Account lockout threshold and wait time is defined by the site Administrator.
• Users are locked-out when the defined number of failed attempts have been reached
• Once locked
  • user receives a lockout message
  • the user must wait a preset period of time
• Successful login resets the number of failed logins

New Parameters

Two new Global Parameters were created as part of the new lockout feature. These parameters must be defined in the PM_GLOBAL_PARAMS table for users to be locked out after the defined number of failed attempts and number of minutes they must wait before attempting to try again.

PM_LOCKED_MAX_COUNT Parameter

Anchor
releaseNoteFeatureDetailsPwdMgmtLockMaxCount-1710 releaseNoteFeatureDetailsPwdMgmtLockMaxCount-1710

• Threshold for failed sign-in attempts
• The value is inclusive. i.e. if you enter 4 then the 4th time the user enters the wrong password they will receive the error message and their account will be locked.

PM_LOCKED_WAIT_TIME Parameter

Anchor
releaseNoteFeatureDetailsPwdMgmtLockWaitTime-1710 releaseNoteFeatureDetailsPwdMgmtLockWaitTime-1710

• Number of minutes an account is locked before a user can sign in again.

Mandatory Password Change

Anchor
releaseNoteFeatureDetailsPwdMgmtPwdChg-1710 releaseNoteFeatureDetailsPwdMgmtPwdChg-1710

JIRA Issue: CORE-287

Require users to change passwords after a specified interval of time. The i2b2 Administrator controls the number of days allowed before a password must be changed. If a user attempts to sign on after their password has expired, the i2b2 Change Password window will open and the user must change their password before they can sign on.

Highlights

• Require users to change passwords
• i2b2 Admins control how often (interval)
• Change password window will open when password expired
• 1 new Global parameter
• 1 new User parameter

 The system uses the value in the global parameter to calculate the next expiration date and adds the appropriate user parameter to the table.

Summary of password expiration process

New Parameters

Two new parameters were created as part of the Mandatory password change feature. Both parameters are called PM_EXPIRED_PASSWORD however one is set within PM_GLOBAL_PARAMS and the other within PM_USER_PARAMS. Each parameter has a different function in the password expiration process and is further defined below.

Table: PM_GLOBAL_PARAMS

The new Global Parameter called PM_EXPIRED_PASSWORD must be added to the PM_GLOBAL_PARAMS table to define the password change interval. Once this parameter has been set the mandatory password change feature will be turned on. If this parameter is not added as a global parameter then passwords will never expire.

Highlights

• Global Parameter PM_EXPIRED_PASSWORD
• Turns the feature on
• Defines password change interval
• Affects ALL users

Table: PM_USER_PARAMS

The new User Parameter, PM_EXPIRED_PASSWORD, is automatically added to the PM_USER_PARAMS table the first time a user successfully changes their expired password. When they change their password, the system will look to the PM_EXPIRED_PASSWORD parameter in the PM_GLOBAL_PARAMS table to see the change interval defined and then calculate the new expiration date to add to the user parameter.

Highlights

• User Parameter PM_EXPIRED_PASSWORD
• Date password will expire for user
• Added by system when password changed 1st time
• Can be manually added / edited to a future date for user accounts don't want to expire

Prevent repeat password

Anchor
releaseNoteFeatureDetailsPwdMgmtPwdRpt-1710 releaseNoteFeatureDetailsPwdMgmtPwdRpt-1710

JIRA Issue: CORE-300

Prevent users from using their current password as their new password when required to change it.

Highlights

• No additional setup is needed
• New password can't be same as current password
• Warning message displayed if user enters same password

Enforce Complex Passwords

Anchor
releaseNoteFeatureDetailsPwdMgmtPwdComplex-1710 releaseNoteFeatureDetailsPwdMgmtPwdComplex-1710

JIRA Issue: CORE-288

Enforce complex passwords

Passwords must meet complexity requirements defined by the i2b2 Administrator. The requirements will be enforced when users change their passwords. They are not enforced when the i2b2 Administrator first enters their password from within the i2b2 Admin Module.

