i2b2 Release 1.7.11

Release Date: March 6, 2019


Release Summary

Release 1.7.11 contains several new enhancements to the i2b2 kernel, many of which improve the usability of the i2b2 WebClient. We have included a new Identified Data Plan for PHI data and have a license model.

Highlight of Features

Installation Note

The 1.7.11 Release Notes apply to you if you are upgrading your existing i2b2 system from an earlier version of the i2b2 software.

Type of InstallWhere you need to go next

Upgrading an existing i2b2 (currently installed at your site)

Please go to the  Upgrade Notes section for the details about upgrading your i2b2 software.

Upgrading your i2b2 in a SHRINE network

Please read the information in the  SHRINE Networks section before proceeding.

Installing a new instance of i2b2. (Never installed it before)

We recommend you refer to the i2b2 Installation Guide found on the i2b2 Community Wiki
The install guide will take you through the entire installation process.


Upgrade Notes

Information about upgrading i2b2 to version 1.7.11 can be found in this section of the release notes.


i2b2 Components

In release 1.7.11 the following i2b2 components contain changes and therefore need to be updated when upgrading your i2b2 environment.

Database Drivers

The JDBC drivers were updated to the following versions.

DriverNew Version
ojdbc8.jarOracle 12.2.0.1
postgresql-42.2.5.jarPostgreSQL 42.2.5
mssql-jdbc-7.0.0.jre8.jarMS Sql Server 7.0.0


Upgrade Paths

The i2b2 now provides two options for upgrading your i2b2 server.

  1. Continue to download the source code provided in the zip file released on www.i2b2.org/software
  2. Install the precompiled JAR files onto your existing i2b2 server to upgrade it to 1.7.11.

Both are acceptable paths to upgrade your i2b2 server and depending on which you choose will determine where you need to go to obtain the appropriate files. The location of the upgrade files for each component is outlined below.

Upgrade Software

DescriptionWhere to find itRequirements
Upgrade i2b2 database to 1.7.11

Software page (i2b2 Website)

Download i2b2createdb-1711.zip file under Source Code
Upgrade i2b2 Web Client to 1.7.11

Software page (i2b2 Website)

Download i2b2webclient-1711.zip file under Source Code
Upgrade i2b2 Server to 1.7.11 (Source Code)

Software page (i2b2 Website)

Download i2b2core-src-1711.zip file under Source Code
Upgrade i2b2 Server to 1.7.11 (JAR files) Upgrade to latest version page (Community Wiki) See Technical Details section on the i2b2 Upgrades page and upgrade documentation on Upgrade to latest version page.


Database Changes

Release 1.7.11 involves a few changes to the i2b2 Database. Some are simple an addition to the sample data that is included in the demo data that is delivered with the software while others are changes to the database structure to support new features that are included in 1.7.11

Crcdata Tables

QT_PRIVILEGE

Metadata Taables

TABLE_ACCESS


Change Summary - Release 1.7.11

Did you know?


i2b2 Kernel (Core Software)

New Features and Improvements

Bug Fixes

Feature Details - Release 1.7.11

New Feature: Role-based Ontology Protection

The top-level categories/folders in your ontology can now be optionally protected by one or more i2b2 roles (e.g. DATA_LDS, DATA_PROT, etc.) This feature allows the administrator to define one or more roles for an individual root folder in the ontology, and users without one of these roles will not be able to see the ontology item or use any of the terms in this folder.

To use this new feature and protect a root level folder, follow these steps:

  1. In your TABLE_ACCESS table in your ontology database, set C_PROTECTED_ACCESS to 'Y' for the root level folder you would like to protect.
  2. There is a new column in TABLE_ACCESS called C_ONTOLOGY_PROTECTION. This is where you can define one or more roles in a comma-separated list (e.g. DATA_LDS,DATA_PROT)

Example:

If you wanted to create a root level folder in your ontology called "PHI Demonstration" and only wanted users with the DATA_PROT role to be able to see it, you would make the following changes to your TABLE_ACCESS table:

C_TABLE_CDC_TABLE_NAMEC_PROTECTED_ACCESSC_HLEVELC_FULLNAMEC_NAME...C_ONTOLOGY_PROTECTION
i2b2_DEMOi2b2N1\i2b2\DemographicsDemographics...null
i2b2_DIAGi2b2N1\i2b2\Diagnoses\Diagnoses...null
i2b2_LABSi2b2N1\i2b2\Labtests\Laboratory Tests...null
........................
i2b2_PHIi2b2phiY1\i2b2\PHI\PHI Demonstration...DATA_PROT

New Feature: Workplace Folder drag and drop

Now you can drag a workplace folder to the query tool, the folder can contain sub folders.   All the concepts, previous queries, and individual patients will be displayed in the panel.


