<!DOCTYPE html>
<html>
<head>
    <title>i2b2 1.7.10 Release Notes</title>
    <meta charset="UTF-8">
    <meta name="description" content="The release notes for version 1.7.10 of the i2b2 Software" />
    <meta name="keywords" content="i2b2, release, 1.7, 1.7.03, 1.7.03a, 1.7.04. 1.7.05, 1.7.06, 1.7.07, 1.7.07b, 1.7.08, 1.7.08a, 1.7.09, 1.7.09a, 1.7.09b, 1.7.09c, 1.7.10" />
    <link rel="stylesheet" type="text/css" media="all" href="/stylesheets/i2b2-wiki.css" />
</head>
<body></body>
</html>

i2b2 Release 1.7.10

Release Date: April 27, 2018

Release Summary

Release 1.7.10 contains many new enhancements to the i2b2 kernel, many of which improve the security around signing into the i2b2 Web Client. We have included some Auditing features like logging all successful and attempted logins into the i2b2 Web Client or keeping a log of all the Admin functions performed with the Admin Module.

 

Installation Notes

This release note applies to you if you are upgrading your i2b2 to 1.7.10 from and earlier 1.7.xx version of the i2b2 software. Please see the Upgrade Notes section for any information that is specific to the upgrade process.

If you are installing a new instance of the i2b2 we recommend you refer to the i2b2 Installation Guide found on the i2b2 Community Wiki. This documentation will guide you through the entire installation process. If you run into issues or have questions you can reach out to the community by joining and emailing the google group called i2b2 Install Help.

 

SHRINE Networks

 

Release 1.7.10 has not been tested within a SHRINE network. Therefore, i2b2 Release 1.7.10 should not be installed within a SHRINE network. It can be installed independently of SHRINE. However because it has not been tested with SHRINE we can not guarantee all of the new enhancements will continue to work correctly when implemented within a SHRINE environment.

<html>
<body>
    <!-- Add the following section once SHRINE approves this release; may need to update the SHRINE version -->
    <!--
    <h2 id="rel1709cshrineApprvl">SHRINE Approval</h2>
    <p class="shrineApprvTxt">
        <img class="shrineApprvlImg" src="https://community.i2b2.org/wiki/download/attachments/15729710/shrineApprvl_v1-22-08.png" width="57" height="57" alt="Shrine Approval"><i>SHRINE Release 1.22.8</i> has been tested with <i>i2b2 1.7.09c Release</i> and has been <b>approved</b> by the SHRINE Team</p>
-->
</body>
</html>
 

 

Upgrade Notes

The following i2b2 components contain changes in release 1.7.10.

    • i2b2 Database
    • i2b2 Server (kernel)
    • i2b2 Web Client

The list of changes made can be found in the change summary

Now provide an upgrade path for those sites that do not want to do a whole new install of the i2b2 server. provide just the JAR / war files

page that contains all the upgrade information is: Upgrade to latest version

 

 

Database Changes

 

 

 

Change Summary - i2b2 Kernel (Core Software) - Release 1.7.10

New Features and Improvements

Additional information about each of these features can be found in the Details about New Features in Release 1.7.10 section located after the Change Summary section for the Web Client.

 

 

 

New Features and Improvements

Additional information about each of these features can be found in the Details about New Features in Release 1.7.10 section located after the Change Summary section for the Web Client.

 

Bug Fixes

 

Change Summary - i2b2 Web Client Software - Release 1.7.10

New Features and Improvements

Additional information about each of these features can be found in the Details about New Features in Release 1.7.10 section located after this section.

 

Bug Fixes

 

Details about New Features in Release 1.7.10

Many improvements in 1.7.10; grouped into 4 categories

Miscellaneous improvements

Logging improvements

Password management improvements

Query improvements

 

Miscellaneous improvements

Single sign-on

Separate Admin install no longer needed

i2b2 Administrators now login from the i2b2 Web Client

INSERT singleSignOn-select-2.png

Improve datasource validations

•  Validate database connection
•   If connection in pool goes bad will not continue to use

INSERT db-validation.png

 

Logging improvements

Logon Auditing

JIRA Issue: CORE-285

All successful and failed login attempts to sign into the i2b2 Web Client will be logged in the PM_USER_LOGIN table.

INSERT  pm_user_login-table-pw-example.png

 

Log Admin Functions

JIRA Issue: CORE-286

Functions performed within the Admin module will be logged within the PM_USER_LOGIN table. The service

called from the Admin module will be logged along with the user_id that performed the action that triggered the call.

 

For the purpose of this documentation we outline the basic steps the i2b2 Admin takes when adding a new user into the i2b2 Admin module.

Step 1: Signs into the i2b2 Web Client & selects the Administrator project

Step 2: Selects Manager Users from the Navigation Panel

Step 3: Clicks on the Add User button

Step 4: Enters the information about the user and clicks on Save.

Step 5: Clicks on Manage Users to refresh the list and display the new user.

 

As each of the above steps were performed, the services and USER_ID were logged in the PM_USER_LOGIN table along with date & time.

 

INSERT IMAGE

 

 

Password management improvements

The password management improvements are comprised of four new features.

  1. Account lockout
  2. Mandatory password change
  3. Prevent repeat passwords
  4. Enforce complex passwords

 

Account Lockout

JIRA Issue: CORE-287

Accounts are locked and users are not able to sign into the i2b2 after a specific number of failed login attempts have been made.

Highlights
  • Account lockout threshold and wait time is defined by the site Administrator.
  • Users are locked-out when the defined number of failed attempts have been reached
  • Once locked
    • user receives a lockout message
    • the user must wait a preset period of time
  • Successful login resets the number of failed logins

New parameters

 Two new Global Parameters were created as part of the new lockout feature. These parameters must be defined in the PM_GLOBAL_PARAMS table for users to be locked out after the defined number of failed attempts and number of minutes they must wait before attempting to try again.