Highlights

• New global parameter
• i2b2 Administrator defines requirements for complexity
• Enforced when users change passwords
• Warning message if don't meet requirements

New parameter

A new Global Parameter was created to support the Enforce Complex Passwords feature. The new parameter is set within PM_GLOBAL_PARAMS table and will define the password complexity requirements. Once the parameter has been entered the feature will be turned on and all users will be required to follow the new requirements the next time they change their password. The only exception is when the password is set by the i2b2 Administrator from within the i2b2 Admin Module.

Global Parameter: PM_COMPLEX_PASSWORD

Each requirement as an independent variable however they are concatenated and stored as a single "value" in the table.

Complex Requirement Variables

When setting the parameter value for PM_COMPLEX_PASSWORD, each requirement is defined as an independent variable that is stored as a string in the VALUE column of the PM_GLOBAL_PARAMS table. The table shown below lists each of the variables and the associated requirement that will be enforced.

The requirements can be used in any combination. If all the requirements in the table were to be used, the following would be entered as the Parameter Value:

(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&+=])(?=\S+$).{8,}

Query improvements

Anchor
releaseNoteFeatureDetailsQryImprov-1710 releaseNoteFeatureDetailsQryImprov-1710

Two new features are included in the query improvements category.

• SQL Query Breakdown
  • Custom breakdowns based on SQL query
  • 4 new breakdowns provided in the demo data as examples
• Temporal Query made simple
  • New simple mode available
  • Streamlined

SQL Query Breakdowns

Anchor
releaseNoteFeatureDetailsQryBreakdown-1710 releaseNoteFeatureDetailsQryBreakdown-1710

New breakdowns based on SQL Query

Can now have custom breakdowns based on SQL Query

Four examples provided with the i2b2 demo software

Length of stay breakdown

Top 20 medications breakdown

Top 20 diagnoses breakdown

Inpatient and outpatient breakdown

Example

Take a look at the Length of stay breakdown provided with the demo data.

SQL defined in QT_BREAKDOWN_PATH table

INSERT IMAGE of TABLE

SELECT length_of_stay            AS patient_range,
   COUNT(DISTINCT a.PATIENT_num) AS patient_count
FROM visit_dimension a,
   DX b 
WHERE a.patient_num = b.patient_num
GROUP BY a.length_of_stay 
ORDER BY 1

Temporal Query made Simple

Anchor
releaseNoteFeatureDetailsQrySimpleTempQry-1710 releaseNoteFeatureDetailsQrySimpleTempQry-1710

• Temporal query interface difficult to use
  • Hard to comprehend temporality
  • Hard to remember population constraint
  • Too complicated, difficult to learn
• 1.7.10 includes a Simple Temporal Query mode
  • Displays ordering of events
  • Displays population constraint
  • Streamlined features

Miscellaneous improvements

Anchor
releaseNoteFeatureDetailsMisc-1710 releaseNoteFeatureDetailsMisc-1710

Single sign-on location for Web Client and Admin Module

Anchor
releaseNoteFeatureDetailsMiscSignon-1710 releaseNoteFeatureDetailsMiscSignon-1710

JIRA Issue: WEBCLIENT-226

The i2b2 Admin module no longer needs to be setup on the i2b2 server and results in the following benefits.

• i2b2 Administrators will log in from the same location as the i2b2 Web Client.
• Easier installation and maintenance. Will only install the i2b2 Web Client.

To sign into the i2b2 Admin module, Administrators will go to the same location as their i2b2 Web Client and enter their login credentials.  Provided their user is setup as an Admin they will be able to select "Administrator" from the list of projects in the project dialog. The Administrator project will launch the Admin module.

INSTALLATION INSTRUCTIONS

Improve datasource validations

Anchor
releaseNoteFeatureDetailsMiscDataSrc-1710 releaseNoteFeatureDetailsMiscDataSrc-1710

JIRA Issue: CORE-129

On certain occasions a database connection in a pool would go bad and the i2b2 would continue to use the connection which would cause errors in the i2b2. To resolve this problem database connections will now be validated and checked that the connection is valid. If a connection in the pool goes bad the i2b2 will not continue using it.

<validation> 
     <validate-on-match>true</validate-on-match> 
     <check-valid-connection-sql>SELECT 1 FROM DUAL</check-valid-connection-sql> 
     <use-fast-fail>true</use-fast-fail> 
 </validation>