Below is the workplace with combination of available items

                    

After the drag and drop to the query panel the list of all the items are displayed


New Feature: Individual Patient drag and drop from Previous Query Panel

Once a patient set is created, that patient can be dragged and dropped to the Query Tool Panel

Below is a patient set with 2 patients

After drag and drop of the individual patient to the query tool panel

New Feature: Previous Queries Upgrade in Web Client

The Previous Queries panel in the web client has been upgraded to accommodate three new options.

New Feature: Support for WildFly 14

The i2b2 software now officially supports WildFly 14. The primary advantages are the faster install/upgrade of i2b2 as a pre-packaged collection (WAR) and managed data source connections/pooling.

New Feature: Inter-CELL SSL Setup

Create server and client certificates (Wildfly 10 & 14)

The keytool utility stores the keys and certificates in a file termed as keystore, a repository of certificates used for identifying a client or a server. Typically, a keystore contains one client or one server's identity, which are protected by using a password.

Create a Self Signed Certificate

You can create a certificate for your server using the following command:

1

$ keytool -genkey -keyalg RSA -keystore server.keystore -storepass secret -keypass secret -validity 365  -dname "cn=Partners Healtbcare,o=Partners,c=US"

Now let's copy this keystore into the configuration folder of the application server:

1

$ cp server.keystore $JBOSS_HOME/standalone/configuration

Now export the server certificate in a file called server.crt:

1


$ keytool -exportcert -keystore server.keystore -storepass secret -keypass secret -file server.crt

Certificate stored in file <server.crt>

Now import the cert into the CA for the Java JRE:

1

$ keytool -import -alias i2b2server -keystore  /usr/java/latest/jre/lib/security/cacerts -file server.crt


The password might be changeit


In /opt/{wildfly} in bin run add-user.sh to create user and select (a) management user


Wildfly 10 Setup

In Wildfly 10 run jboss-cli.sh


Connect to the server

1

connect

Start by creating a Security Realm which will contain the keystore and trustore references

1

/core-service=management/security-realm=SSLRealm:add

Next, for one-way SSL, set the path to the keystore, along with the keystore path and password:

1

/core-service=management/security-realm=SSLRealm/server-identity=ssl:adJavathe2d(keystore-path="server.keystore", keystore-relative-to="jboss.server.config.dir", keystore-password="secret")

Finally, set the value of Undertow's https listener to your Security Realm:

1

/subsystem=undertow/server=default-server/https-listener=default-https:write-attribute(name=security-realm,value=SSLRealm)

If the above fails edit the standalone.xml and add right after http-listener


                <https-listener name="default-https" security-realm="SSLRealm" socket-binding="https"/>


Wildfly 14 Setup

In Wildfly 14 run jboss.cli.sh


Connect to the server

1

connect

Finally, set the value of Undertow's https listener to your Security Realm:

1

/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=security-realm,value=ApplicationRealm)



 Both Wildfly 10 and 14

Add the following to the axis2.xml file right after the   <transportReceiver name="http"

               

   <transportReceiver name="https"

                       class="org.apache.axis2.transport.http.AxisServletListener"/>

Change the crc.properties, ontology.properties and workplace.properties files to point to the https://localhost:8443

Database Changes

Change all the pm_cell_data within the PM Database to https://localhost:8443

After all the cells have been updated it should look like below.


Webclient Changes

Webclient, if using self-signed cert add the following to the index.php

        curl_setopt($proxyRequest, CURLOPT_SSL_VERIFYHOST, 0);

        curl_setopt($proxyRequest, CURLOPT_SSL_VERIFYPEER, 0);


Also into the index.php add the new url to the whitelist such as:

     

$WHITELIST = array(

        "http" . (($_SERVER['SERVER_PORT'] == '443') ? 's' : '' ) . "://" . $_SERVER['HTTP_HOST'],

        "http://services.i2b2.org",

        "http://127.0.0.1:9090",

        "http://127.0.0.1:8080",

        "http://127.0.0.1",

        "http://localhost:8080",

        "http://localhost:9090",

        "https://localhost:8443",

        "http://localhost"

);


Updated: i2b2 License

The i2b2 software is now made available under the terms of the Mozilla Public License (MPL) version 2.0. i2b2 is also distributed under the terms of the Healthcare Disclaimer addendum.