 

The threshold & wait time are defined in 2 new global parameters.

PM_LOCKED_MAX_COUNT Parameter

  • Threshold for failed sign-in attempts
  • The value is inclusive. i.e. if you enter 4 then the 4th time the user enters the wrong password they will receive the error message and their account will be locked.

 

INSERT IMAGE OF COUNT

 

PM_LOCKED_WAIT_TIME Parameter

  • Number of minutes an account is locked before a user can sign in again.

 

INSERT IMAGE OF WAIT PARAMETER

 

 

 

Mandatory Password Change

JIRA Issue: CORE-287

Require users to change passwords after a specified interval of time. The i2b2 Administrator controls the number of days allowed before a password must be changed. If a user attempts to sign on after their password has expired, the i2b2 Change Password window will open and the user must change their password before they can sign on.

 

Summary of Password expiration process

 

  1. New Global parameter is set (entered via i2b2 Admin module).
  2. Password expiration feature is turned on.
  3. ALL user passwords are now expired.
  4. When user attempts to sign into the i2b2 Web Client, they will be prompted to enter new password.
  5. User enters a new password & successfully signs into the i2b2 Web Client.
  6. The system uses the value in the global parameter to calculate the next expiration date and adds the appropriate user parameter to the table.

 

•Require users to change passwords
•i2b2 Admins control how often (interval)
•Change password window will open when password expired
•1 new Global parameter
•1 new User parameter

Quick Summary of Password expiration process

1.New global parameter is set & feature turned on
2.ALL user passwords are expired
3.User attempts to sign in; prompted to change password
4.Enter new password & successfully sign into Web Client
5.Using value in global parameter, system calculates next expiration date for user & adds user parameter with that date to the correct table.

 

New parameters

Two new parameters were created as part of the Mandatory password change feature. Both parameters are called PM_EXPIRED_PASSWORD however one is set within PM_GLOBAL_PARAMS and the other within PM_USER_PARAMS. Each parameter has a different function in the password expiration process and is further defined below.

Table: PM_GLOBAL_PARAMS

The new Global Parameter called PM_EXPIRED_PASSWORD must be added to the PM_GLOBAL_PARAMS table to define the password change interval. Once this parameter has been set the mandatory password change feature will be turned on. If this parameter is not added as a global parameter then passwords will never expire.

 

Global Parameter

PM_EXPIRED_PASSWORD

  • Turns the feature on
  • Define password change interval

 

 INSERT expiredPW-user-futureDt.png

 

Table: PM_USER_PARAMS

The new User Parameter, PM_EXPIRED_PASSWORD, is automatically added to the PM_USER_PARAMS table the first time a user’s password expires. When they change their password, the system will look to the PM_EXPIRED_PASSWORD parameter in the PM_GLOBAL_PARAMS table to see the change interval defined and then calculate the new expiration date to add to the user parameter.

User Parameter

PM_EXPIRED_PASSWORD

  • Added when password changed 1st time
  • Date password will expire for user

 

INSERT expiredPW-user-param-editDt.png

 

 

 

 

 

Feature is turned on for ALL users including service accounts.

To prevent service accounts from expiring you need to add the user parameter as soon as the feature is turned on or before it is turned on.

Set the expiration date for a date far in the future…

Prevent repeat password

•New password can’t be same as current password
•Warning message displayed
INSERT PASSWORD SAME IMAGE

Complex Passwords

Enforce complex passwords

•i2b2 Admins define requirements for complexity
•Enforced when users change passwords
•Warning message if don’t meet requirements
•New global parameter
INSERT REQUIREMENTS IMAGE

Global Parameter: PM_COMPLEX_PASSWORD

•Each requirement as an independent variable however they are concatenated and stored as a single “value” in the table.

INSERT TABLE

 

Adding requirements / variables to parameter

•Requirements can be used in any combination.
•If require all, enter the parameter value as:

UPDATE WITH CORRECT STRING

(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[)(;:}{,.><!@#$%^&+=])(?=\S+$).{8,}

•The only required variable is: (?=\S+$).{8,}
–The 8 can be changed to different length

INSERT IMAGE OF PM_COMPLEX_PASSWORD parameter

 

 

 

Query improvements

 

•SQL Query breakdown
–Custom breakdowns based on SQL query
–4 new breakdowns provided as examples
•Temporal Query made simple
–New simple mode available
–Streamlined

 

 

SQL Query Breakdowns

New breakdowns based on SQL Query

•Can now have custom breakdowns based on SQL Query
•Four examples provided with i2b2 demo software
1.Length of stay breakdown
2.Top 20 medications breakdown
3.Top 20 diagnoses breakdown
4.Inpatient and outpatient breakdown

Length of stay breakdown

SQL defined in QT_BREAKDOWN_PATH table

INSERT IMAGE of TABLE

 

SELECT length_of_stay            AS patient_range,
   COUNT(DISTINCT a.PATIENT_num) AS patient_count
FROM visit_dimension a,
   DX b 
WHERE a.patient_num = b.patient_num
GROUP BY a.length_of_stay 
ORDER BY 1

 

•Run a query for all diagnoses
INSERT RUN QUERY DIALOG IMAGE
INSERT QUERY RESULTS IMAGE

 

 

 

Temporal Query made Simple

•Temporal query interface difficult to use
–Hard to comprehend temporality
–Hard to remember population constraint
–Too complicated, difficult to learn
•1.7.10 includes a Simple Temporal Query mode
–Displays ordering of events
–Displays population constraint
–Streamlined features

In-App Tutorial